# HackGATE

## Docs

- [Enforce scope boundaries with HackGATE block rules](https://docs.hackgate.io/access-control/block-rules.md): Define path-level block rules on a HackGATE to return specific HTTP status codes for out-of-scope paths, keeping researcher testing within your defined scope.
- [Control researcher access using HackGATE allowlists](https://docs.hackgate.io/access-control/hacker-list.md): Switch your HackGATE between open access and a custom allowlist, then add or remove individual researcher email addresses to control who can connect.
- [Limit researcher request rates on a HackGATE proxy](https://docs.hackgate.io/access-control/rate-limiting.md): Protect your application during testing by assigning a named rate limiter policy to a HackGATE, capping how many requests researchers can make per second.
- [Manage billing details for your HackGATE organization](https://docs.hackgate.io/account/billing.md): Keep your HackGATE billing information current so Hackrate can issue correct invoices — update your business name, VAT number, address, and billing email.
- [HackGATE organizations: credits, teams, and API access](https://docs.hackgate.io/account/organization.md): View your organization's credit balance, manage team members, and understand how API authentication is scoped to your organization in HackGATE.
- [Measure API endpoint coverage during security testing](https://docs.hackgate.io/analytics/api-coverage.md): Upload your OpenAPI schema to HackGATE and get a per-endpoint coverage report showing which paths researchers tested and which remain untouched.
- [Run automated PIE security checks on recorded traffic](https://docs.hackgate.io/analytics/pie-checks.md): Use PIE checks to passively detect attack patterns — path traversal, SQL injection, Log4Shell — in your HackGATE's traffic logs without active scanning.
- [Query researcher traffic data from your HackGATE proxy](https://docs.hackgate.io/analytics/traffic.md): Access historical traffic data for a HackGATE: total request counts, most active researchers, discovered paths, hourly timelines, and monthly usage stats.
- [Analyze WAF events and attack patterns in HackGATE](https://docs.hackgate.io/analytics/waf.md): Query HackGATE's WAF data to see which attack types were triggered during testing — SQL injection, XSS, LFI, RCE — plus rule messages and attack timelines.
- [Get apiaccountcurrentuser](https://docs.hackgate.io/api-reference/account/get-apiaccountcurrentuser.md)
- [Get apiaccountgetprofiledetails](https://docs.hackgate.io/api-reference/account/get-apiaccountgetprofiledetails.md)
- [Get apianalyticsextractapiroutesfromdefinition](https://docs.hackgate.io/api-reference/analytics/get-apianalyticsextractapiroutesfromdefinition.md)
- [Get apianalyticsgetapicoverage](https://docs.hackgate.io/api-reference/analytics/get-apianalyticsgetapicoverage.md)
- [Get apianalyticsgetmostactiveusers](https://docs.hackgate.io/api-reference/analytics/get-apianalyticsgetmostactiveusers.md)
- [Get apianalyticsgetpathdiscovery](https://docs.hackgate.io/api-reference/analytics/get-apianalyticsgetpathdiscovery.md)
- [Get apianalyticsgettotalrequest](https://docs.hackgate.io/api-reference/analytics/get-apianalyticsgettotalrequest.md)
- [Get apianalyticsgettraffictable](https://docs.hackgate.io/api-reference/analytics/get-apianalyticsgettraffictable.md)
- [Get apianalyticsgettraffictimeline](https://docs.hackgate.io/api-reference/analytics/get-apianalyticsgettraffictimeline.md)
- [Get apianalyticsgetwafattacktypes](https://docs.hackgate.io/api-reference/analytics/get-apianalyticsgetwafattacktypes.md)
- [Get apianalyticsgetwafmessages](https://docs.hackgate.io/api-reference/analytics/get-apianalyticsgetwafmessages.md)
- [Get apianalyticsgetwafrulestimeline](https://docs.hackgate.io/api-reference/analytics/get-apianalyticsgetwafrulestimeline.md)
- [Get apianalyticsgetwafsummaryrulestimeline](https://docs.hackgate.io/api-reference/analytics/get-apianalyticsgetwafsummaryrulestimeline.md)
- [Post apianalyticsgetsummarytimeline](https://docs.hackgate.io/api-reference/analytics/post-apianalyticsgetsummarytimeline.md)
- [Post apianalyticsgetsummarytraffictable](https://docs.hackgate.io/api-reference/analytics/post-apianalyticsgetsummarytraffictable.md)
- [Get apibilling](https://docs.hackgate.io/api-reference/billing/get-apibilling.md)
- [Post apibilling](https://docs.hackgate.io/api-reference/billing/post-apibilling.md)
- [Get apiorganization](https://docs.hackgate.io/api-reference/organization/get-apiorganization.md)
- [Get apipiegetchecks](https://docs.hackgate.io/api-reference/pie/get-apipiegetchecks.md)
- [Post apipieruncheck](https://docs.hackgate.io/api-reference/pie/post-apipieruncheck.md)
- [Get apiprojects](https://docs.hackgate.io/api-reference/projects/get-apiprojects.md)
- [Get apiprojects 1](https://docs.hackgate.io/api-reference/projects/get-apiprojects-1.md)
- [Get apiprojectsgetprojectitem](https://docs.hackgate.io/api-reference/projects/get-apiprojectsgetprojectitem.md)
- [Get apiprojectsgetprojectitems](https://docs.hackgate.io/api-reference/projects/get-apiprojectsgetprojectitems.md)
- [Post apiprojects](https://docs.hackgate.io/api-reference/projects/post-apiprojects.md)
