{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"ddec4b75-aa88-43d4-b517-8799020592b5","name":"HackEDU API","description":"Welcome to the HackEDU Developer API! We're excited to help get you started.\n\n# Authentication\n\nYou need an API Key to authenticate with the HackEDU Developer API. Include your key in the `X-API-Key` header on each request.\n\nYou can obtain an API Key from your Admin Dashboard or by contacting [support@securityjourney.com](mailto:support@hackedu.com).\n\n# Errors\n\nHackEDU uses conventional HTTP response codes to indicate the success or failure of an API request. In general: Codes in the `2xx` range indicate success. Codes in the `4xx` range indicate an error that failed given the information provided (e.g., a required parameter was omitted, a uuid was malformed, etc.). Codes in the `5xx` range indicate an error with HackEDU's servers (these are rare).\n\nSome `4xx` errors that could be handled programmatically include an error code that briefly explains the error reported.\n\n# Getting Started\n\nThere are three groups of endpoints in our API Documentation: `Users`, `Teams`, and `Content`.\n\n*Users*\n\nThese endpoints give you information about the users in your organization, and allows you to assign content to individuals in a couple different ways.\n\n*Teams*\n\nThese team routes give you the ability to see where users are at in the context of a team they are on. You can also see a list of teams in your organization.\n\n*Content*\n\nThe two routes within this content group give you information about all of the content in our platform as well as a vulnerabilities endpoint that describes our vulnerability category taxonomy.\n\n*Issue Sources*\n\nIssue Sources can either be one of our native integrations, or they can be a custom source. Custom sources cannot be synced automatically by HackEDU, so you will have to push Issues to custom sources yourself, using the /issues endpoints.\n\n*Issues*\n\nIssues are things like findings from vulnerability scans or bug bounty programs. They have vulnerabilities associated with them, which are used as a data source to inform your HackEDU adaptive training plans. Issues belong to an Issue Source.\n\n## Example Use Cases\n\nLets look at a couple use cases to help get you started looking at our APIs.\n\n**Create a Leaderboard**\n\nTo get started with a simple Leaderboard, first take a look at the `/users` endpoint. You will see that this route returns a list of users. Each user looks similar to this:\n\n```\n{\n \"uuid\": \"a1fa3ee2-0d74-4e0a-971d-e25cee654e72\",\n \"email\": \"alice@acme.com\",\n \"progress\": 95,\n \"points\": 10,\n \"teams\": [\n {\n \"uuid\": \"befd585f-cb60-4f1a-954f-4219dd3aade5\",\n \"name\": \"Mobile Team\",\n \"complete\": false\n }\n ]\n}\n\n```\n\nThe `points` attribute is the number of points a user has scored in the different challenges in our platform.\n\nIn the code snippet below, you will see an example of how you can use `requests` in Python 3 to call this endpoint with your API Key, sort by the number of points scored, and then print the results in order:\n\n```\nimport requests\nurl = \"https://api.hackedu.com/v1/users\"\nheaders= {\"X-API-Key\": \"YOUR_API_KEY_HERE\"}\nresponse = requests.request(\"GET\", url, headers=headers).json()\nusers = response[\"users\"]\nleaderboard = sorted(users, key = lambda i: i['points'], reverse=True)\nfor user in leaderboard:\n if user[\"points\"] > 0:\n print(\"{0} points -- {1}\".format(user[\"points\"], user[\"email\"]))\n\n```\n\n**Just-In-Time Training Example**\n\nLets assume you have a scanner in place and want to automatically assign the XXE lesson to anyone who commits code with an XXE vulnerability in it.