REST API for the ProjectDiscovery Cloud Platform (PDCP) covering Nuclei templates, scans, vulnerabilities, leaks, asset discovery, configurations, exports, audit logs, and utilities. Authentication uses API keys passed via the X-Api-Key header.
openapi: 3.1.0
info:
title: PDCP API
version: '1.0'
summary: ProjectDiscovery Cloud Platform
description: >-
For more details, checkout
https://docs.projectdiscovery.io/api-reference/editor/scan
servers:
- url: https://api.projectdiscovery.io
description: Production
- url: https://api.dev.projectdiscovery.io
description: Development
- url: http://localhost:8085
description: Localhost
paths:
/v2/template/search:
get:
summary: Search Templates
tags:
- template/v2
parameters:
- schema:
type: string
enum:
- public
- private
- public_private
default: public_private
in: query
name: scope
description: Scope of templates to search (public or private)
- schema:
type: integer
default: 50
in: query
name: limit
description: Maximum number of results to return
- schema:
type: integer
default: 0
in: query
name: offset
description: Number of results to skip for pagination
- schema:
type: string
items:
type: string
in: query
name: fields
description: Specific fields to return in the response
style: form
explode: true
- schema:
type: string
in: query
name: sort_asc
description: Field to sort results in ascending order
- schema:
type: string
in: query
name: sort_desc
description: Field to sort results in descending order
- schema:
type: string
in: query
name: q
description: Search query string
- schema:
type: boolean
default: false
in: query
name: highlight
description: Whether to highlight search matches in results
- schema:
type: integer
default: 5
in: query
name: facet_size
description: Number of facets to return in the response
- schema:
type: string
in: header
name: X-Team-Id
responses:
'200':
description: Successful search response
content:
application/json:
schema:
type: object
required:
- results
- total
- count
- facets
properties:
results:
type: array
items:
$ref: '#/components/schemas/TemplateData'
total:
type: integer
description: Total number of matching results
count:
type: integer
description: Number of results in this response
facets:
$ref: '#/components/schemas/TemplateStats'
message:
type: string
'400':
$ref: '#/components/responses/MessageResponse'
'401':
$ref: '#/components/responses/MessageResponse'
'500':
$ref: '#/components/responses/MessageResponse'
default:
$ref: '#/components/responses/MessageResponse'
security:
- X-API-Key: []
description: Search templates with filtering, sorting, and faceting capabilities
operationId: get-v2-template-search
/v2/template/user/upload:
post:
summary: Upload Templates
tags: []
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
required:
- insert_errors
- total_files
- not_templates
- inserted
- invalid_templates
properties:
insert_errors:
type: integer
total_files:
type: integer
not_templates:
type: integer
inserted:
type: integer
invalid_templates:
type: integer
templates:
type: array
items:
$ref: '#/components/schemas/TemplateData'
validation_errors:
type: array
description: Detailed validation issues detected before upload
items:
$ref: '#/components/schemas/TemplateValidationError'
workflow_rejections:
type: array
description: >-
Templates rejected because workflow files are not
supported
items:
$ref: '#/components/schemas/TemplateWorkflowRejection'
trace_id:
type: string
description: >-
Trace identifier that can be shared with support for
debugging
'400':
$ref: '#/components/responses/MessageResponse'
'401':
$ref: '#/components/responses/MessageResponse'
'404':
$ref: '#/components/responses/MessageResponse'
'500':
$ref: '#/components/responses/MessageResponse'
default:
$ref: '#/components/responses/MessageResponse'
operationId: post-v2-template-user-upload
description: Upload Private/User Templates (Max 10,000)
requestBody:
content:
application/json:
schema:
type: object
required:
- templates
properties:
templates:
type: array
items:
$ref: '#/components/schemas/UploadTemplate'
patch:
summary: Bulk Update User Template
tags: []
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
required:
- success_count
- failure_count
- successful_items
- failed_items
properties:
success_count:
type: integer
failure_count:
type: integer
successful_items:
type: array
items:
$ref: '#/components/schemas/TemplateFileMetadata'
