PhishFortress
    Features

    Phishing Simulation

    Test employee awareness with realistic phishing campaigns

    Security Training

    Interactive modules to educate your team

    Threat Detection

    AI-powered detection of sophisticated phishing attempts

    Incident Response

    Automated workflows to contain and remediate threats

    Solutions

    Financial Services

    Protect sensitive financial data and customer trust

    Healthcare

    Secure patient data and medical systems

    Government

    Defend critical infrastructure and sensitive data

    Education

    Protect student data and research

    Enterprise

    Comprehensive protection for large organizations

    Pricing
    Resources

    Blog

    Latest insights on phishing and security

    Documentation

    Detailed guides and API references

    Webinars

    Educational sessions with security experts

    Case Studies

    Success stories from our customers

    About
    Sign inSign up free
    PhishFortress

    Protecting organizations from sophisticated phishing attacks with AI-powered detection, simulation, and response capabilities.

    Product

    • Features
    • Pricing
    • Security
    • Enterprise
    • Customer Stories

    Resources

    • Documentation
    • Guides
    • API Reference
    • Blog
    • Community

    Company

    • About Us
    • Careers
    • Contact
    • Partners

    © 2026 PhishFortress. All rights reserved.

    Privacy PolicyTerms of ServiceCookie PolicyData Processing Agreement

    API Authentication

    v1.0

    Learn how to authenticate with the PhishFortress API and manage API keys

    Overview

    PhishFortress provides a RESTful API that allows you to programmatically interact with the platform. All API requests must be authenticated using one of the supported authentication methods.

    Base URL
    All API endpoints are relative to https://api.phishfortress.com/v1

    Authentication Methods

    PhishFortress supports two authentication methods:

    API Key Authentication

    API keys provide a simple way to authenticate with the PhishFortress API. Each API key is associated with a specific user account and has defined permissions.

    HTTP Header

    X-API-Key: your_api_key_here

    cURL Example

    curl -X GET "https://api.phishfortress.com/v1/campaigns" -H "X-API-Key: your_api_key_here"
    Security Warning
    Never share your API keys or commit them to version control. Treat API keys like passwords.

    API Key Management

    You can create and manage API keys through the PhishFortress web interface:

    Creating an API Key

    1. Log in to your PhishFortress account
    2. Navigate to Settings > API Keys
    3. Click "Create New API Key"
    4. Enter a descriptive name for the key
    5. Select the permissions you want to grant to this key
    6. Optionally, set an expiration date
    7. Click "Generate API Key"
    8. Copy and securely store your API key (it will only be shown once)

    Revoking an API Key

    1. Log in to your PhishFortress account
    2. Navigate to Settings > API Keys
    3. Find the API key you want to revoke
    4. Click the "Revoke" button
    5. Confirm the action

    Note: Once revoked, an API key cannot be restored. You will need to create a new key if needed.

    API Permissions

    API keys can be granted specific permissions to limit their access to certain resources:

    PermissionDescriptionEndpoints
    campaigns:readView campaign informationGET /campaigns
    GET /campaigns/{id}
    campaigns:writeCreate and modify campaignsPOST /campaigns
    PUT /campaigns/{id}
    DELETE /campaigns/{id}
    users:readView user informationGET /users
    GET /users/{id}
    users:writeCreate and modify usersPOST /users
    PUT /users/{id}
    DELETE /users/{id}
    reports:readAccess report dataGET /reports
    GET /reports/{id}
    templates:readView phishing templatesGET /templates
    GET /templates/{id}
    templates:writeCreate and modify templatesPOST /templates
    PUT /templates/{id}
    DELETE /templates/{id}

    Rate Limits

    To ensure the stability and performance of the API, PhishFortress implements rate limiting:

    Default Rate Limits

    • Standard Plan: 60 requests per minute
    • Professional Plan: 120 requests per minute
    • Enterprise Plan: 300 requests per minute

    Rate Limit Headers

    The API includes rate limit information in the response headers:

    • X-RateLimit-Limit: Maximum number of requests allowed per minute
    • X-RateLimit-Remaining: Number of requests remaining in the current window
    • X-RateLimit-Reset: Time in seconds until the rate limit resets

    Rate Limit Exceeded

    When you exceed the rate limit, the API will respond with:

    • HTTP Status Code: 429 Too Many Requests
    • Response body containing an error message and retry information
    {
  "error": "rate_limit_exceeded",
  "message": "Rate limit exceeded. Please try again later.",
  "retry_after": 30
}
    Best Practice
    Implement exponential backoff and respect the retry_after value when handling rate limit errors.
    Campaigns API