API Reference
All CyberDoc API endpoints are served at the /api/ path prefix. Endpoints are grouped by authentication level and feature area.
Base URL.
All endpoints are relative to the deployment origin. For production:
https://cyberdoc.cintelis.ai/api/
Authentication
| Type | Applies To | Mechanism |
|---|---|---|
| None | Public endpoints | No auth required. Turnstile token may be required for bot protection. |
| Session | Auth & Dashboard endpoints | cyberdoc_session cookie. Set on login via /api/auth/email/login, magic link, or Google OAuth. |
| Session + Plan | Billing-gated endpoints | Session cookie + active Pro, Business, or Enterprise subscription. |
| Admin | Admin endpoints | Session with is_admin flag, or legacy X-Admin-Key header. |
Common Response Format
All endpoints return JSON. Successful responses include the data directly. Errors use a standard envelope:
// Success (varies by endpoint)
{ "scan_id": "scan_abc123", "status": "created" }
// Error
{
"error": "Not found",
"code": "SCAN_NOT_FOUND",
"status": 404
}Public Endpoints
POST /api/lead
Create a new scan lead (initiates a CyberDoc session).
| Property | Detail |
|---|---|
| Auth | None (Turnstile token required) |
| Content-Type | application/json |
Request body:
{
"name": "Jane Smith",
"email": "[email protected]",
"domain": "example.com", // optional
"turnstile_token": "0.xxx..." // Cloudflare Turnstile response
}Response (201):
{
"scan_id": "scan_a1b2c3d4",
"status": "IN PROGRESS",
"created_at": "2026-03-28T10:30:00Z"
}POST /api/breach-check
Check an email address against known breach databases.
Request body:
{
"email": "[email protected]"
}POST /api/social-check
Check a username against 640+ public platforms for digital footprint exposure.
Request body:
{
"username": "janesmith"
}POST /api/report
Submit scan results (GP answers and/or pen test findings) for a scan session.
| Property | Detail |
|---|---|
| Auth | None |
| Content-Type | application/json |
Request body:
{
"scan_id": "scan_a1b2c3d4",
"gp_answers": {
"device": 0,
"purpose": 2,
"password_manager": 1,
"password_reuse": 2,
"two_factor": 0,
"updates": 1,
"phishing": 0,
"wifi": 2,
"backups": 1,
"social_privacy": 0
},
"pentest_results": [
{
"id": "fingerprint",
"name": "Browser Fingerprint Analysis",
"severity": "medium",
"finding": "Browser is uniquely identifiable across 94% of tested configurations"
}
]
}Response (200):
{
"scan_id": "scan_a1b2c3d4",
"status": "PEN TEST COMPLETE",
"overall_score": 62,
"categories": {
"passwords": { "score": 3, "max": 6 },
"authentication": { "score": 1, "max": 3 }
}
}GET /api/report?id=
Retrieve a previously submitted scan report.
POST /api/consent
Record pen test consent with audit trail.
Request body:
{
"scan_id": "scan_a1b2c3d4",
"consent_type": "pentest",
"turnstile_token": "0.xxx..."
}Response (201):
{
"consent_id": "con_x1y2z3",
"scan_id": "scan_a1b2c3d4",
"type": "pentest",
"ip": "203.0.113.10",
"timestamp": "2026-03-28T10:32:15Z"
}POST /api/analyze
Send all scan results to Anthropic Claude for AI diagnosis.
Request body:
{
"scan_id": "scan_a1b2c3d4"
}Response (200):
{
"scan_id": "scan_a1b2c3d4",
"diagnosis": "Based on your scan results, your overall cyber health...",
"prescriptions": [
{
"priority": 1,
"category": "credentials",
"text": "Your email was found in 7 data breaches...",
"severity": "critical"
}
],
"overall_assessment": "NEEDS ATTENTION",
"model": "claude-sonnet-4-20250514"
}POST /api/deepscan
Initiate a server-side Lab scan on a target domain.
Request body:
{
"scan_id": "scan_a1b2c3d4",
"target": "example.com"
}Response (202):
{
"scan_id": "scan_a1b2c3d4",
"status": "LAB SCAN IN PROGRESS",
"estimated_duration_seconds": 300
}GET /api/deepscan?id=
Poll for Lab scan progress and results.
Response (200):
{
"scan_id": "scan_a1b2c3d4",
"status": "COMPLETE",
"tools": {
"nmap": { "status": "complete", "findings": [...], "raw": "..." },
"nuclei": { "status": "complete", "findings": [...], "raw": "..." }
},
"completed_at": "2026-03-28T10:37:42Z"
}GET /api/export?id=
Export scan results as a downloadable file.
Voice Endpoints
POST /api/voice
Get an ephemeral xAI voice token and system instructions for a voice agent session.
Request body:
{
"scan_id": "scan_a1b2c3d4" // optional, provides context
}POST /api/voice-log
Store a voice conversation transcript after the session ends.
Request body:
{
"scan_id": "scan_a1b2c3d4",
"transcript": [
{ "role": "agent", "text": "Hello, I'm CyberDoc...", "ts": 0 },
{ "role": "user", "text": "Hi, can you explain...", "ts": 4.2 }
],
"duration_seconds": 245
}Dashboard Endpoints
All dashboard endpoints require authentication and an active Pro, Business, or Enterprise plan. Prefixed with /api/dashboard.