- [Post apiprojectscreateprojectitem](https://docs.hackgate.io/api-reference/projects/post-apiprojectscreateprojectitem.md)
- [Put apiprojects](https://docs.hackgate.io/api-reference/projects/put-apiprojects.md)
- [Put apiprojectsupdateprojectitem](https://docs.hackgate.io/api-reference/projects/put-apiprojectsupdateprojectitem.md)
- [Get apisites](https://docs.hackgate.io/api-reference/sites/get-apisites.md)
- [Get apisites 1](https://docs.hackgate.io/api-reference/sites/get-apisites-1.md)
- [Get apisites blocklist](https://docs.hackgate.io/api-reference/sites/get-apisites-blocklist.md)
- [Get apisitesdeploy](https://docs.hackgate.io/api-reference/sites/get-apisitesdeploy.md)
- [Get apisitesdisable](https://docs.hackgate.io/api-reference/sites/get-apisitesdisable.md)
- [Get apisitesenable](https://docs.hackgate.io/api-reference/sites/get-apisitesenable.md)
- [Get apisitesfilters](https://docs.hackgate.io/api-reference/sites/get-apisitesfilters.md)
- [Get apisitesgetapidefinition](https://docs.hackgate.io/api-reference/sites/get-apisitesgetapidefinition.md)
- [Get apisitesgethackers](https://docs.hackgate.io/api-reference/sites/get-apisitesgethackers.md)
- [Get apisitesgetlog](https://docs.hackgate.io/api-reference/sites/get-apisitesgetlog.md)
- [Get apisitesgetusagebymonth](https://docs.hackgate.io/api-reference/sites/get-apisitesgetusagebymonth.md)
- [Get apisitestest](https://docs.hackgate.io/api-reference/sites/get-apisitestest.md)
- [Get apisitesvalidatehacker](https://docs.hackgate.io/api-reference/sites/get-apisitesvalidatehacker.md)
- [Post apisites](https://docs.hackgate.io/api-reference/sites/post-apisites.md)
- [Post apisitesaddhacker](https://docs.hackgate.io/api-reference/sites/post-apisitesaddhacker.md)
- [Post apisitesallowedhackertype](https://docs.hackgate.io/api-reference/sites/post-apisitesallowedhackertype.md)
- [Post apisitesblocklist](https://docs.hackgate.io/api-reference/sites/post-apisitesblocklist.md)
- [Post apisitescredentials](https://docs.hackgate.io/api-reference/sites/post-apisitescredentials.md)
- [Post apisitesinstructions](https://docs.hackgate.io/api-reference/sites/post-apisitesinstructions.md)
- [Post apisitesremovehacker](https://docs.hackgate.io/api-reference/sites/post-apisitesremovehacker.md)
- [Post apisitessetratelimiting](https://docs.hackgate.io/api-reference/sites/post-apisitessetratelimiting.md)
- [Post apisitesstart](https://docs.hackgate.io/api-reference/sites/post-apisitesstart.md)
- [Post apisitesstop](https://docs.hackgate.io/api-reference/sites/post-apisitesstop.md)
- [Post apisitesuploadopenapischema](https://docs.hackgate.io/api-reference/sites/post-apisitesuploadopenapischema.md)
- [HackGATE concepts: organizations, proxies, and scope](https://docs.hackgate.io/concepts.md): Understand the key concepts in HackGATE — organizations, HackGATEs, projects, scope items, hacker lists, PIE checks, and how they all fit together.
- [Provision a HackGATE proxy for your web application](https://docs.hackgate.io/hackgates/create.md): Step-by-step guide to creating a new HackGATE, sharing the proxy URL with researchers, and configuring testing instructions and credentials.
- [Manually enable or disable a HackGATE proxy anytime](https://docs.hackgate.io/hackgates/enable-disable.md): Manually activate or deactivate a HackGATE proxy at any time to pause or resume researcher access without removing the proxy configuration.
- [HackGATEs: managed reverse proxies for security testing](https://docs.hackgate.io/hackgates/overview.md): A HackGATE is a managed reverse proxy that sits in front of your app, giving researchers a controlled and monitored entry point during security testing.
- [Schedule automatic start and stop times for a HackGATE](https://docs.hackgate.io/hackgates/scheduling.md): Set future start and stop times on a HackGATE so testing sessions run automatically within your approved engagement windows without manual intervention.
- [What is HackGATE? Secure proxy for security testing](https://docs.hackgate.io/introduction.md): HackGATE is a managed security proxy gateway by Hackrate that gives organizations full control over researcher access, scope, and traffic monitoring.
- [Create and update a security testing project in HackGATE](https://docs.hackgate.io/projects/create.md): Create a HackGATE project to track a pentest or bug bounty with timeline, ownership, and retesting metadata. Update fields via PUT as the engagement progresses.
- [HackGATE projects: organize your testing engagements](https://docs.hackgate.io/projects/overview.md): Use HackGATE projects to group security testing engagements with scope items, timelines, ownership details, and retesting requirements in one place.
- [Add scope items to define what researchers can test](https://docs.hackgate.io/projects/scope-items.md): Attach scope items to a HackGATE project to document which assets — web apps, APIs, or IP ranges — are authorized targets for the testing engagement.
- [Quick start guide: deploy your first HackGATE proxy](https://docs.hackgate.io/quickstart.md): Create your first HackGATE, configure researcher access, and start monitoring security testing traffic in under 10 minutes with this step-by-step guide.

## OpenAPI Specs

- [swagger](https://api-admin.hackgate.io/swagger/v1/swagger.json)