API Keys

Creating a key

From the dashboard

Go to Dashboard > API Keys
Click Create Key
Enter a descriptive name (e.g. "CI/CD Pipeline", "Local Testing")
Copy the key immediately

The full key is only shown once. If you lose it, revoke the key and create a new one.

From the API

Terminal

curl -X POST https://turbopentest.com/api/keys \
  -H "X-API-Key: $TURBOPENTEST_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name": "CI/CD Pipeline"}'

Response:

Response

{
  "id": "uuid",
  "name": "CI/CD Pipeline",
  "prefix": "tp_abc",
  "key": "tp_abc123def456..."
}

Using a key

Pass the key in the X-API-Key header:

Terminal

curl -H "X-API-Key: tp_your_key_here" \
  https://turbopentest.com/api/pentests

Revoking a key

Terminal

curl -X DELETE https://turbopentest.com/api/keys/{id} \
  -H "X-API-Key: $TURBOPENTEST_API_KEY"

Revoked keys cannot be used and will return 401 Unauthorized.

Security best practices

Store keys in CI/CD secrets, not in code
Use descriptive names so you know which key is used where
Rotate keys periodically
Revoke keys that are no longer in use

API Keys

Creating a key

From the dashboard

From the API

Using a key

Revoking a key

Security best practices

On this page