Base URL
/api/[resource].
Request and response format
All requests and responses use JSON. Set theContent-Type header on requests that include a body:
Authentication
Every request must include a valid Bearer token in theAuthorization header:
401. See Authentication for the two supported token types and how to obtain them.
Interactive explorer
You can explore and test all API endpoints interactively using the Swagger UI: https://api-admin.hackgate.io/swagger The explorer lets you authenticate with your token and send live requests directly from your browser.HTTP status codes
| Status | Meaning |
|---|---|
200 OK | Request succeeded. |
201 Created | Resource was created successfully. |
400 Bad Request | Invalid input. The response body includes a title field with a description of the error. |
401 Unauthorized | Token is missing, invalid, expired, or does not carry an org context. |
404 Not Found | Resource does not exist or belongs to a different organization. |
500 Internal Server Error | Unexpected server error. |
Error response shape
Error responses include atitle field with a human-readable message and a status field matching the HTTP status code:
title field to diagnose validation errors and the status field to handle errors programmatically.
Explore the API
List sites
Retrieve all HackGATE sites in your organization.
List projects
Retrieve all projects in your organization.
Traffic analytics
Query traffic events and request timelines for your sites.
WAF analytics
Query Web Application Firewall events for your sites.
Account
Retrieve and manage your account details.
Billing
Access billing information for your organization.