vPenTest API

NOTE This feature is available to all vPenTest customers including MSP partners and internal IT teams.

The vPenTest API enables direct integration with your existing systems or internal tools, eliminating the need for manual platform interaction. Developers can easily connect vPenTest to internal tools and workflows by pulling data such as organizations, schedules, download URLs for all report types, and more.

Step 1: Generate an API key in vPenTest

From your profile drop-down menu in the upper-right corner of the header, click Generate API Key.
Decide if you want the API to expire by a certain date or not expire at all.
Click Generate API Key.
Be sure to copy your generated API key, which is displayed here only once. You can generate an API key any time to safely replace the existing one.

Step 2: Authorize the API key in the API documentation

Once your API key is generated, visit the vPenTest API documentation.
Click Authorize in the upper-right corner of the page.
Enter the API key generated from vPenTest.

Example usage

To authenticate API requests, include your API key in the Authorization header using the Bearer token format. Below are some examples demonstrating how to use your API key with different programming languages.

List All Assessments (cURL)

curl -X GET "https://app.vpentest.io/api/v3/assessments" \
	-H "Authorization: Bearer YOUR_API_KEY_HERE" \
	-H "Content-Type: application/json"

Response

{
 "data": [
  {
   "id": "24b38497-01cd-4539-a7d5-4f4b0ced2228",
   "company_id": "789e0123-e89b-12d3-a456-426614174005",
   "name": "External Network Security Assessment",
   "severity": "informational",
   "created_at": "2025-02-24T16:21:22.093Z",
   "updated_at": "2025-02-24T16:44:38.689Z"
  }
 ],
 "total_count": 25,
 "page": 1,
 "per_page": 25,
 "total_pages": 1
}

Get Assessment Findings (Python)

import requests

API_KEY = "YOUR_API_KEY_HERE"
ASSESSMENT_ID = "24b38497-01cd-4539-a7d5-4f4b0ced2228"

headers = {
"Authorization": f"Bearer {API_KEY}",
"Content-Type": "application/json"
}

response = requests.get(
f"https://app.vpentest.io/api/v3/assessments/{ASSESSMENT_ID}/findings",
headers=headers
)

findings = response.json()
print(f"Total findings: {findings['total_count']}")

for finding in findings['data']:
print(f"- {finding['name']} (Severity: {finding['severity']})")

Get Report Download URLs (Ruby)

require 'net/http'
require 'json'
require 'uri'

API_KEY = "YOUR_API_KEY_HERE"
REPORT_ID = "123e4567-e89b-12d3-a456-426614174000"

uri = URI("https://app.vpentest.io/api/v3/reports/#{REPORT_ID}")

http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true

request = Net::HTTP::Get.new(uri)
request["Authorization"] = "Bearer #{API_KEY}"
request["Content-Type"] = "application/json"

response = http.request(request)
report = JSON.parse(response.body)

puts "Report Download URLs:"
puts "Executive Summary: #{report['data']['executive_summary_url']}"
puts "Technical Report: #{report['data']['technical_report_url']}"
puts "Supporting Evidence: #{report['data']['supporting_evidence_url']}"

	Need help? Submit a Kaseya Helpdesk request.
	Want to talk about it? Head over to Kaseya Community.
	Have a new feature idea? Visit the Kaseya Ideas portal.
	Provide feedback for the Documentation team.