Escape · Capability
Escape Public API — Profiles
Escape Public API — Profiles. 15 operations. Lead operation: Start an authentication configuration check. Self-contained Naftiko capability covering one Escape business surface.
What You Can Do
POST
Startauthentication
— Start an authentication configuration check
/v1/authentications
GET
Getauthentication
— Get authentication configuration check status
/v1/authentications/{authenticationid}
GET
Listprofiles
— List profiles
/v1/profiles
POST
Createpentestgraphqlprofile
— Create an Automated Pentest GraphQL profile
/v1/profiles/ai-pentesting/graphql
POST
Createpentestrestprofile
— Create an Automated Pentest REST profile
/v1/profiles/ai-pentesting/rest
POST
Createpentestwebappprofile
— Create an Automated Pentest WebApp profile
/v1/profiles/ai-pentesting/webapp
POST
Createdastgraphqlprofile
— Create a DAST GraphQL profile
/v1/profiles/graphql
GET
Problems
— List all scan statuses and problems
/v1/profiles/problems
POST
Createdastrestprofile
— Create a DAST REST profile
/v1/profiles/rest
POST
Createdastwebappprofile
— Create a DAST WebApp profile
/v1/profiles/webapp
GET
Getprofile
— Get a profile
/v1/profiles/{profileid}
PUT
Updateprofile
— Update a profile
/v1/profiles/{profileid}
DELETE
Deleteprofile
— Delete a profile
/v1/profiles/{profileid}
PUT
Updateprofileconfiguration
— Update profile configuration
/v1/profiles/{profileid}/configuration
PUT
Updateprofileschema
— Update profile schema
/v1/profiles/{profileid}/schema
MCP Tools
start-authentication-configuration-check
Start an authentication configuration check
get-authentication-configuration-check-status
Get authentication configuration check status
read-only
idempotent
list-profiles
List profiles
read-only
idempotent
create-automated-pentest-graphql-profile
Create an Automated Pentest GraphQL profile
read-only
create-automated-pentest-rest-profile
Create an Automated Pentest REST profile
read-only
create-automated-pentest-webapp-profile
Create an Automated Pentest WebApp profile
read-only
create-dast-graphql-profile
Create a DAST GraphQL profile
list-all-scan-statuses-and
List all scan statuses and problems
read-only
idempotent
create-dast-rest-profile
Create a DAST REST profile
create-dast-webapp-profile
Create a DAST WebApp profile
get-profile
Get a profile
read-only
idempotent
update-profile
Update a profile
idempotent
delete-profile
Delete a profile
idempotent
update-profile-configuration
Update profile configuration
idempotent
update-profile-schema
Update profile schema
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Escape Public API — Profiles
description: 'Escape Public API — Profiles. 15 operations. Lead operation: Start an authentication configuration check.
Self-contained Naftiko capability covering one Escape business surface.'
tags:
- Escape
- Profiles
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
ESCAPE_API_KEY: ESCAPE_API_KEY
capability:
consumes:
- type: http
namespace: escape-profiles
baseUri: https://public.escape.tech/v3
description: Escape Public API — Profiles business capability. Self-contained, no shared references.
resources:
- name: authentications
path: /authentications
operations:
- name: startauthentication
method: POST
description: Start an authentication configuration check
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: authentications-authenticationId
path: /authentications/{authenticationId}
operations:
- name: getauthentication
method: GET
description: Get authentication configuration check status
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: authenticationId
in: path
type: string
description: Identifier returned by the start endpoint
required: true
- name: profiles
path: /profiles
operations:
- name: listprofiles
method: GET
description: List profiles
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: cursor
in: query
type: string
description: The cursor to start the pagination from. Returned by the previous page response. If not provided, the
first page will be returned.
