Assets API
Backing the Attack Surface Management dashboard.
GET /assets
List all assets for the current org. Filter by ?asset_type=subdomain.
POST /assets/discover
Kick off a passive discovery job for a root domain.
{ "root_domain": "example.com" }Returns { "status": "queued", "org_id": "...", "root_domain": "..." }
and fires a Celery task.
DELETE /assets/{id}
Remove a discovered asset (e.g. decommissioned).
Asset shape
type Asset = {
id: string;
type: "domain" | "subdomain" | "ip" | "port" | "url" | "cert" | "tech";
value: string;
meta: Record<string, unknown> | null;
first_seen: string;
last_seen: string;
};