API Reference

Programmatic access to the **HITL** engine via REST/GraphQL.

Authentication

All API requests must include the `Authorization` header with a valid API Key.

Authorization: Bearer hitl_sk_live_...

Endpoints

POST/v1/missions

Launch a new offensive mission against a target.

Request Body

{
  "target": "https://api.example.com",
  "profile": "aggressive",
  "scope": {
    "include_subdomains": true,
    "max_depth": 3
  }
}
GET/v1/findings

Retrieve discovered vulnerabilities with filtering.

Query Parameters

  • severity (string): low, medium, high, critical
  • status (string): open, verified, remediated