- name: size
in: query
type: integer
description: The number of items to return per page
- name: sortType
in: query
type: string
description: The type to sort by
- name: sortDirection
in: query
type: string
description: The direction to sort by
- name: assetIds
in: query
type: string
description: Filter by asset IDs
- name: domains
in: query
type: string
description: Filter by domain
- name: issueIds
in: query
type: string
description: Filter by issue IDs
- name: tagIds
in: query
type: string
description: Filter by tag IDs
- name: search
in: query
type: string
description: Search term to filter profiles by name or description
- name: initiators
in: query
type: array
description: Filter by initiator
- name: kinds
in: query
type: array
description: Filter by kind
- name: risks
in: query
type: array
description: Filter by risk
- name: profiles-ai-pentesting-graphql
path: /profiles/ai-pentesting/graphql
operations:
- name: createpentestgraphqlprofile
method: POST
description: Create an Automated Pentest GraphQL profile
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: profiles-ai-pentesting-rest
path: /profiles/ai-pentesting/rest
operations:
- name: createpentestrestprofile
method: POST
description: Create an Automated Pentest REST profile
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: profiles-ai-pentesting-webapp
path: /profiles/ai-pentesting/webapp
operations:
- name: createpentestwebappprofile
method: POST
description: Create an Automated Pentest WebApp profile
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: profiles-graphql
path: /profiles/graphql
operations:
- name: createdastgraphqlprofile
method: POST
description: Create a DAST GraphQL profile
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: profiles-problems
path: /profiles/problems
operations:
- name: problems
method: GET
description: List all scan statuses and problems
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: cursor
in: query
type: string
description: The cursor to start the pagination from. Returned by the previous page response. If not provided, the
first page will be returned.
- name: size
in: query
type: integer
description: The number of items to return per page
- name: sortType
in: query
type: string
description: The type to sort by
- name: sortDirection
in: query
type: string
description: The direction to sort by
- name: assetIds
in: query
type: string
description: Filter by asset IDs
- name: domains
in: query
type: string
description: Filter by domain
- name: issueIds
in: query
type: string
description: Filter by issue IDs
- name: tagIds
in: query
type: string
description: Filter by tag IDs
- name: search
in: query
type: string
description: Search term to filter profiles by name or description
- name: initiators
in: query
type: array
description: Filter by initiator
- name: kinds
in: query
type: array
description: Filter by kind
- name: risks
in: query
type: array
description: Filter by risk
- name: profiles-rest
path: /profiles/rest
operations:
- name: createdastrestprofile
method: POST
description: Create a DAST REST profile
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: profiles-webapp
path: /profiles/webapp
operations:
- name: createdastwebappprofile
method: POST
description: Create a DAST WebApp profile
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: profiles-profileId
path: /profiles/{profileId}
operations:
- name: getprofile
method: GET
description: Get a profile
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: profileId
in: path
type: string
description: The profile ID
required: true
- name: updateprofile
method: PUT
description: Update a profile
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: profileId
in: path
type: string
description: The profile ID
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: deleteprofile
method: DELETE
description: Delete a profile
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: profileId
in: path
type: string
description: The profile ID
required: true
- name: profiles-profileId-configuration
path: /profiles/{profileId}/configuration
operations:
- name: updateprofileconfiguration
method: PUT
description: Update profile configuration
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: profileId
in: path
type: string
description: The profile ID
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: profiles-profileId-schema
path: /profiles/{profileId}/schema
operations:
- name: updateprofileschema
method: PUT
description: Update profile schema
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: profileId
in: path
type: string
description: The profile ID
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: false
authentication:
type: apikey
key: X-ESCAPE-API-KEY
value: '{{env.ESCAPE_API_KEY}}'
placement: header
exposes:
- type: rest
namespace: escape-profiles-rest
port: 8080
description: REST adapter for Escape Public API — Profiles. One Spectral-compliant resource per consumed operation, prefixed
with /v1.
resources:
- path: /v1/authentications
name: authentications
description: REST surface for authentications.
operations:
- method: POST
name: startauthentication
description: Start an authentication configuration check
call: escape-profiles.startauthentication
with:
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/authentications/{authenticationid}
name: authentications-authenticationid
description: REST surface for authentications-authenticationId.
operations:
- method: GET
name: getauthentication
description: Get authentication configuration check status
call: escape-profiles.getauthentication
with:
authenticationId: rest.authenticationId
outputParameters:
- type: object
mapping: $.
