Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.hackgate.io/llms.txt

Use this file to discover all available pages before exploring further.

Creating a HackGATE provisions a dedicated reverse proxy for your web application. Once deployed, researchers access your app through the *.hackgate.net URL while HackGATE logs all their traffic and enforces your access rules.
You must have an organization before creating a HackGATE. The origin URL must be a valid FQDN with protocol (e.g. https://www.example.com). Query parameters (? and =) are not allowed in the origin URL.
1

Provide your origin URL

Send a POST request to /api/sites with your application’s origin URL.
curl -X POST https://admin.hackgate.io/api/sites \
  -H "Authorization: Bearer <your-token>" \
  -H "Content-Type: application/json" \
  -d '{"originName": "https://www.example.com"}'
The response includes the hackgatedName — the proxy URL you will share with researchers.
{
  "id": "a1b2c3d4-...",
  "originName": "https://www.example.com",
  "hackgatedName": "example-yourorg.hackgate.net",
  "isActive": true,
  "isDeploymentProgress": false,
  "creationdDate": "2024-01-15T10:30:00Z",
  "hasCustomList": false
}
Deployment typically completes within a few minutes. You will receive an email when your HackGATE is live.
2

Share the HackGATEd URL with researchers

The hackgatedName field in the response is the URL researchers use to access your application — for example, example-yourorg.hackgate.net.Do not share your originName with researchers. The origin URL should remain confidential.
3

Add instructions for researchers (optional)

Use the /api/sites/instructions endpoint to provide testing guidance that researchers will see when they access your HackGATE.
curl -X POST https://admin.hackgate.io/api/sites/instructions \
  -H "Authorization: Bearer <your-token>" \
  -H "Content-Type: application/json" \
  -d '{
    "id": "a1b2c3d4-...",
    "instructions": "Please test only endpoints under /api/v1. Do not test /admin."
  }'
4

Add test credentials (optional)

Use the /api/sites/credentials endpoint to supply test account credentials to researchers directly through the platform.
curl -X POST https://admin.hackgate.io/api/sites/credentials \
  -H "Authorization: Bearer <your-token>" \
  -H "Content-Type: application/json" \
  -d '{
    "id": "a1b2c3d4-...",
    "credentials": "username: testuser\npassword: TestPass123"
  }'
Each origin URL can only have one active HackGATE. Attempting to create a duplicate returns the error: "This website has already a Hackgated site".
If your origin uses a custom port (e.g. https://example.com:8080), contact support@hckrt.com.
Last modified on May 9, 2026