Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.hackgate.io/llms.txt

Use this file to discover all available pages before exploring further.

Scope items (called Project Items in the API) define the specific targets within a project. Each scope item represents one testable asset — such as a web application URL, API endpoint, or IP address range — along with its type and access requirements.

Create a scope item

The required fields are name and projectId. 
curl -X POST https://admin.hackgate.io/api/projects/createProjectItem \
  -H "Authorization: Bearer <your-token>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Customer Portal API",
    "projectId": "proj-abc123"
  }'
Response: 
{
  "id": "item-xyz789",
  "orgId": "org-xyz",
  "name": "Customer Portal API",
  "projectId": "proj-abc123",
  "creationDate": "2024-01-10T09:00:00Z"
}

Update a scope item

Use PUT to update scope item details. Include all fields in the body. 
curl -X PUT https://admin.hackgate.io/api/projects/updateProjectItem \
  -H "Authorization: Bearer <your-token>" \
  -H "Content-Type: application/json" \
  -d '{
    "id": "item-xyz789",
    "orgId": "org-xyz",
    "name": "Customer Portal API",
    "projectId": "proj-abc123",
    "type": "api",
    "location": "https://api.example.com/v1",
    "accessType": "authenticated"
  }'

Scope item fields reference

FieldTypeDescription
namestringName of the target (required).
projectIdstringID of the parent project (required).
typestringAsset type (e.g. "web", "api", "mobile", "network").
locationstringURL, IP, or range of the target.
accessTypestringWhether the target requires authentication.

List scope items

curl https://admin.hackgate.io/api/projects/getProjectItems \
  -H "Authorization: Bearer <your-token>"
Returns all scope items across all projects for your organization. To get a single scope item: 
curl https://admin.hackgate.io/api/projects/getProjectItem/<item-id> \
  -H "Authorization: Bearer <your-token>"
Scope items are informational — they help your team track what’s in scope but do not automatically enforce access restrictions. Use block rules on your HackGATE to technically enforce scope boundaries.
Last modified on May 9, 2026