- path: /v1/profiles
name: profiles
description: REST surface for profiles.
operations:
- method: GET
name: listprofiles
description: List profiles
call: escape-profiles.listprofiles
with:
cursor: rest.cursor
size: rest.size
sortType: rest.sortType
sortDirection: rest.sortDirection
assetIds: rest.assetIds
domains: rest.domains
issueIds: rest.issueIds
tagIds: rest.tagIds
search: rest.search
initiators: rest.initiators
kinds: rest.kinds
risks: rest.risks
outputParameters:
- type: object
mapping: $.
- path: /v1/profiles/ai-pentesting/graphql
name: profiles-ai-pentesting-graphql
description: REST surface for profiles-ai-pentesting-graphql.
operations:
- method: POST
name: createpentestgraphqlprofile
description: Create an Automated Pentest GraphQL profile
call: escape-profiles.createpentestgraphqlprofile
with:
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/profiles/ai-pentesting/rest
name: profiles-ai-pentesting-rest
description: REST surface for profiles-ai-pentesting-rest.
operations:
- method: POST
name: createpentestrestprofile
description: Create an Automated Pentest REST profile
call: escape-profiles.createpentestrestprofile
with:
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/profiles/ai-pentesting/webapp
name: profiles-ai-pentesting-webapp
description: REST surface for profiles-ai-pentesting-webapp.
operations:
- method: POST
name: createpentestwebappprofile
description: Create an Automated Pentest WebApp profile
call: escape-profiles.createpentestwebappprofile
with:
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/profiles/graphql
name: profiles-graphql
description: REST surface for profiles-graphql.
operations:
- method: POST
name: createdastgraphqlprofile
description: Create a DAST GraphQL profile
call: escape-profiles.createdastgraphqlprofile
with:
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/profiles/problems
name: profiles-problems
description: REST surface for profiles-problems.
operations:
- method: GET
name: problems
description: List all scan statuses and problems
call: escape-profiles.problems
with:
cursor: rest.cursor
size: rest.size
sortType: rest.sortType
sortDirection: rest.sortDirection
assetIds: rest.assetIds
domains: rest.domains
issueIds: rest.issueIds
tagIds: rest.tagIds
search: rest.search
initiators: rest.initiators
kinds: rest.kinds
risks: rest.risks
outputParameters:
- type: object
mapping: $.
- path: /v1/profiles/rest
name: profiles-rest
description: REST surface for profiles-rest.
operations:
- method: POST
name: createdastrestprofile
description: Create a DAST REST profile
call: escape-profiles.createdastrestprofile
with:
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/profiles/webapp
name: profiles-webapp
description: REST surface for profiles-webapp.
operations:
- method: POST
name: createdastwebappprofile
description: Create a DAST WebApp profile
call: escape-profiles.createdastwebappprofile
with:
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/profiles/{profileid}
name: profiles-profileid
description: REST surface for profiles-profileId.
operations:
- method: GET
name: getprofile
description: Get a profile
call: escape-profiles.getprofile
with:
profileId: rest.profileId
outputParameters:
- type: object
mapping: $.
- method: PUT
name: updateprofile
description: Update a profile
call: escape-profiles.updateprofile
with:
profileId: rest.profileId
body: rest.body
outputParameters:
- type: object
mapping: $.
- method: DELETE
name: deleteprofile
description: Delete a profile
call: escape-profiles.deleteprofile
with:
profileId: rest.profileId
outputParameters:
- type: object
mapping: $.
