API Reference

Automate security workflows with powerful REST APIs for GoPhish and reNgine.

Quick Start

GoPhish API

Complete REST API for campaign automation, template management, and analytics.

curl -X GET \
  https://your-gophish.com/api/campaigns \
  -H "Authorization: Bearer YOUR_API_KEY"

Base URL: https://your-instance/api
Authentication: API Key (Header)
Format: JSON

reNgine API

50+ endpoints for scan automation, vulnerability management, and AI analysis.

curl -X POST \
  https://your-rengine.com/api/scans/ \
  -H "Authorization: Token YOUR_API_TOKEN" \
  -d '{"domain": "example.com"}'

Base URL: https://your-instance/api
Authentication: Token (Header)
Format: JSON, WebSocket support

API Capabilities

Campaign Management

  • Create/Update/Delete Campaigns
  • Schedule Campaign Launches
  • Manage Email Templates
  • Configure Landing Pages
  • Target Group Operations
  • Real-time Campaign Status

Scan Automation

  • Trigger Reconnaissance Scans
  • Vulnerability Scanning
  • Subdomain Enumeration
  • Port & Service Discovery
  • Endpoint Crawling
  • AI Analysis Requests

Data & Analytics

  • Campaign Results Export
  • Vulnerability Reports
  • Real-time Event Streams
  • Historical Data Queries
  • Custom Metric Tracking
  • WebSocket Live Updates

Core Use Cases

Real-world API automation scenarios for security teams

Automated Phishing Campaigns

Schedule quarterly phishing simulations with progressive difficulty levels.

# Create monthly campaign
POST /api/campaigns/
{
  "name": "Q1 Security Training",
  "template_id": "spear-phishing-01",
  "groups": ["engineering", "finance"],
  "schedule": "2025-02-01T09:00:00Z",
  "send_by_date": "2025-02-15T17:00:00Z"
}

# Monitor results in real-time
GET /api/campaigns/123/results
WebSocket: ws://your-instance/api/events

Continuous Attack Surface Monitoring

Trigger daily reconnaissance scans and alert on new findings.

# Start reconnaissance scan
POST /api/scans/
{
  "domain": "example.com",
  "scan_type": "full",
  "enable_ai": true,
  "notify": ["slack", "email"]
}

# Query vulnerabilities
GET /api/vulnerabilities/?severity=high
GET /api/vulnerabilities/trends/

Compliance Reporting

Generate automated compliance reports for auditors and stakeholders.

# Export campaign metrics
GET /api/campaigns/export?format=pdf
GET /api/analytics/user-metrics

# Compliance report
GET /api/reports/compliance?
  period=2024-Q4&
  format=json

CI/CD Security Integration

Integrate security scanning into your deployment pipeline.

# Trigger pre-deployment scan
POST /api/scans/quick
{
  "targets": ["staging.example.com"],
  "tests": ["subdomain", "ports", "tech"],
  "blocking": true
}

# Fail pipeline if critical vulns
if vulnerabilities.critical > 0:
  sys.exit(1)

Slack/Teams Integration

Real-time security notifications to your team's chat platform.

# Configure webhook
POST /api/webhooks/
{
  "url": "https://hooks.slack.com/...",
  "events": ["campaign_complete",
             "user_clicked",
             "high_severity_vuln"],
  "active": true
}

Multi-Team Management

Manage campaigns and scans across different business units.

# Create isolated team workspace
POST /api/teams/
{
  "name": "Engineering Security",
  "members": ["alice@ex.com"],
  "permissions": ["campaigns", "reports"]
}

# Bulk campaign deployment
POST /api/campaigns/bulk
teams: ["eng", "sales", "finance"]

Incident Response & Threat Hunting

Rapidly deploy reconnaissance during active incidents or threat hunting operations.

# Emergency scan on suspicious domain
POST /api/scans/priority
{
  "domain": "suspicious-domain.com",
  "priority": "critical",
  "scan_type": "deep",
  "notify": ["soc-team@company.com"]
}

# Query recent infrastructure changes
GET /api/changes/?hours=24&severity=high

Security Metrics Dashboard

Build executive dashboards with real-time security awareness and vulnerability metrics.

# Get org-wide phishing resilience
GET /api/analytics/phishing-resilience?
  period=90d&granularity=weekly

# Track vulnerability trends
GET /api/analytics/vulnerability-trends?
  groupBy=severity&period=30d

# Export for Power BI / Tableau
GET /api/export/dashboard-data?format=csv

Automated User Training Workflows

Trigger personalized training based on campaign results and user behavior.

# Identify users who clicked phishing links
GET /api/campaigns/123/failures

# Enroll in remedial training
POST /api/training/enroll
{
  "users": ["user@company.com"],
  "course": "advanced-phishing-detection",
  "required": true
}

Vulnerability Remediation Tracking

Integrate vulnerability findings with ticketing systems for automated remediation workflows.

# Get critical vulnerabilities
GET /api/vulnerabilities/?
  severity=critical&status=open

# Create Jira tickets for each vuln
for vuln in vulnerabilities:
  POST https://jira.company.com/api/issue
  {
    "summary": vuln.title,
    "description": vuln.details,
    "priority": "Critical"
  }

Scheduled Reporting & Automation

Automate weekly/monthly security reports for management and compliance teams.

# Generate monthly executive report
POST /api/reports/generate
{
  "type": "executive-summary",
  "period": "last_month",
  "format": "pdf",
  "recipients": ["ciso@company.com"],
  "schedule": "first_monday_of_month"
}

# Email compliance report to auditors
GET /api/reports/compliance/soc2?
  quarter=Q1-2025&auto_email=true

Rate Limits & Best Practices

API Rate Limits

  • 4 vCPUs: 100 requests/hour
  • 8 vCPUs: 500 requests/hour
  • 16 vCPUs: 2,000 requests/hour
  • 32+ vCPUs: 10,000 requests/hour (custom limits available)
  • WebSocket: Real-time, no polling needed

Best Practices: Use webhooks instead of polling, cache responses when possible, implement exponential backoff for retries, use WebSocket for real-time updates.

Need API Access?

API keys are included with all deployments. Enterprise customers get dedicated API support.

Contact Sales for API Support