Pentests
Trigger a new pentest
Triggers a new pentest (security scan) for the specified application.
The pentest will be queued and executed asynchronously. You can monitor
its progress by polling the GET /api/v1/pentests/:pentestId endpoint.
Required permission: pentests:create
Limits:
- Only one pentest can run per application at a time
- Organization must be in approved status
Authorization
ApiKeyAuth X-API-Key<token>
API key for authentication. Create API keys in Settings > API Keys.
Format: mpt_<32 hex characters>
In: header
Request Body
application/json
application_id*string
The ID of the application to scan
Response Body
application/json
application/json
application/json
application/json
application/json
application/json
curl -X POST "https://api.modernpentest.com/api/v1/pentests" \ -H "Content-Type: application/json" \ -d '{ "application_id": "k57abc123def456" }'{
"success": true,
"pentest_id": "k57xyz789ghi012",
"estimated_duration": 1800
}{
"error": {
"code": "VALIDATION_ERROR",
"message": "A pentest is already running for this application",
"timestamp": 1734567890000
}
}{
"error": {
"code": "UNAUTHENTICATED",
"message": "Invalid or missing API key",
"timestamp": 1734567890000
}
}{
"error": {
"code": "FORBIDDEN",
"message": "Missing required permission: applications:read",
"timestamp": 1734567890000
}
}{
"error": {
"code": "RATE_LIMIT_EXCEEDED",
"message": "Rate limit exceeded. Try again in 45 seconds.",
"timestamp": 1734567890000
}
}{
"error": {
"code": "INTERNAL_ERROR",
"message": "An unexpected error occurred",
"timestamp": 1734567890000
}
}Last updated: February 1, 2026