API Reference - apviso [APVISO](/)Product Resources Developers Company [Pricing](/#pricing)[Partners](/partners)[Enterprise](/enterprise) [Login](/login)[Start free pentest](/register?intent=free-local-pentest) [Login](/login)[Start free](/register?intent=free-local-pentest) [Home](/)[Knowledge Base](/docs)API ReferenceAPI Reference ============= Programmatic access to the APVISO control plane. Manage self-hosted runners and targets, start BYOK pentests, and retrieve findings through our REST API. Authentication -------------- All API requests require an API key passed in the `X-API-Key` header. Keys are prefixed with `apvk_`. Generate one in **Settings → API Keys**. bashCopy ``` curl -H "X-API-Key: apvk_your_key_here" \ https://apviso.com/api/v1/quota ``` Base URL -------- All endpoints are relative to: Copy``` https://apviso.com/api/v1 ``` Rate Limits ----------- API requests are limited to **120 requests per minute** per API key. Rate limit information is included in response headers: HeaderDescription`x-ratelimit-limit`Maximum requests per window`x-ratelimit-remaining`Remaining requests in current window`x-ratelimit-reset`Unix timestamp when the window resets When the limit is exceeded, the API returns `429 Too Many Requests` with a `Retry-After` header. Error Codes ----------- StatusMeaning`200`Success`201`Resource created`202`Accepted (e.g., report still generating)`400`Bad request - invalid parameters`401`Unauthorized - invalid or missing API key`402`Payment or license action required`403`Forbidden - insufficient plan or inactive license`404`Resource not found`409`Conflict (e.g., target has pentests, can't delete)`422`Validation error`429`Rate limit exceeded`500`Internal server error Endpoints --------- Browse endpoints by section. Each section page includes request/response examples and parameter details. [### Quota Check your self-hosted license summary GET](/docs/api/quota)[### Runners Register and monitor customer-installed self-hosted runners GETGETPOST](/docs/api/runners)[### Targets Manage self-hosted pentest targets POSTGETGETDELETE+5 more](/docs/api/targets)[### Pentests Start and manage penetration test pentests POSTPOSTGETGET+1 more](/docs/api/scans)[### Findings View and manage vulnerability findings GETPATCHPATCH](/docs/api/findings)[### Reports Access pentest reports in markdown and PDF formats GETPOSTGET](/docs/api/reports)[### Schedules Set up recurring automated pentests (Team+ tier) POSTGETGETPATCH+1 more](/docs/api/schedules) [APVISO](/)Autonomous AI-powered penetration testing for modern web applications. Subscribe [](https://github.com/apviso)[](https://x.com/Apviso_com)[](https://www.linkedin.com/company/apviso/) [![Featured on Good AI Tools](https://goodaitools.com/assets/images/badge.png)](https://goodaitools.com/ai/apviso) Product - [Features](/#features) - [Pricing](/pricing) - [Integrations](/integrations) - [Benchmarks](/#compare) - [Affiliate Program](/affiliate) - [Partners](/partners) - [Enterprise](/enterprise) Resources - [Blog](/blog) - [Use Cases](/use-cases) - [Glossary](/glossary) - [Comparisons](/comparisons) - [Alternatives](/alternatives) - [Compliance](/compliance) - [Vulnerabilities](/vulnerabilities) - [Industries](/industries) - [OWASP APTS](/trust/apts) Developers - [Knowledge Base](/docs) - [API Reference](/docs/api) - [MCP Server](/docs/mcp) Company - [About](/about) - [Contact](/contact) - [Status](https://status.apviso.com) - [Privacy Policy](/legal/privacy) - [Terms of Service](/legal/terms) © 2026 APVISO. All rights reserved.