failed_items:
type: array
items:
$ref: '#/components/schemas/FailedTemplateFileMetadataUpdate'
'400':
$ref: '#/components/responses/MessageResponse'
'401':
$ref: '#/components/responses/MessageResponse'
'404':
$ref: '#/components/responses/MessageResponse'
'500':
$ref: '#/components/responses/MessageResponse'
default:
$ref: '#/components/responses/MessageResponse'
operationId: patch-v2-template-user-upload
requestBody:
content:
application/json:
schema:
type: object
required:
- templates
properties:
templates:
type: array
items:
$ref: '#/components/schemas/PatchTemplateFileMetadata'
description: Bulk Updat Private/User Templates (Max 10,000)
/v1/scans:
get:
summary: Get Scan List
tags:
- scans
responses:
'200':
$ref: '#/components/responses/GetScansStatusResponse'
'400':
$ref: '#/components/responses/ErrorResponse'
'401':
$ref: '#/components/responses/ErrorResponse'
'499':
$ref: '#/components/responses/ErrorResponse'
'500':
$ref: '#/components/responses/ErrorResponse'
default:
$ref: '#/components/responses/ErrorResponse'
operationId: get-v1-scans
description: Get user scans status
security:
- X-API-Key: []
parameters:
- schema:
type: integer
in: query
name: offset
description: number of scan-status results to skip
- schema:
type: integer
in: query
name: limit
description: number of scan-status results to fetch
- schema:
type: string
in: query
name: search
description: search term for running scans
- schema:
type: string
in: query
name: status
description: >-
filter by status (failed, finished, queued, running, starting,
uploaded, scheduled)
- schema:
type: string
in: query
name: sort_asc
description: comma separated ascending sorting e.g sort_asc=created_at,severity
- schema:
type: string
in: query
name: sort_desc
description: comma separated descending sorting e.g sort_desc=created_at,severity
- schema:
type: boolean
in: query
name: is_internal
description: filter by internal scans
- schema:
type: string
in: header
description: >-
Retrieve the Team ID from:
https://cloud.projectdiscovery.io/settings/team
name: X-Team-Id
x-internal: false
post:
summary: Create Scan
tags:
- scans
operationId: post-v1-scans
responses:
'200':
$ref: '#/components/responses/TriggerUserScanResponse'
'400':
$ref: '#/components/responses/ErrorResponse'
'401':
$ref: '#/components/responses/ErrorResponse'
'500':
$ref: '#/components/responses/ErrorResponse'
default:
$ref: '#/components/responses/ErrorResponse'
description: Trigger a scan
security:
- X-API-Key: []
requestBody:
$ref: '#/components/requestBodies/TriggerUserScanRequest'
parameters:
- schema:
type: string
in: header
description: >-
Retrieve the Team ID from:
https://cloud.projectdiscovery.io/settings/team
name: X-Team-Id
delete:
summary: Delete Scan in bulk
tags:
- scans
operationId: delete-v1-scans
responses:
'200':
$ref: '#/components/responses/DeleteScansResponse'
'400':
$ref: '#/components/responses/ErrorResponse'
'401':
$ref: '#/components/responses/ErrorResponse'
'500':
$ref: '#/components/responses/ErrorResponse'
default:
$ref: '#/components/responses/ErrorResponse'
requestBody:
content:
application/json:
schema:
type: object
required:
- scan_ids
properties:
scan_ids:
type: array
items:
type: string
description: Delete scans using scan ids
security:
- X-API-Key: []
parameters:
- schema:
type: string
in: header
description: >-
Retrieve the Team ID from:
https://cloud.projectdiscovery.io/settings/team
name: X-Team-Id
/v1/scans/{scan_id}:
parameters:
- schema:
type: string
name: scan_id
in: path
required: true
get:
summary: Get Scan
tags:
- scans
responses:
'200':
$ref: '#/components/responses/GetScanDetailsResponse'
'400':
$ref: '#/components/responses/ErrorResponse'
'401':
$ref: '#/components/responses/ErrorResponse'
'404':
$ref: '#/components/responses/ErrorResponse'
'499':
$ref: '#/components/responses/ErrorResponse'
'500':
$ref: '#/components/responses/ErrorResponse'
default:
$ref: '#/components/responses/ErrorResponse'
operationId: get-v1-scans-scan_id
description: Get details of a scan by scan ID
security:
- X-API-Key: []
parameters:
- schema:
type: string
in: header
description: >-
Retrieve the Team ID from:
https://cloud.projectdiscovery.io/settings/team
name: X-Team-Id
delete:
summary: Delete Scan
tags:
- scans
operationId: delete-v1-scans-scan_id
responses:
'200':
$ref: '#/components/responses/DeleteScansResponse'
'400':
