Skip to main content

Base URL

All API requests are made to: 
https://api.mindfort.app

Authentication

The MindFort API uses Bearer token authentication. Include your API key in the Authorization header of every request: 
Authorization: Bearer <your-api-key>
You can generate API keys from the MindFort Dashboard under Settings > API Keys.

Rate Limits

  • Per-IP limit: 3 requests per minute
  • Global limit: 100 requests per minute
When rate-limited, responses include a Retry-After: 60 header. The API returns HTTP 429 with an error message.

API Surface

The public API supports core automation workflows:
  • trigger assessments
  • cancel running assessments
  • list findings for a target
  • start directed tasks
  • run saved task templates
  • cancel running tasks
Use the endpoint reference for request and response schemas, query parameters, and examples.

Pagination

List endpoints use two pagination styles:
  • GET /v1/assessments uses cursor pagination. Pass the returned pagination.next_cursor value as the next request’s cursor parameter until no next cursor is returned.
  • GET /v1/targets and GET /v1/findings use limit and offset pagination and include a total count.

Error Format

All errors follow a consistent JSON structure: 
{
  "error": "Human-readable error message",
  "request_id": "abc123..."
}
Include the request_id when contacting support for faster resolution.

Component IDs

Several API endpoints require UUIDs for targets, findings, templates, and other resources. Below is where to find each ID in the MindFort dashboard.

Targets

Navigate to Target Inventory and click on a target. The Target ID is displayed on the target’s detail page.

Findings

Use GET /v1/findings or open a finding in the dashboard. The Finding ID identifies a specific vulnerability for detail, comment, and status update requests. Filter list results with status, assessment_id, exclude_secured, target_id, and severity. See Findings API for parameter details and dashboard mapping.

Assessments

Open Assessments, select a run, and copy the Assessment ID from the URL or detail view. Use it as assessment_id when listing findings for that run only.

Tasks

To find a Template ID, navigate to Tasks > Templates. Select a template and the ID will be shown in the template detail panel. Task endpoints return scoped task IDs in the form org_id::task_uuid. Use the returned task_id value as-is when canceling a task.

Content Type

All endpoints accept and return application/json. Requests must include: 
Content-Type: application/json