arrow-left Back to Announcements
DATE:
AUTHOR:
CyberCloud Team
RELATED ROADMAP ITEMS:
#PP-426 External quote integration & pentest management
#PP-27 - Import customers
PentestPortal.io

Release 16 September 2025

DATE:
AUTHOR: CyberCloud Team
RELATED ROADMAP ITEMS: #PP-426 External quote integration & pentest management , #PP-27 - Import customers

We're excited to introduce a long-awaited milestone in this release: the first public-facing API capabilities for trusted instance users. This includes fully documented endpoints, personal API keys, and secure controls - all built as a foundation for future automation and integration of PentestPortal with your own systems.

Features

#PP-499 – API Key Management & Documentation (EPIC)

PentestPortal now supports programmatic (API) access for PentestPortal users, with an emphasis on security, transparency, and control.

Key features:

  • Per-user API keys with secure generation, rotation, and view-once behavior

  • Key-scoped permissions — each key inherits the exact rights of the creator

  • IP whitelisting for restricting usage to specific networks

  • First version of public API documentation available at /application/api/docs

    • Accessible only when logged in as Instance Owner

    • Powered by OpenAPI

    • Includes examples, headers, and live endpoint structure

    • Use via header: Authorization: apikey <your-key>

Currently supported endpoints include:

  • GET /reseller

  • GET/POST/PATCH /customer

  • GET/POST/DELETE /contactPerson

This is just the beginning. More endpoints, instance-level API keys, and write capabilities are coming in future releases.

Other feature enhancements

  • #PP-480 – Concept finding warning in PDF Export
    Added a dialog warning when generating reports that include “Concept” status findings. Checkbox to include them is now default-enabled for transparency.

  • #PP-490 – Copy button for compliance notes
    A new "Copy" button is now available in ASVS compliance modals, even for closed assessments — making it easier to reuse and share notes.

  • #PP-458 – Offorte.com signed date now synced properly
    Integrated the newly exposed date_won field from Offorte into PentestPortal's quote syncing. This ensures accurate invoice timestamps based on actual signature date.

Bug Fixes

  • #PP-502 – Reseller contact unable to add customers
    Resolved a permission bug where reseller users couldn’t create new customers, preventing them from launching CyberScans.

We believe that PentestPortal will greatly enhance the experience of individual penetration testers, penetration testing firms and enterprises conducting their own pentests and that PentestPortal contributes to more efficient and effective penetration testing. Your feedback is invaluable in helping us improve and tailor the software to meet your needs.

Thank you for choosing our software, and we look forward to hearing your thoughts on this exciting new release!

Powered by LaunchNotes