$ref: '#/components/responses/ErrorResponse'
'401':
$ref: '#/components/responses/ErrorResponse'
'500':
$ref: '#/components/responses/ErrorResponse'
default:
$ref: '#/components/responses/ErrorResponse'
description: Delete a scan using scanId
security:
- X-API-Key: []
parameters:
- schema:
type: string
in: header
name: X-Team-Id
description: >-
Retrieve the Team ID from:
https://cloud.projectdiscovery.io/settings/team
patch:
summary: Update Scan
tags:
- scans
operationId: patch-v1-scans-scan_id
responses:
'200':
$ref: '#/components/responses/MessageResponse'
'400':
$ref: '#/components/responses/ErrorResponse'
'401':
$ref: '#/components/responses/ErrorResponse'
'500':
$ref: '#/components/responses/ErrorResponse'
default:
$ref: '#/components/responses/ErrorResponse'
description: Update scan metadata
security:
- X-API-Key: []
requestBody:
$ref: '#/components/requestBodies/UpdateScanRequest'
parameters:
- schema:
type: string
in: header
name: X-Team-Id
description: >-
Retrieve the Team ID from:
https://cloud.projectdiscovery.io/settings/team
/v1/scans/import:
post:
summary: Import OSS Scan
tags:
- scans
operationId: post-v1-scans-import
responses:
'200':
$ref: '#/components/responses/ImportScanResponse'
'400':
$ref: '#/components/responses/ErrorResponse'
'401':
$ref: '#/components/responses/ErrorResponse'
'500':
$ref: '#/components/responses/ErrorResponse'
default:
$ref: '#/components/responses/ErrorResponse'
description: Import scan details
security:
- X-API-Key: []
requestBody:
content:
application/octet-stream:
schema:
type: string
format: binary
parameters:
- schema:
type: string
in: query
name: name
- schema:
type: string
in: header
description: >-
Retrieve the Team ID from:
https://cloud.projectdiscovery.io/settings/team
name: X-Team-Id
/v1/admin/user/search:
get:
summary: Search user by name or email
tags:
- internal
responses:
'200':
description: OK
content:
application/octet-stream:
schema:
type: string
format: byte
'400':
$ref: '#/components/responses/MessageResponse'
'401':
$ref: '#/components/responses/MessageResponse'
'500':
$ref: '#/components/responses/MessageResponse'
default:
$ref: '#/components/responses/ErrorResponse'
operationId: get-v1-admin-user-search
x-internal: true
parameters:
- schema:
type: string
in: query
name: q
description: name or email filter
- schema:
type: string
enum:
- TRIAL
- ENT_TRIAL
- PRO
- ENT
- FREE
- VERIFIED_FREE
- GROWTH
in: query
name: plan
description: plan filter
- schema:
type: integer
in: query
name: offset
description: offset for pagination
- schema:
type: integer
in: query
name: limit
description: limit for pagination
- schema:
type: string
in: header
description: >-
Retrieve the Team ID from:
https://cloud.projectdiscovery.io/settings/team
name: X-Team-Id
/v1/admin/user/billing_assets:
get:
summary: Get billing assets for a user
tags:
- internal
responses:
'200':
description: OK
content:
application/octet-stream:
schema:
type: string
format: byte
'400':
$ref: '#/components/responses/MessageResponse'
'401':
$ref: '#/components/responses/MessageResponse'
'500':
$ref: '#/components/responses/MessageResponse'
default:
$ref: '#/components/responses/ErrorResponse'
operationId: get-v1-admin-user-billing-assets
x-internal: true
parameters:
- schema:
type: string
in: query
name: email
description: email of the user
required: true
/v1/admin/user/audit_logs:
get:
summary: Get audit logs for a user
tags:
- internal
responses:
'200':
description: OK
content:
application/octet-stream:
schema:
type: string
format: byte
'400':
$ref: '#/components/responses/MessageResponse'
'401':
$ref: '#/components/responses/MessageResponse'
'500':
$ref: '#/components/responses/MessageResponse'
default:
$ref: '#/components/responses/ErrorResponse'
operationId: get-v1-admin-user-audit-logs
x-internal: true
parameters:
- schema:
type: string
in: query
name: email
description: email of the user
- schema:
type: integer
format: int64
in: query
name: user_id
description: user id of the user
- schema:
type: integer
in: query
name: offset
description: offset for pagination
- schema:
type: string
in: query
name: path_name
description: path name filter
- schema:
type: string
in: query
name: status_code
description: status code filter comma separated e.g status_code=200,404
- schema:
type: string
in: query
name: status_code_not
description: status code not filter comma separated e.g status_code_not=200,404
