API Reference
Programmatic access to the APVISO platform. Manage targets, run scans, and retrieve findings through our REST API.
Authentication
All API requests require an API key passed in the X-API-Key header. Keys are prefixed with apvk_. Generate one in Settings → API Keys.
curl -H "X-API-Key: apvk_your_key_here" \
https://apviso.com/api/v1/quotaBase URL
All endpoints are relative to:
https://apviso.com/api/v1Rate Limits
API requests are limited to 120 requests per minute per API key. Rate limit information is included in response headers:
| Header | Description |
|---|---|
x-ratelimit-limit | Maximum requests per window |
x-ratelimit-remaining | Remaining requests in current window |
x-ratelimit-reset | Unix timestamp when the window resets |
When the limit is exceeded, the API returns 429 Too Many Requests with a Retry-After header.
Error Codes
| Status | Meaning |
|---|---|
200 | Success |
201 | Resource created |
202 | Accepted (e.g., report still generating) |
400 | Bad request — invalid parameters |
401 | Unauthorized — invalid or missing API key |
402 | Payment required — insufficient credits |
403 | Forbidden — insufficient plan tier |
404 | Resource not found |
409 | Conflict (e.g., target has scans, can't delete) |
422 | Validation error |
429 | Rate limit exceeded |
500 | Internal server error |
Endpoints
Browse endpoints by section. Each section page includes request/response examples and parameter details.
Quota
Check your subscription usage and remaining credits
Targets
Manage scan targets and ownership verification
Scans
Start and manage penetration test scans
Findings
View and manage vulnerability findings
Reports
Access scan reports in markdown and PDF formats
Schedules
Set up recurring automated scans (Business+ tier)
Integrations
Manage third-party integrations and webhooks
Compliance
Track compliance posture across security frameworks