\n\nThe first step is to find the `uuid` of the user you are trying to assign training to (`bob@acme.com` in this example). Keep in mind, these examples are meant to be examples, not production code:\n\n```\nimport requests\nurl = \"https://api.hackedu.com/v1/users\"\nheaders= {\"X-API-Key\": \"YOUR_API_KEY_HERE\"}\npayload = {\"query\": \"bob@acme.com\"}\nresponse = requests.request(\"GET\", url, headers=headers, params=payload).json()\nuser_uuid = response[\"users\"][0][\"uuid\"]\n\n```\n\nAfter getting the user's uuid, you can find the XXE lesson from the `/courses` endpoint:\n\n```\n{\n \"uuid\": \"3f36f4fb-85b0-4e62-a3ee-0c2313efa704\",\n \"title\": \"XML External Entities\",\n \"metrics\": {\n \"users_completed\": 10,\n \"users_assigned\": 20,\n \"average_time\": \"01:25\"\n },\n \"locked\": False\n}\n\n```\n\nAnd the last step is making a POST to the `/users/:user_uuid/content/:content_uuid` endpoint to finally assign the lesson:\n\n```\nurl = \"https://api.hackedu.com/v1/users/{0}/content/{1}\".format(user_uuid, content_uuid)\nheaders= {\"X-API-Key\": \"YOUR_API_KEY_HERE\"}\nresponse = requests.request(\"POST\", url, headers=headers)\n\n```\n\n# HackEDU CLI\n\nHackEDU has a command line interface to the API.\n\nIn addition to interfacing with the API, we have also built native integrations with the following security tools:\n\n* SonarQube\n \n\nSee the documentation at [https://github.com/hack-edu/hackedu-cli](https://github.com/hack-edu/hackedu-cli)\n\n# Proficiency\n\nProficiency is calculated for each top level Vulnerability Category. You can see the vulnerability categories on the `/vulnerabilities` route, but the top level categories are:\n\n* Injection\n* Authentication & Access Control\n* Cross Site Scripting (XSS)\n* Request Forgery\n* Other Web Attacks\n* Memory Management\n \n\nYou can see a description of each Proficiency level in the table below:\n\n
ExpertThis user has completed all of the lessons in this vulnerability category and patched them in less time with fewer incorrect patches than average.
AverageThis user has completed most of the lessons in this vulnerability category with an average number of patch attempts.
Needs AttentionThis user either hasn't completed many lessons in this vulnerability category or takes more patch attempts than average to complete lessons.
Not Enough DataWe don't have enough data yet to know how this user is doing in this vulnerability category.
\n\n# Changelog\n\n## May 21, 2021\n\nRenamed \"Mastery\" to \"Proficiency\" across our API Endpoints.\n\n## March 10, 2021\n\nAdded the `issue-sources/types` endpoint.\n\n## February 24, 2021\n\n**Breaking Change on /vulnerabilities**\n\nChanged `/vulnerabilities` from returning a nested map of vulnerabilities by category to a flat list of vulnerabilties with filters. Vulnerabilities can now be filtered by:\n\n* CWE\n* CVE\n* CAPEC\n* Text Search\n* Category Key\n \n\nAdded `/vulnerabilities/:id` endpoint to get vulnerability details.\n\n## January 2, 2021\n\nRemoved \"beta\" tag from version number. Official \"v1\" release.","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":true,"owner":"23921186","collectionId":"ddec4b75-aa88-43d4-b517-8799020592b5","publishedId":"2sB2jAbo71","public":true,"publicUrl":"https://developers.hackedu.com","privateUrl":"https://go.postman.co/documentation/23921186-ddec4b75-aa88-43d4-b517-8799020592b5","customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"documentationLayout":"classic-double-column","customisation":{"metaTags":[{"name":"description","value":""},{"name":"title","value":""}],"appearance":{"default":"light","themes":[{"name":"dark","logo":null,"colors":{"top-bar":"212121","right-sidebar":"303030","highlight":"FF6C37"}},{"name":"light","logo":null,"colors":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"}}]}},"version":"8.10.0","publishDate":"2025-05-12T17:06:41.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{"title":"","description":""},"logos":{"logoLight":null,"logoDark":null}},"statusCode":200},"environments":[],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/25cc91f2cc2ad5a4236fc630b70ffd5766319005b7b3730001ebd4db4ae6edc8","favicon":"https://res.cloudinary.com/postman/image/upload/v1559264543/team/xd7qhl4qesmraaokxzmv.ico"},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"}],"canonicalUrl":"https://developers.hackedu.com/view/metadata/2sB2jAbo71"}