List Credits Usage
GET/account/credits/usage/
Request
Query Parameters
purchased- PURCHASEDexpired- EXPIREDused- USEDearned- EARNED
Number of results to return per page.
Possible values: [earned, expired, purchased, used]
Which field to use when ordering the results.
A page number within the paginated result set.
A search term.
Responses
- 200
- 400
- 401
- 500
- application/json
- Schema
- Example (from schema)
Schema
- Array [
canceled- Canceledcanceling- Cancelingcompleted- Completedcompleted_with_errors- Completed with errors - DEPRECATEDfailed- Failedpaused- Pausedpausing- Pausingqueued- Queuedresuming- Resumingstarted- Startedunder_review- Under Reviewfinishing_up- Finishing up- Array [
- ]
- Array [
- ]
- Array [
- ]
any- Is logged out if any condition is verified.all- Is logged out only if all condition are verified.SHA1- Sha1SHA256- Sha256SHA512- Sha5126- Six7- Seven8- Eight- Array [
- ]
-
file- Verifies the domain against a text file in the root directory of the website. Learn more in this article. -
back_office- Automatically set if manually verified in the back-office. Read-only. -
existing_domain- Automatically set if the upper-level domain is verified. For example, "my.example.com" is automatically verified if "example.com" is verified. Read-only. -
dns_txt- Verifies the domain against a TXT record in the Domain Name System (DNS). Learn more in this article. -
dns- Same asdns_txt. -
dns_cname- Verifies the domain against a CNAME record in the Domain Name System (DNS). Learn more in this article. -
meta_tag- Verifies the domain against a meta tag in the index page of the website. Learn more in this article. -
whitelist- Automatically verifies if the domain is in the whitelist -
email- Automatically verifies a domain if the user's email is in the same domain as the target -
aws_route53- Automatically verifies a domain if the hostname exists as an AWS Route53 Zone. -
cloudflare- Automatically verifies a domain if the host name exists and is verified as a CloudflareZone. -
waved- Automatically verifies a domain if there is a waver agreement. openapi- OpenAPI schema.postman- Postman collection.- Array [
- ]
application/json- The payload is in JSON format in the request body.application/x-www-form-urlencoded- The payload is encoded in the request URL.cookie- Cookieheader- Header- Array [
- ]
pdf- PDF file format.docx- DOCX file format.- Array [
- ]
- ]
Total number of results.
Total number of pages.
Number of the current page.
The first page is 1.
Defaults to 1 if no specific page is requested.
Number of results returned per page.
results object[]
Date and time of the credits usage, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".
Possible values: <= 150 characters
Possible values: <= 4294967295
Number of credits used.
Possible values: >= -2147483648 and <= 2147483647
Number of credits available after the usage.
Possible values: >= -2147483648 and <= 2147483647
Number of credits used and on hold on running scans.
Accrued number of credits: balance + on_hold.
scan objectrequired
Scan where the credits were used.
A unique Base58 value identifying this object.
Possible values: [canceled, canceling, completed, completed_with_errors, failed, paused, pausing, queued, resuming, started, under_review, finishing_up]
Status of the scan:
Date and time of when the scan started.
Date and time of when the scan was completed.
Possible values: [lightning, normal, safe, full, api_normal, api_full]
Scan profile of the scan.
It can be one of the enumerated built-in scan profiles.
It can also be a custom scan profile, if the name starts with "sp-".
Number of vulnerability findings with low severity.
Number of vulnerability findings with medium severity.
Number of vulnerability findings with high severity.
target objectrequired
Target where the credits were used.
Possible values: <= 255 characters
Name of the target.
The maximum length is 255 characters.
site object
Core settings of the target.
Includes basic target information (like the name, description, and URL) and scanning information (like the authentication and navigation sequences).
A unique Base58 value identifying this object.
Possible values: <= 255 characters
Name of the target or extra host.
The maximum length is 255 characters.
Description of the target.
URL of the target.
Hostname of the target.
Default value: false
If true, the target authentication is done through a login form.
Read more about how to set up target authentication (login form).
Defaults to false.
URL of the login form of the target.
Possible values: <= 255 characters
Pattern to check a successful login.
The maximum length is 255 characters.
form_login object[]
Field and value pairs to fill the login form.
Default value: false
If true, detects any undesired logouts that may occur during scans to log back in.
Requires check_session_url and logout_detectors to be defined.
Defaults to false.
Default value: false
If true, the target authentication is done through a recorded login sequence.
Read more about how to set up target authentication (login sequence).
Defaults to false.
Default value: false
If true, the target authentication is done through username and password credentials.
