CG Scanning API V2
latest
  • latest
  • 5.2.0
HomeDocs
HomeDocs
latest
  • latest
  • 5.2.0
  1. Home
  • Getting Started
  • Authentication
  • Common Error Responses
  • Filtering Data
  • Authentication
    • User Confirmation
      • Confirm a User
      • Show confirmation form
    • User Invitation
      • Accept an invitation
      • Pre-Accept invitation check
    • Password Reset
      • Forgot Password
      • Reset Password
    • Impersonation
      • Impersonate user
      • Impersonate user
    • MFA
      • Check 2fa
      • Send SMS OTP
    • Sign in authentication
      POST
    • Sign in with recovery code
      POST
    • Sign out authentication
      DELETE
  • Targets
    • List targets
      GET
    • Create Target
      POST
    • Show a target
      GET
    • Updates a target
      PUT
    • Delete a target
      DELETE
    • Delete targets
      DELETE
  • Scans
    • Scan Histories
      • List of history for a scan
      • History details for a scan
    • Scan Hosts
      • List of hosts for a scan
      • Host details for a scan
    • Scan Vulnerabilities
      • List of vulnerabilities for a scan
      • Show vulnerability details
      • Statistics for a scan
    • List scans
      GET
    • Create Scan
      POST
    • Show a scan
      GET
    • Updates a scan
      PUT
    • Delete a scan
      DELETE
    • Delete scans
      DELETE
    • Start a scan
      POST
    • Stop a scan
      POST
    • List upcoming scans
      GET
    • List recent scans that have been completed
      GET
    • List of the running scans
      GET
    • Create Scan from Wizard
      POST
  • Reports
    • List Reports
    • Show a report
    • Delete a report
    • Delete reports
    • Generates a report file
    • Downloads a report file
    • Check if a report file exists
  • Vulnerabilities
    • List of vulnerabilities
    • Vulnerability details
    • Total Vulnerabilities (widget)
    • Top Vulnerabilities (widget)
    • PCI Compliant (widget)
    • (AI) Send prompt about a given Vulnerability
    • (AI) Chat history about a given Vulnerability
  • Exceptions
    • List Exceptions
    • Create Exception
    • Update Exception
    • Show an exception
    • Delete an exception
    • Show exception details
    • Delete exceptions
    • Activate exceptions
    • Reset exceptions
    • Show the exceptions statistics
  • Schedules
    • List Schedules
    • Create Schedule
    • Updates a schedule
    • Show a schedule
    • Delete a schedule
    • Delete schedules
    • Calculate First Time Schedule Date
    • Calculate Next Schedule Dates
  • Webhooks
    • Deliveries
      • List all deliveries for a webhook
      • Get a delivery for a webhook
    • List all webhooks
    • Create a webhook
    • Show a webhook
    • Update a webhook
    • Delete a webhook
    • Activate a webhook
    • Deactivate a webhook
  • Advanced Reports
    • List Advanced Reports
    • Create an advanced report
    • Show an advanced report
    • Update an advanced report
    • Delete an advanced report
    • Delete advanced reports
    • Generates an advanced report file
    • Downloads an advanced report file
  • Audit
    • Get all events
    • Get event by id
  • Notifications
    • List Notifications
    • Show a notification
    • Delete a notification
    • Mark as read a notification
    • Mark as seen a notification
    • Mark as read all notifications
    • Mark as seen all notifications
  • Hosts
    • List of hosts
    • Host details
    • List of most vulnerable hosts
  • Scanners
    • List scanners
    • Create scanner
    • Show scanner
    • Update scanner
    • Delete scanner
    • List activated scanners
    • Activate scanner
    • Deactivate scanner
    • Update scanner app type
    • Assign a scanner to an organization
    • Verify a scanner
  • Port Lists
    • List port lists
    • Create a port list
    • Show a port list
    • Update a port list
    • Delete a port list
    • List activated port lists
    • Add a port range to a port list
    • Delete a port range to a port list
    • Activate a port list
    • Deactivate a port list
    • Updates the app_type of a port list
    • Sync the a port lists
  • User
    • User 2FA
      • Enable 2FA
      • Verify 2FA installation
      • Disable 2FA
      • Lookup phone number
      • Default 2FA method
      • Generate Recovery Codes
      • Get Recovery Codes
    • User Preferences
      • Get users notification preferences
      • Change users product
      • Enable user's event notification preference
      • Disable user's event notification preference
    • Get current user
    • Update current user
    • Change current user password
    • Get current user active plans (Not implemented yet)
    • Get organization members
    • Get current user products
    • Get current organization
    • Update current organization
    • Get subscriptions history
    • Change users product
    • Checks if authorization token is valid
    • Get current user permissions
    • Check if the user can be deleted
    • Delete my account
    • Generates a new access token
    • Revokes the current access token
    • (Admin) Transfers all the resources from the user to another user
  • Organizations
    • Organization Subscriptions
      • Retrieves all subscriptions of organization
      • Retrieves all active subscriptions of organization
      • Show a subscription of organization
      • 'Update organization's subscription'
      • Assign features to a subscription
      • Revoke features from a subscription
    • Subscribe to a plan
    • List organizations
    • Create Organization
    • List dependent subscriptions
    • Retrieve an organization
    • Update an organization
    • Delete an organization
    • Subscribe an organization to a plan
    • Unsubscribe an organization from a plan
    • Change users Organization
    • Export organizations
  • Users
    • List Users
    • Create User
    • Show User
    • Update User
    • Delete a User
    • Create Customer
    • Invite User
    • Resend Confirmation Instructions
    • Import Users
    • Check if a user can be deleted
    • Inherit all the resources from a user
    • Export all users to a CSV file
    • Set partner
    • Unset partner
  • Whitelabel Settings
    • Show the white label settings
    • Show the white label settings
    • Update white label settings
  1. Home

Authentication

Our API provides flexible authentication options to suit different use cases. This section explains how to authenticate using credentials, Two-Factor Authentication (2FA), or ussing the Access Tokens.

Authenticate with Username and Password#

Use this method to authenticate with a user's credentials (username and password). Depending on whether 2FA is enabled, the process may require an additional step.
API Key required
All API requests must include the API key in the headers. This is required for all endpoints, regardless of the authentication method used.
# Headers Example
x-api-key: your-api-key
Without 2FA
With 2FA
1.
Send a POST request to /auth/sign_in with the username and password.
2.
The server responds with an authentication token, which must be included in the Authorization header for subsequent requests.

Example Request#

POST /auth/sign_in
Content-Type: application/json

  {
    "username": "your_username",
    "password": "your_password"
  }

Example Response#

{
    "token": "your-auth-token",
}

Authorization Header for Subsequent Requests:#

Authorization: Bearer your-auth-token

Authentication with Access Token#

The Access Token method allows long-term authentication without requiring a login for each session. This is ideal for applications or scripts that need to interact with the API regularly.

Generate an Access Token#

Access Tokens can be generated in the My Settings section of the portal or by using the PUT /v2/user/generate_access_token endpoint. Once generated, the token does not expire and can be used for all API requests.

Use an Access Token#

Include the token in the Authorization header of your requests:
Authorization: Basic your-access-token
Modified at 2025-04-24 11:02:04
Previous
Getting Started
Next
Common Error Responses
Built with