Skip to main content
Creates a new HackGATE site and begins provisioning the reverse proxy infrastructure. HackGATE derives the hackgatedName subdomain from your origin URL and organization slug automatically.

Request

POST https://api-admin.hackgate.io/api/sites

Headers

Authorization
string
required
Bearer token. Example: Bearer <token>
Content-Type
string
required
Must be application/json.

Body

originName
string
required
The origin URL to proxy. Must be a full FQDN including scheme (e.g. https://www.example.com). The following are not accepted:
  • URLs with query strings (?key=value)
  • URLs with non-standard ports
  • Origins already registered under another site (duplicates are rejected)

Validation errors

ConditionStatustitle
originName is missing or empty400Validation error message
Origin URL is not a valid FQDN400Validation error message
Origin URL is already registered400Duplicate origin error message
URL contains a query string or non-standard port400Validation error message

Response

Returns the newly created site object.
id
string
required
Unique identifier for the site (UUID). Use this in all subsequent API calls.
originName
string
required
The origin URL you provided.
hackgatedName
string
required
The hackgate.io subdomain provisioned for this site (e.g. www-myorg.hackgate.io).
isActive
boolean
required
Initial active state of the site after creation.
orgId
string
required
Organization ID that owns this site.
cretedByUserId
string
required
User ID of the account that created the site.
creationdDate
string
required
ISO 8601 timestamp of when the site was created.
isDeploymentProgress
boolean
required
true while proxy infrastructure is being provisioned. Deployment takes approximately 4 minutes. You cannot enable or disable the site until this is false.
hasCustomList
boolean
required
Whether a custom researcher allowlist is enabled. false immediately after creation.
startDate
string
Scheduled start date. null immediately after creation.
stopDate
string
Scheduled stop date. null immediately after creation.
credentials
string
Test credentials for researchers. null immediately after creation.
instructions
string
Testing instructions for researchers. null immediately after creation.
rateLimit
string
Rate limiting rule. null immediately after creation.
blockList
string
JSON-encoded block rules. null immediately after creation.
After creation, isDeploymentProgress is true while HackGATE provisions the proxy. All organization members receive an email when creation starts and a second email when the site is live (~4 minutes later).

Example

curl -X POST https://api-admin.hackgate.io/api/sites \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{"originName": "https://www.example.com"}'

{
  "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "originName": "https://www.example.com",
  "hackgatedName": "www-myorg.hackgate.io",
  "isActive": true,
  "orgId": "org-uuid",
  "cretedByUserId": "user-uuid",
  "creationdDate": "2024-06-01T10:00:00Z",
  "hasCustomList": false,
  "isDeploymentProgress": true,
  "startDate": null,
  "stopDate": null,
  "credentials": null,
  "instructions": null,
  "rateLimit": null,
  "blockList": null
}