Defaults to false.
basic_auth object
Username and password credentials for the basic auth.
Possible values: <= 255 characters
Possible values: <= 255 characters
headers object[]
Custom headers to send.
cookies object[]
Custom cookies to send.
Default value: ``
Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.
Default value: ``
URLs to avoid scanning.
For example, "https://example.com/pic-delete.php*" or "*.archive.example.com".
URLs need to be absolute and wildcards (*) are allowed.
The blacklist takes precedence over the whitelist.
Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".
changed_by objectrequired
User who last made changes.
A unique Base58 value identifying this object.
Possible values: <= 254 characters
Email of the user.
Possible values: <= 60 characters
Name of the user.
Default value: false
If true, the target has authentication.
Defaults to false.
Possible values: [any, all]
Type of combination of the logout conditions:
URL to check session.
If true, the target has two-factor authentication (2FA).
Read more about how to set up target two-factor authentication (2FA).
Defaults to false.
The seed/secret obtained when the QR code is displayed to be scanned by the third-party authenticator (TPA) app installed on the phone (e.g., Google Authenticator, 1Password, Authy, Microsoft Authenticator, etc.).
Read more about how to set up target two-factor authentication (2FA).
Possible values: [SHA1, SHA256, SHA512]
Default value: SHA1
Secure hash algorithm (SHA) to generate the one-time password (OTP):
(Defaults to SHA1)
Possible values: >= -2147483648 and <= 2147483647, [6, 7, 8]
Default value: 6
Number of digits of the one-time password (OTP):
(Defaults to 6)
CSS selector of the HTML element in the page to enter the one-time password (OTP).
For example, a text input field.
Read more about how to obtain a CSS selector.
Defaults to "".
CSS selector of the HTML element in the page to submit the one-time password (OTP).
For example, a button.
Read more about how to obtain a CSS selector.
Defaults to "".
Possible values: >= 6 characters and <= 8 characters
One-time password (OTP) obtained at the time when the login sequence was recorded, i.e., the time-based one-time password (TOTP).
Defaults to "".
stack object[]
Technologies in target scans. The scanning engine uses them to fine-tune vulnerability tests and texts about how to fix the vulnerabilities.
A unique Base58 value identifying this object.
Possible values: <= 255 characters
Name of the technology.
For example, "PHP, "SQLite", "Python", "Apache", or "Wordpress".
The maximum lenght is 255 characters.
Description of the technology.
Defaults to "".
If true, the domain is verified. Read-only.
Token used to verify the domain of the target. Read-only.
Date and time of the verification of the domain, in ISO 8601 UTC format. For example, "2023-08-09T13:27:43.8208302". Read-only.
Possible values: [file, back_office, existing_domain, dns_txt, dns, dns_cname, meta_tag, whitelist, email, aws_route53, cloudflare, waved]
Method used in the domain verification:
Error of the last verification of the domain of the target. Read-only.
api_scan_settings objectrequired
Scanning settings if the target is an API.
Possible values: [openapi, postman]
Type of schema that defines the API:
custom_api_parameters object[]
Possible values: [application/json, application/x-www-form-urlencoded]
Format of the payload:
Possible values: <= 2048 characters
URL to make the authentication request to the API.
The maximum length is 2048 characters.
Possible values: <= 4096 characters
Payload to send in the authentication request.
The maximum length is 4096 characters.
Possible values: <= 256 characters
Field containing the authentication token in the response to the authentication request.
The maximum length is 256 characters.
Possible values: <= 16 characters
Prefix to add to the authentication token.
For example, "Bearer" or "JWT".
The maximum length is 16 characters.
Possible values: <= 256 characters
Parameter name to send the authentication token.
For example, "Authorization".
The maximum length is 256 characters.
Possible values: [cookie, header]
Where to send the parameter name with the authentication token and the prefix:
Type of target.
Possible values are "single" for a web application and "api" for an API.
Defaults to "single".
Description of the target.
Defaults to "".
labels object[]
A unique Base58 value identifying this object.
Possible values: <= 255 characters
Name of the label.
The maximum length is 255 characters.
Possible values: Value must match regular expression ^[a-zA-Z0-9#_-]*$
Color of the label, in RGB hexadecimal format prefixed with "#".
For example, "#00FF00" for green.
changed_by objectrequired
User who last made changes.
A unique Base58 value identifying this object.
Possible values: <= 254 characters
Email of the user.
Possible values: <= 60 characters
Name of the user.
Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".
Possible values: [pdf, docx]
Report format for the target:
(Defaults to pdf)
scanning_agent objectnullable
Return serializer_class with all fields as read_only except key. The key is the field use to retrieve the object in to_internal_value.
