Enterprise plan · REST API for programmatic access
All authenticated endpoints require a session cookie (obtained via sign-in) or an API key in the Authorization header:
Authorization: Bearer tc_your_api_key_herehttps://threatcast.io/api/ttx/generateGenerate a new exercise
Auth: Bearer token
{ "theme": "ransomware", "difficulty": "INTERMEDIATE", "questionCount": 12, "language": "en" }/api/ttx/session/{id}Get exercise session details
Auth: Bearer token
/api/ttx/session/{id}/answerSubmit an answer
Auth: Bearer token
{ "questionIndex": 0, "selectedOption": "B" }/api/portal/sessionsList all exercises for your org
Auth: Bearer token
/api/portal/benchmarksGet performance benchmarks
Auth: Bearer token
/api/portal/report?sessionId={id}Generate executive report (HTML)
Auth: Bearer token
/api/portal/certificate?sessionId={id}Generate completion certificate (HTML)
Auth: Bearer token
/api/threat-intelGet threat intelligence events
Auth: None
/api/threat-intelTrigger threat intel scan
Auth: Bearer token
/api/portal/inviteSend team invitations
Auth: Bearer token
{ "emails": ["user@company.com"] }/api/auth/registerRegister new user
Auth: None
{ "email": "...", "password": "...", "firstName": "...", "lastName": "..." }/api/portal/ai-providerGet BYOK AI provider config
Auth: Bearer token (Admin)
/api/portal/ai-providerSave BYOK provider settings (Pro/Enterprise)
Auth: Bearer token (Admin)
{ "provider": "openai", "apiKey": "sk-...", "model": "gpt-4o", "enabled": true }/api/portal/gdpr-exportDownload all personal data (GDPR Article 15)
Auth: Bearer token
/api/portal/delete-accountDelete your account and all data (GDPR Article 17)
Auth: Bearer token
{ "confirmEmail": "user@company.com" }/api/portal/daily-drillGet today's adaptive daily drill
Auth: Bearer token
/api/portal/duelsList duels for your organisation
Auth: Bearer token
/api/portal/duelsCreate a new duel challenge
Auth: Bearer token
{ "theme": "ransomware" }