- path: /v1/profiles/{profileid}/configuration
name: profiles-profileid-configuration
description: REST surface for profiles-profileId-configuration.
operations:
- method: PUT
name: updateprofileconfiguration
description: Update profile configuration
call: escape-profiles.updateprofileconfiguration
with:
profileId: rest.profileId
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/profiles/{profileid}/schema
name: profiles-profileid-schema
description: REST surface for profiles-profileId-schema.
operations:
- method: PUT
name: updateprofileschema
description: Update profile schema
call: escape-profiles.updateprofileschema
with:
profileId: rest.profileId
body: rest.body
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: escape-profiles-mcp
port: 9090
transport: http
description: MCP adapter for Escape Public API — Profiles. One tool per consumed operation, routed inline through this
capability's consumes block.
tools:
- name: start-authentication-configuration-check
description: Start an authentication configuration check
hints:
readOnly: false
destructive: false
idempotent: false
call: escape-profiles.startauthentication
with:
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: get-authentication-configuration-check-status
description: Get authentication configuration check status
hints:
readOnly: true
destructive: false
idempotent: true
call: escape-profiles.getauthentication
with:
authenticationId: tools.authenticationId
outputParameters:
- type: object
mapping: $.
- name: list-profiles
description: List profiles
hints:
readOnly: true
destructive: false
idempotent: true
call: escape-profiles.listprofiles
with:
cursor: tools.cursor
size: tools.size
sortType: tools.sortType
sortDirection: tools.sortDirection
assetIds: tools.assetIds
domains: tools.domains
issueIds: tools.issueIds
tagIds: tools.tagIds
search: tools.search
initiators: tools.initiators
kinds: tools.kinds
risks: tools.risks
outputParameters:
- type: object
mapping: $.
- name: create-automated-pentest-graphql-profile
description: Create an Automated Pentest GraphQL profile
hints:
readOnly: true
destructive: false
idempotent: false
call: escape-profiles.createpentestgraphqlprofile
with:
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: create-automated-pentest-rest-profile
description: Create an Automated Pentest REST profile
hints:
readOnly: true
destructive: false
idempotent: false
call: escape-profiles.createpentestrestprofile
with:
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: create-automated-pentest-webapp-profile
description: Create an Automated Pentest WebApp profile
hints:
readOnly: true
destructive: false
idempotent: false
call: escape-profiles.createpentestwebappprofile
with:
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: create-dast-graphql-profile
description: Create a DAST GraphQL profile
hints:
readOnly: false
destructive: false
idempotent: false
call: escape-profiles.createdastgraphqlprofile
with:
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: list-all-scan-statuses-and
description: List all scan statuses and problems
hints:
readOnly: true
destructive: false
idempotent: true
call: escape-profiles.problems
with:
cursor: tools.cursor
size: tools.size
sortType: tools.sortType
sortDirection: tools.sortDirection
assetIds: tools.assetIds
domains: tools.domains
issueIds: tools.issueIds
tagIds: tools.tagIds
search: tools.search
initiators: tools.initiators
kinds: tools.kinds
risks: tools.risks
outputParameters:
- type: object
mapping: $.
- name: create-dast-rest-profile
description: Create a DAST REST profile
hints:
readOnly: false
destructive: false
idempotent: false
call: escape-profiles.createdastrestprofile
with:
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: create-dast-webapp-profile
description: Create a DAST WebApp profile
hints:
readOnly: false
destructive: false
idempotent: false
call: escape-profiles.createdastwebappprofile
with:
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: get-profile
description: Get a profile
hints:
readOnly: true
destructive: false
idempotent: true
call: escape-profiles.getprofile
with:
profileId: tools.profileId
outputParameters:
- type: object
mapping: $.
- name: update-profile
description: Update a profile
hints:
readOnly: false
destructive: false
idempotent: true
call: escape-profiles.updateprofile
with:
profileId: tools.profileId
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: delete-profile
description: Delete a profile
hints:
readOnly: false
destructive: true
idempotent: true
call: escape-profiles.deleteprofile
with:
profileId: tools.profileId
outputParameters:
- type: object
mapping: $.
- name: update-profile-configuration
description: Update profile configuration
hints:
readOnly: false
destructive: false
idempotent: true
call: escape-profiles.updateprofileconfiguration
with:
profileId: tools.profileId
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: update-profile-schema
description: Update profile schema
hints:
readOnly: false
destructive: false
idempotent: true
call: escape-profiles.updateprofileschema
with:
profileId: tools.profileId
body: tools.body
outputParameters:
- type: object
mapping: $.