This is for the drf-spectacular documentation generation.
Possible values: <= 255 characters
teams object[]required
A unique Base58 value identifying this object.
blackout_period objectrequired
Time window during which scans are temporarily interrupted.
Time of when the blackout period starts, in ISO 8601 UTC format.
For example, "13:27".
Time of when the blackout period ceases, in ISO 8601 UTC format.
For example, "13:27".
If true, the blackout period is enabled.
Possible values: <= 64 characters
Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".
changed_by objectrequired
User who last made changes.
A unique Base58 value identifying this object.
Possible values: <= 254 characters
Email of the user.
Possible values: <= 60 characters
Name of the user.
{
"count": 6,
"page_total": 1,
"page": 1,
"length": 10,
"results": [
{
"timestamp": "2024-09-10T15:58:28.921Z",
"description": "string",
"amount": 0,
"balance": 0,
"on_hold": 0,
"full_balance": "string",
"scan": {
"id": "string",
"status": "canceled",
"started": "2024-09-10T15:58:28.921Z",
"completed": "2024-09-10T15:58:28.921Z",
"scan_profile": "lightning",
"lows": 0,
"mediums": 0,
"highs": 0,
"created": "2024-09-10T15:58:28.921Z"
},
"target": {
"id": "string",
"name": "string",
"site": {
"id": "string",
"name": "string",
"desc": "string",
"url": "string",
"host": "string",
"has_form_login": false,
"form_login_url": "string",
"form_login_check_pattern": "string",
"form_login": [
{
"name": "string",
"value": "string"
}
],
"logout_detection_enabled": false,
"has_sequence_login": false,
"has_sequence_navigation": true,
"has_basic_auth": false,
"basic_auth": {
"username": "string",
"password": "string"
},
"headers": [
{
"name": "string",
"value": "string"
}
],
"cookies": [
{
"name": "string",
"value": "string"
}
],
"whitelist": [
null
],
"blacklist": [
null
],
"changed": "2024-09-10T15:58:28.922Z",
"changed_by": {
"id": "string",
"email": "[email protected]",
"name": "string"
},
"auth_enabled": false,
"logout_condition": "any",
"check_session_url": "string",
"has_otp": true,
"otp_secret": "string",
"otp_algorithm": "SHA1",
"otp_digits": 6,
"otp_field": "string",
"otp_submit": "string",
"otp_login_sequence_totp_value": "string",
"otp_type": "string",
"otp_url": "string",
"stack": [
{
"id": "string",
"name": "string",
"desc": "string"
}
],
"verified": true,
"verification_token": "string",
"verification_date": "2024-09-10T15:58:28.922Z",
"verification_method": "file",
"verification_last_error": "string",
"api_scan_settings": {
"api_schema_type": "openapi",
"api_schema_url": "string",
"api_schema_file": "string",
"custom_api_parameters": [
{
"name": "string",
"value": "string"
}
],
"media_type": "application/json",
"api_login_url": "string",
"api_login_payload": "string",
"api_login_enabled": true,
"api_login_token_field": "string",
"token_prefix": "string",
"token_parameter_name": "string",
"token_parameter_location": "cookie"
}
},
"type": "string",
"desc": "string",
"labels": [
{
"id": "string",
"name": "string",
"color": "string",
"changed_by": {
"id": "string",
"email": "[email protected]",
"name": "string"
},
"changed": "2024-09-10T15:58:28.922Z"
}
],
"has_assets": true,
"report_fileformat": "pdf",
"scanning_agent": {
"id": "string",
"name": "string",
"installer_generated": true,
"online": true,
"fallback": true,
"rx_bytes": 0,
"tx_bytes": 0,
"latest_handshake": 0
},
"teams": [
{
"id": "string",
"name": "string"
}
],
"blackout_period": {
"begin": "string",
"cease": "string",
"weekdays": [
0
],
"enabled": true,
"timezone": "string",
"changed": "2024-09-10T15:58:28.922Z",
"changed_by": {
"id": "string",
"email": "[email protected]",
"name": "string"
}
}
}
}
]
}
- application/json
- Schema
- Example (from schema)
Schema
{
"<field name>": [
"Errors related to field <field name>."
],
"non_field_errors": [
"Errors not related to any field specific field."
]
}
- application/json
- Schema
- Example (from schema)
Schema
{
"detail": "Incorrect authentication credentials."
}
- application/json
- Schema
- Example (from schema)
Schema
{
"detail": "Unexpected error while handling your request."
}