Use these endpoints to retrieve your organization’s HackGATE projects — the top-level containers that group sites, schedule engagements, and track vendors and owners for a security program. The list endpoint returns all projects visible to your organization; the by-ID endpoint returns a single project when you already know its identifier.
List all projects
GET https://api-admin.hackgate.io/api/projects
Request
No query parameters or request body required.
Response
Returns a JSON array of project objects.
Unique identifier for the project.
The organization that owns the project.
Human-readable project name.
Optional description of the project’s scope or purpose.
Free-text internal notes associated with the project.
ISO 8601 date-time when the engagement is scheduled to start.
ISO 8601 date-time when the engagement is scheduled to end.
ISO 8601 date-time when the project record was created.
Identifier of the user who created the project.
Access model for the engagement (for example, authenticated or unauthenticated).
Geographic or network location context for the project.
Person or team responsible for the project.
ISO 8601 date-time by which the final report is due.
ISO 8601 date-time when the retesting window closes.
ISO 8601 date-time when retesting begins.
Engagement type, such as pentest or bug-bounty.
Security vendor or testing firm assigned to the project.
Whether a retesting cycle is required after the initial engagement.
Example
curl https://api-admin.hackgate.io/api/projects \
-H "Authorization: Bearer <token>"
[
{
"id": "proj_abc123",
"orgId": "org_xyz",
"name": "Q3 Web Application Pentest",
"description": "Full-scope penetration test of the customer portal.",
"note": "Review scope document before launch.",
"launchDate": "2025-07-01T09:00:00Z",
"endDate": "2025-07-14T17:00:00Z",
"creationDate": "2025-06-15T12:00:00Z",
"createdBy": "user_123",
"accessType": "authenticated",
"location": "US-East",
"owner": "security@example.com",
"reportDeadline": "2025-07-21T17:00:00Z",
"retestingEnd": "2025-08-04T17:00:00Z",
"retestingLaunch": "2025-07-28T09:00:00Z",
"type": "pentest",
"vendor": "AcmeSec",
"isRetestNeeded": true
}
]
Get a project by ID
GET https://api-admin.hackgate.io/api/projects/{id}
id. Returns 404 if the project does not exist or belongs to a different organization.
Path parameters
The unique identifier of the project to retrieve.
Response
Returns a single project object with the same fields as the list response above.
Example
curl https://api-admin.hackgate.io/api/projects/proj_abc123 \
-H "Authorization: Bearer <token>"
{
"id": "proj_abc123",
"orgId": "org_xyz",
"name": "Q3 Web Application Pentest",
"description": "Full-scope penetration test of the customer portal.",
"note": "Review scope document before launch.",
"launchDate": "2025-07-01T09:00:00Z",
"endDate": "2025-07-14T17:00:00Z",
"creationDate": "2025-06-15T12:00:00Z",
"createdBy": "user_123",
"accessType": "authenticated",
"location": "US-East",
"owner": "security@example.com",
"reportDeadline": "2025-07-21T17:00:00Z",
"retestingEnd": "2025-08-04T17:00:00Z",
"retestingLaunch": "2025-07-28T09:00:00Z",
"type": "pentest",
"vendor": "AcmeSec",
"isRetestNeeded": true
}
List project items
GET https://api-admin.hackgate.io/api/projects/getProjectItems
Response
Unique identifier for the project item.
The organization that owns the item.
The project this item belongs to.
Name of the item (typically a site name or URL).
ISO 8601 date-time when the item was created.
Identifier of the user who created the item.
Access model for this item.
Geographic or network location for the item.
Item type (for example, web, api, mobile).
Example
curl https://api-admin.hackgate.io/api/projects/getProjectItems \
-H "Authorization: Bearer <token>"
Get a project item by ID
GET https://api-admin.hackgate.io/api/projects/getProjectItem/{id}
id.
Path parameters
The unique identifier of the project item to retrieve.
Example
curl https://api-admin.hackgate.io/api/projects/getProjectItem/item_456 \
-H "Authorization: Bearer <token>"
