Skip to main content
Create a new project to define a security engagement — a pentest, bug bounty, or similar program. Projects act as containers that group HackGATE sites, set timelines, assign ownership, and track vendor relationships. Once created, you can attach project items and configure retesting schedules.

Endpoint

POST https://api-admin.hackgate.io/api/projects

Request

Authorization
string
required
Bearer token. See Authentication.
Content-Type
string
required
Must be application/json.

Body parameters

name
string
required
A human-readable name for the project. This appears in the Admin Center and in reports.
description
string
A description of the project’s scope or purpose.
note
string
Free-text internal notes. Not included in reports.
launchDate
string
ISO 8601 date-time when the engagement is scheduled to start (for example, 2025-07-01T09:00:00Z).
endDate
string
ISO 8601 date-time when the engagement is scheduled to end.

Response

Returns the newly created project object with all fields populated, including server-assigned values.
id
string
Unique identifier assigned to the project.
orgId
string
The organization that owns the project.
name
string
The project name you provided.
description
string
The description you provided.
note
string
The internal notes you provided.
launchDate
string
ISO 8601 launch date.
endDate
string
ISO 8601 end date.
creationDate
string
ISO 8601 date-time when the project was created on the server.
createdBy
string
Identifier of the authenticated user who made the request.
accessType
string
Access model. Defaults to null until updated.
location
string
Location context. Defaults to null until updated.
owner
string
Project owner. Defaults to null until updated.
reportDeadline
string
Report deadline. Defaults to null until updated.
retestingEnd
string
Retesting window end. Defaults to null until updated.
retestingLaunch
string
Retesting window start. Defaults to null until updated.
type
string
Engagement type. Defaults to null until updated.
vendor
string
Assigned vendor. Defaults to null until updated.
isRetestNeeded
boolean
Whether retesting is required. Defaults to false until updated.

Example

curl -X POST https://api-admin.hackgate.io/api/projects \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Q3 Web Application Pentest",
    "description": "Full-scope penetration test of the customer portal.",
    "note": "Review scope document before launch.",
    "launchDate": "2025-07-01T09:00:00Z",
    "endDate": "2025-07-14T17:00:00Z"
  }'

{
  "id": "proj_abc123",
  "orgId": "org_xyz",
  "name": "Q3 Web Application Pentest",
  "description": "Full-scope penetration test of the customer portal.",
  "note": "Review scope document before launch.",
  "launchDate": "2025-07-01T09:00:00Z",
  "endDate": "2025-07-14T17:00:00Z",
  "creationDate": "2025-06-15T12:00:00Z",
  "createdBy": "user_123",
  "accessType": null,
  "location": null,
  "owner": null,
  "reportDeadline": null,
  "retestingEnd": null,
  "retestingLaunch": null,
  "type": null,
  "vendor": null,
  "isRetestNeeded": false
}
To set fields such as owner, vendor, type, and retesting dates, use PUT /api/projects after creation.