- schema:
type: integer
in: query
name: limit
description: limit for pagination
/v1/admin/team/change_owner:
parameters:
- in: header
name: X-Team-ID
required: true
schema:
type: string
post:
tags:
- internal
summary: >-
change owner for a team (New owner will take control of the existing
owner's subscription)
operationId: post-v1-admin-team-change_owner
responses:
'200':
$ref: '#/components/responses/MessageResponse'
'400':
$ref: '#/components/responses/MessageResponse'
'401':
$ref: '#/components/responses/MessageResponse'
'404':
$ref: '#/components/responses/MessageResponse'
'500':
$ref: '#/components/responses/MessageResponse'
default:
$ref: '#/components/responses/ErrorResponse'
security:
- X-API-Key: []
requestBody:
content:
application/json:
schema:
type: object
required:
- new_owner_email
properties:
new_owner_email:
type: string
x-internal: true
/v1/admin/scan/token:
post:
tags:
- internal
summary: Set Scan token for user
operationId: post-v1-admin-scan-token
responses:
'200':
$ref: '#/components/responses/MessageResponse'
'400':
$ref: '#/components/responses/MessageResponse'
'401':
$ref: '#/components/responses/MessageResponse'
'500':
$ref: '#/components/responses/MessageResponse'
default:
$ref: '#/components/responses/ErrorResponse'
security:
- X-API-Key: []
requestBody:
content:
application/json:
schema:
type: object
required:
- extra_token
- email
properties:
base_token:
type: number
base_domain_count:
type: integer
extra_token:
type: number
email:
type: string
description: Comma separated emails
validity_months:
type: integer
minimum: 0
maximum: 12
expire_at:
type: string
format: date-time
x-internal: true
parameters:
- schema:
type: string
enum:
- create
- update
in: query
name: method
description: '''create'' or ''update'' mode'
required: true
- schema:
type: string
in: header
description: >-
Retrieve the Team ID from:
https://cloud.projectdiscovery.io/settings/team
name: X-Team-Id
parameters: []
patch:
tags:
- internal
summary: Update Scan token for user
operationId: patch-v1-admin-scan-token
responses:
'200':
$ref: '#/components/responses/MessageResponse'
'400':
$ref: '#/components/responses/MessageResponse'
'401':
$ref: '#/components/responses/MessageResponse'
'500':
$ref: '#/components/responses/MessageResponse'
default:
$ref: '#/components/responses/ErrorResponse'
security:
- X-API-Key: []
requestBody:
content:
application/json:
schema:
type: object
required:
- email
properties:
base_domain_count:
type: integer
base_count:
type: integer
extra_token:
type: number
email:
type: string
description: Comma separated emails
is_enforced_limit:
type: boolean
tag:
type: string
enum:
- TRIAL
- ENT_TRIAL
- PRO
- ENT
- FREE
- VERIFIED_FREE
- GROWTH
description: user tag eg - TRIAL
expire_at:
type: string
format: date-time
x-internal: true
parameters:
- schema:
type: string
in: header
name: X-Team-Id
description: >-
Retrieve the Team ID from:
https://cloud.projectdiscovery.io/settings/team
get:
summary: Get Token Usage (admin)
tags:
- internal
responses:
'200':
$ref: '#/components/responses/GetScansTokenResponse'
'400':
$ref: '#/components/responses/MessageResponse'
'401':
$ref: '#/components/responses/MessageResponse'
'404':
$ref: '#/components/responses/MessageResponse'
'500':
$ref: '#/components/responses/MessageResponse'
default:
$ref: '#/components/responses/ErrorResponse'
operationId: get-v1-admin-scan-token
description: Get token usage for given user
parameters:
- schema:
type: integer
in: query
name: user_id
description: user id to get scan token usage for
required: true
- schema:
type: string
in: query
name: email
description: email to get scan token usage for
- schema:
type: string
in: header
name: X-Team-Id
description: >-
Retrieve the Team ID from:
https://cloud.projectdiscovery.io/settings/team
/v1/scans/{scan_id}/stop:
parameters:
- schema:
type: string
name: scan_id
in: path
required: true
post:
summary: Stop Scan
tags:
- scans
operationId: post-v1-scans-scan_id-stop
responses:
'200':
$ref: '#/components/responses/DeleteScansResponse'
'400':
$ref: '#/components/responses/ErrorResponse'
'401':
$ref: '#/components/responses/ErrorResponse'
'500':
$ref: '#/components/responses/ErrorResponse'
default:
$ref: '#/components/responses/ErrorResponse'
security:
- X-API-Key: []
description: Stop a running scan, not applied in any other state.