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/dashboard/stats | Workspace scan statistics |
| GET | /api/dashboard/scans | List scans (filterable by type) |
| GET | /api/dashboard/scans/:id | Get scan details with findings |
| GET | /api/dashboard/report/:id | Generate HTML report for a scan |
| GET | /api/dashboard/usage | Current month scan usage vs quota |
| GET | /api/dashboard/geo | Geo-located threat data for threat map |
| GET | /api/dashboard/whitelabel | Get white-label branding settings |
| PUT | /api/dashboard/whitelabel | Update white-label settings (Enterprise only) |
Red Team Endpoints
All red team endpoints require authentication and Business or Enterprise plan. Prefixed with /api/redteam. See the Red Team documentation for detailed descriptions.
Engagements
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/redteam/launch | Start engagement (target, playbook, scope, mode) |
| GET | /api/redteam/status?id= | Poll engagement status |
| GET | /api/redteam/result?id= | Full results with structured findings |
| GET | /api/redteam/notes?id= | Raw PentestAgent notes |
| POST | /api/redteam/cancel | Cancel running engagement |
| GET | /api/redteam/engagements | List workspace engagements |
| GET | /api/redteam/engagements/:id | Get single engagement details |
| POST | /api/redteam/engagement/:id/archive | Archive engagement |
| POST | /api/redteam/engagement/:id/unarchive | Restore archived engagement |
| DELETE | /api/redteam/engagement/:id | Delete engagement (admin) |
Analysis & Chain Verification
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/redteam/reanalyze/:id | Re-run multi-agent analysis |
| POST | /api/redteam/exploit-chain/:id | Execute attack chain with Kali commands |
| POST | /api/redteam/custom-chain/:id | Execute custom chain with user parameters |
Artifacts, Reports & Domains
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/redteam/artifacts/:id | List engagement artifacts |
| GET | /api/redteam/artifact/:id/:filename | Download artifact file |
| GET | /api/redteam/report/:id | Generate branded HTML report |
| POST | /api/redteam/verify-domain | Request domain verification token |
| POST | /api/redteam/check-verification | Check verification status |
| GET | /api/redteam/domains | List verified domains |
Operator, Expert & Metrics
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/redteam/voice | Get voice token for operator agent |
| POST | /api/redteam/conversation | Create/send operator conversation |
| GET | /api/redteam/conversations | List operator conversations |
| DELETE | /api/redteam/conversation/:id | Delete conversation |
| POST | /api/redteam/expert/:action | Start/stop/status Expert EC2 |
| POST | /api/redteam/expert-health | Check Expert readiness |
| GET | /api/redteam/metrics | Engagement metrics (admin) |
Auth Endpoints
See Auth & Billing for full details. All prefixed with /api/auth.
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/auth/email/register | Create account |
| POST | /api/auth/email/login | Login with email + password |
| POST | /api/auth/magic-link/send | Send magic link email |
| GET | /api/auth/magic-link/verify | Verify magic link token |
| POST | /api/auth/password/change | Change password |
| POST | /api/auth/password/set | Set password (first time) |
| POST | /api/auth/password/forgot | Send reset email |
| POST | /api/auth/password/reset | Reset with token |
| POST | /api/auth/totp/setup | Generate TOTP secret |
| POST | /api/auth/totp/verify | Verify and enable TOTP |
| POST | /api/auth/totp/disable | Disable TOTP |
| GET | /api/auth/me | Current user info |
| GET | /api/auth/subscription | Current plan tier |
| POST | /api/auth/logout | Revoke session |
Billing Endpoints
Prefixed with /api/billing.
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/billing/webhook | Stripe webhook (no auth, signature verified) |
| POST | /api/billing/checkout | Create Stripe checkout session |
| POST | /api/billing/portal | Open Stripe billing portal |
| GET | /api/billing/subscription | Get subscription details |
| POST | /api/billing/cancel | Cancel subscription |
Admin Endpoints
Require admin privileges. Prefixed with /api/admin.
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/admin/scans | Global scan index |
| GET | /api/admin/scans?id= | Get specific scan |
| DELETE | /api/admin/scans?id= | Delete scan |
| DELETE | /api/admin/scans?purge=all | Delete all scans |
| POST | /api/admin/lab-scans | Create lab scan record |
| POST | /api/admin/targeted | Proxy to scanner /targeted endpoint |
| GET | /api/admin/tickets | List infrastructure tickets |
| PATCH | /api/admin/tickets | Update ticket status |
| POST | /api/admin/voice-log | Query voice logs |
Rate Limits
| Endpoint | Limit | Window |
|---|---|---|
| Auth (login/register) | 5 requests | per 60 seconds per IP |
| Magic link | 1 request | per 60 seconds per email |
| Lead capture | 10 requests | per minute per IP |
| Breach check | 100 requests | per day per IP |
| Social check | 30 requests | per hour per IP |
| AI Analysis | 10 requests | per hour per IP |
| Voice | 5 sessions | per hour per IP |