Patronus API

The Patronus API Developer Hub

Welcome to the Patronus API developer hub. You'll find comprehensive guides and documentation to help you start working with our pentest module as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Authentication

The API-Key

The API needs your API-Key to authenticate yourself and to identify which of your projects should be processed. The API-Key is a unique JSON Web Token (JWT) specific to you and your project.

Keep your API-Key private

Never share your API-Key with someone and do not store it in your repositories.
If someone gets access to your token, please contact us immediately, so we can invalidate it and create a new token.

Authenticate via HTTP-Header

If you are accessing the API endpoints directly you need to set the Authorization-header of your request.
It should look like:

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoidXVpZCBvZiB0aGUgdXNlciIsInByb2plY3QiOiJ1dWlkIG9mIHRoZSBwcm9qZWN0IiwiaWF0IjowfQ.jiqqFk6LCGsJlf8jz2MwXS3ZNk_4lrYENYMrgG86OfA

Here are some examples on how to do that:

curl -X POST https://api.patronus.io/rest/v1/start \
  -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoidXVpZCBvZiB0aGUgdXNlciIsInByb2plY3QiOiJ1dWlkIG9mIHRoZSBwcm9qZWN0IiwiaWF0IjowfQ.jiqqFk6LCGsJlf8jz2MwXS3ZNk_4lrYENYMrgG86OfA'
wget --method POST \
  --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoidXVpZCBvZiB0aGUgdXNlciIsInByb2plY3QiOiJ1dWlkIG9mIHRoZSBwcm9qZWN0IiwiaWF0IjowfQ.jiqqFk6LCGsJlf8jz2MwXS3ZNk_4lrYENYMrgG86OfA' \
  - https://api.patronus.io/rest/v1/start
const request = require("request");

const options = {
  method: 'POST',
  url: 'https://api.patronus.io/rest/v1/start',
  headers: {
    Authorization: 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoidXVpZCBvZiB0aGUgdXNlciIsInByb2plY3QiOiJ1dWlkIG9mIHRoZSBwcm9qZWN0IiwiaWF0IjowfQ.jiqqFk6LCGsJlf8jz2MwXS3ZNk_4lrYENYMrgG86OfA',
  },
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
<?php

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => "https://api.patronus.io/rest/v1/start",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_HTTPHEADER => array(
    "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoidXVpZCBvZiB0aGUgdXNlciIsInByb2plY3QiOiJ1dWlkIG9mIHRoZSBwcm9qZWN0IiwiaWF0IjowfQ.jiqqFk6LCGsJlf8jz2MwXS3ZNk_4lrYENYMrgG86OfA"
  ),
));

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}
package main

import (
	"fmt"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "https://api.patronus.io/rest/v1/start"

	req, _ := http.NewRequest("POST", url, nil)

	req.Header.Add("Authorization", "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoidXVpZCBvZiB0aGUgdXNlciIsInByb2plY3QiOiJ1dWlkIG9mIHRoZSBwcm9qZWN0IiwiaWF0IjowfQ.jiqqFk6LCGsJlf8jz2MwXS3ZNk_4lrYENYMrgG86OfA")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

Authenticate via our pipeline-runner

If you are using our pipeline-runner client, you can pass the API-Key in two ways:

1. Using an environment variable (recommended)

If you want to pass the API-Key via an environment variable you can use API_KEY.

This is the recommended way to pass the environment variable, as you can use your pipelines secret-variable-store to prevent showing the API-Key in logs and storing it in files.

export API_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoidXVpZCBvZiB0aGUgdXNlciIsInByb2plY3QiOiJ1dWlkIG9mIHRoZSBwcm9qZWN0IiwiaWF0IjowfQ.jiqqFk6LCGsJlf8jz2MwXS3ZNk_4lrYENYMrgG86OfA

2. Using the cli-parameter

Use the --key cli-parameter of the client

./pipeline-runner --key=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoidXVpZCBvZiB0aGUgdXNlciIsInByb2plY3QiOiJ1dWlkIG9mIHRoZSBwcm9qZWN0IiwiaWF0IjowfQ.jiqqFk6LCGsJlf8jz2MwXS3ZNk_4lrYENYMrgG86OfA