Documentation Index
Fetch the complete documentation index at: https://docs.hackgate.io/llms.txt
Use this file to discover all available pages before exploring further.
HackGATE gives you two modes for controlling researcher access: open access (any authenticated researcher can connect) or a custom allowlist (only specific email addresses you approve). You can switch between modes and manage the allowlist at any time.
Access modes
Open access
Custom allowlist
In open access mode, any authenticated HackGATE researcher can access your proxy. This is the default mode.To enable open access, set allowedHackerType to false:curl -X POST https://admin.hackgate.io/api/sites/allowedHackerType \
-H "Authorization: Bearer <your-token>" \
-H "Content-Type: application/json" \
-d '{"id": "<site-id>", "allowedHackerType": false}'
In custom allowlist mode, only researchers whose email addresses appear on your allowlist can access the proxy.Enable custom allowlist mode by setting allowedHackerType to true:curl -X POST https://admin.hackgate.io/api/sites/allowedHackerType \
-H "Authorization: Bearer <your-token>" \
-H "Content-Type: application/json" \
-d '{"id": "<site-id>", "allowedHackerType": true}'
Managing your allowlist
List approved researchers
Retrieve all researchers currently on the allowlist for a site:
curl https://admin.hackgate.io/api/sites/getHackers/<site-id> \
-H "Authorization: Bearer <your-token>"
[
{ "id": "abc123", "email": "researcher@example.com", "siteId": "<site-id>" }
]
Add a researcher
Add a researcher’s email address to the allowlist:
curl -X POST https://admin.hackgate.io/api/sites/addHacker \
-H "Authorization: Bearer <your-token>" \
-H "Content-Type: application/json" \
-d '{"siteId": "<site-id>", "email": "researcher@example.com"}'
Remove a researcher
Remove a researcher from the allowlist using the id from the allowlist entry:
curl -X POST https://admin.hackgate.io/api/sites/removeHacker \
-H "Authorization: Bearer <your-token>" \
-H "Content-Type: application/json" \
-d '{"id": "<hacker-list-entry-id>", "siteId": "<site-id>", "email": "researcher@example.com"}'
Use the id returned in the allowlist response — this is the allowlist entry ID, not the researcher’s user ID.
Common errors
| Error | Cause |
|---|
| ”Hacker already exist” | The email is already on the allowlist. |
The allowedHackerType field corresponds to hasCustomList in the site object. Setting it to true enables the custom allowlist.