parameters:
- schema:
type: string
in: header
name: X-Team-Id
description: >-
Retrieve the Team ID from:
https://cloud.projectdiscovery.io/settings/team
/v1/scans/{scan_id}/rescan:
parameters:
- schema:
type: string
name: scan_id
in: path
required: true
post:
summary: Rescan scan
tags:
- scans
operationId: post-v1-scans-scan_id-rescan
responses:
'200':
$ref: '#/components/responses/TriggerUserScanResponse'
'400':
$ref: '#/components/responses/ErrorResponse'
'401':
$ref: '#/components/responses/ErrorResponse'
'500':
$ref: '#/components/responses/ErrorResponse'
default:
$ref: '#/components/responses/ErrorResponse'
security:
- X-API-Key: []
description: Re-run a existing scan
parameters:
- schema:
type: string
in: header
name: X-Team-Id
description: >-
Retrieve the Team ID from:
https://cloud.projectdiscovery.io/settings/team
/v1/scans/vuln/{vuln_id}:
get:
summary: Get Scan Vulnerability
tags:
- results
responses:
'200':
$ref: '#/components/responses/GetScansVulnIdResponse'
'400':
$ref: '#/components/responses/ErrorResponse'
'401':
$ref: '#/components/responses/ErrorResponse'
'500':
$ref: '#/components/responses/ErrorResponse'
default:
$ref: '#/components/responses/ErrorResponse'
operationId: get-v1-scans-vuln-:vulnId
description: 'Get scan result vulnerability by ID '
security:
- X-API-Key: []
parameters:
- schema:
type: string
in: header
name: X-Team-Id
description: >-
Retrieve the Team ID from:
https://cloud.projectdiscovery.io/settings/team
parameters:
- schema:
type: string
name: vuln_id
in: path
required: true
description: vulnerability ID
/v1/scans/result/{scanId}:
get:
summary: Get Scan Results
tags:
- results
responses:
'200':
$ref: '#/components/responses/GetScanResultsResponse'
'400':
$ref: '#/components/responses/ErrorResponse'
'401':
$ref: '#/components/responses/ErrorResponse'
'499':
$ref: '#/components/responses/ErrorResponse'
'500':
$ref: '#/components/responses/ErrorResponse'
default:
$ref: '#/components/responses/ErrorResponse'
operationId: get-v1-scans-result-:scanId
description: get results of specific scan by id
security:
- X-API-Key: []
parameters:
- schema:
type: string
in: query
name: severity
description: comma separated severity e.g. severity=info,high
- schema:
type: string
in: query
name: search
description: search term
- schema:
type: integer
in: query
name: limit
description: 'number of results '
- schema:
type: integer
in: query
name: offset
description: number of results to skip
- schema:
type: string
in: query
name: templates
description: comma separated templates e.g. templates=tech-detect,azure-takeover
- schema:
type: string
in: query
name: hosts
description: comma separated host e.g. hosts=https://example.com,https://x.com
- in: query
name: domain
schema:
type: string
description: comma separated domain names e.g-> domain=domain1.com,domain2.com
- in: query
name: port
schema:
type: string
description: comma separated ports e.g. ports=80,443
- schema:
type: string
in: query
description: filter by time ( last_day, last_week, last_month )
name: time
- schema:
type: string
in: query
name: vuln_status
description: comma separated vuln_status e.g vuln_status=open,fixed
- schema:
type: string
in: query
name: sort_asc
description: comma separated ascending sorting e.g sort_asc=created_at,severity
- schema:
type: string
in: query
name: sort_desc
description: comma separated descending sorting e.g sort_desc=created_at,severity
- schema:
type: boolean
in: query
name: asset_metadata
description: Asset details for the vulnerability
- schema:
type: string
in: header
name: X-Team-Id
description: >-
Retrieve the Team ID from:
https://cloud.projectdiscovery.io/settings/team
parameters:
- schema:
type: string
name: scanId
in: path
required: true
description: scan specific results (by scanId)
/v1/scans/vuln/{vuln_id}/changelogs:
get:
summary: Get Vulnerability Changelogs
tags:
- results
responses:
'200':
$ref: '#/components/responses/GetVulnChangelogsResponse'
'400':
$ref: '#/components/responses/ErrorResponse'
'401':
$ref: '#/components/responses/ErrorResponse'
'499':
$ref: '#/components/responses/ErrorResponse'
'500':
$ref: '#/components/responses/ErrorResponse'
default:
$ref: '#/components/responses/ErrorResponse'
operationId: get-v1-scans-vuln-vuln_id-changelogs
description: get changelogs of specific vulnerability by id
security:
- X-API-Key: []
parameters:
- schema:
type: string
enum:
- last_day
- last_week
- last_month
- las
# --- truncated at 32 KB (621 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/nuclei/refs/heads/main/openapi/nuclei-openapi.yml