PDCP API

naftiko: 1.0.0-alpha2
info:
  label: PDCP API
  description: 'PDCP API. 31 operations. Lead operation: List Misconfiguration Findings. Self-contained Naftiko capability
    covering one Nuclei business surface.'
  tags:
  - Nuclei
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    NUCLEI_API_KEY: NUCLEI_API_KEY
capability:
  consumes:
  - type: http
    namespace: nuclei-general
    baseUri: https://api.projectdiscovery.io
    description: PDCP API business capability. Self-contained, no shared references.
    resources:
    - name: v1-asset-enumerate-misconfiguration
      path: /v1/asset/enumerate/misconfiguration
      operations:
      - name: getv1assetenumeratemisconfiguration
        method: GET
        description: List Misconfiguration Findings
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: X-Team-Id
          in: header
          type: string
          description: 'Retrieve the Team ID from: https://cloud.projectdiscovery.io/settings/team'
        - name: limit
          in: query
          type: integer
          description: The numbers of items to return
        - name: offset
          in: query
          type: integer
          description: The number of items to skip before starting to collect the result set
        - name: search
          in: query
          type: string
          description: Case-insensitive substring search on the host field
        - name: finding_type
          in: query
          type: string
          description: Filter by finding type
    - name: v1-asset-enumerate-enumerate_id-config
      path: /v1/asset/enumerate/{enumerate_id}/config
      operations:
      - name: patchv1assetenumerateenumerateidconfig
        method: PATCH
        description: Update enumeration config
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: update_type
          in: query
          type: string
          description: default mode is append
        - name: X-Team-Id
          in: header
          type: string
          description: 'Retrieve the Team ID from: https://cloud.projectdiscovery.io/settings/team'
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: v1-asset-enumerate-enumerate_id-history
      path: /v1/asset/enumerate/{enumerate_id}/history
      operations:
      - name: getv1assetenumerateenumerateidhistory
        method: GET
        description: Get asset enumeration history data
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: offset
          in: query
          type: integer
          description: The number of items to skip before starting to collect the result set
        - name: limit
          in: query
          type: integer
          description: The numbers of items to return
        - name: start_date
          in: query
          type: string
          description: time filter start date
        - name: time_range
          in: query
          type: string
        - name: end_date
          in: query
          type: string
          description: time filter end date
        - name: X-Team-Id
          in: header
          type: string
          description: 'Retrieve the Team ID from: https://cloud.projectdiscovery.io/settings/team'
    - name: v1-asset-policy
      path: /v1/asset/policy
      operations:
      - name: getv1assetpolicy
        method: GET
        description: List asset policies
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: limit
          in: query
          type: integer
          description: Number of items to return
        - name: offset
          in: query
          type: integer
          description: Number of items to skip
      - name: postv1assetpolicy
        method: POST
        description: Create asset policy
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: v1-asset-policy-suggestion
      path: /v1/asset/policy/suggestion
      operations:
      - name: getv1assetpolicysuggestion
        method: GET
        description: Get asset policy suggestions
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: enumeration_id
          in: query
          type: string
          description: Optional enumeration ID to scope suggestions
        - name: limit
          in: query
          type: integer
          description: Maximum suggestions per category
        - name: threshold
          in: query
          type: number
          description: Minimum percentage threshold for anomaly detection
    - name: v1-asset-policy-policy_id
      path: /v1/asset/policy/{policy_id}
      operations:
      - name: getv1assetpolicypolicyid
        method: GET
        description: Get asset policy
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: patchv1assetpolicypolicyid
        method: PATCH
        description: Update asset policy
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: update_type
          in: query
          type: string
          description: 'Update strategy. `append` (default) merges new values with existing ones. `replace` overwrites the
            entire policy — all required fields for the policy type must '
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: deletev1assetpolicypolicyid
        method: DELETE
        description: Delete asset policy
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: v1-asset-policy-policy_id-events
      path: /v1/asset/policy/{policy_id}/events
      operations:
      - name: getv1assetpolicypolicyidevents
        method: GET
        description: Get asset policy events
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: limit
          in: query
          type: integer
          description: 'Maximum results per page (default: 50, max: 100)'
        - name: offset
          in: query
          type: integer
          description: Number of items to skip for pagination
    - name: v1-leaks
      path: /v1/leaks
      operations:
      - name: getv1leaks
        method: GET
        description: Get all leaked credentials
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: type
          in: query
          type: string
          description: Filter by specific leak type (single value only)
        - name: domain
          in: query
          type: string
          description: Filter leaks by specific domain (applies to employee/customer leaks)
        - name: email
          in: query
          type: string
          description: Filter leaks by specific email (can be personal, employee, or customer email from user's authorized
            results)
        - name: search
          in: query
          type: string
          description: Search query to filter results across all fields
        - name: limit
          in: query
          type: number
          description: Number of results per page for pagination
        - name: page_number
          in: query
          type: number
          description: Page number for pagination (starts from 1)
        - name: start_date
          in: query
          type: string
          description: time filter start date
        - name: time_range
          in: query
          type: string
        - name: end_date
          in: query
          type: string
          description: time filter end date
        - name: sort_by
          in: query
          type: string
          description: supported sort fields
        - name: sort_order
          in: query
          type: string
          description: supported sort order (asc or desc)
        - name: status
          in: query
          type: string
          description: supported status (fixed or open)
        - name: group_by
          in: query
          type: string
          description: Group results by field - returns group summaries when used without field-specific filtering
        - name: url
          in: query
          type: string
          description: Filter by specific URL (used with group_by for drill-down)
        - name: country
          in: query
          type: string
          description: Filter by specific country (used with group_by for drill-down)
        - name: device_ip
          in: query
          type: string
          description: Filter by specific device IP (used with group_by for drill-down)
        - name: hostname
          in: query
          type: string
          description: Filter by specific hostname (used with group_by for drill-down)
        - name: hardware_id
          in: query
          type: string
          description: Filter by specific hardware ID (used with group_by for drill-down)
    - name: v1-payment-stripe-invoices
      path: /v1/payment/stripe/invoices
      operations:
      - name: getv1paymentstripeinvoices
        method: GET
        description: Get a list of invoices for a customer
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: v1-scans-scan_id-error_stats
      path: /v1/scans/{scan_id}/error_stats
      operations:
      - name: getscansiderrorstats
        method: GET
        description: Get error statistics of given scan id
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: v1-team-audit_log
      path: /v1/team/audit_log
      operations:
      - name: getv1auditlog
        method: GET
        description: Get audit logs for team
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: email
          in: query
          type: string
          description: filter by specific user
        - name: action
          in: query
          type: string
          description: filter by specific action name
        - name: offset
          in: query
          type: integer
          description: number of rows to skip
        - name: limit
          in: query
          type: integer
          description: number of rows to get
        - name: start_date
          in: query
          type: string
          description: start date from which you want to get logs
        - name: end_date
          in: query
          type: string
          description: end date till which you want to get logs
        - name: time_range
          in: query
          type: string
          description: time range to get logs
        - name: source
          in: query
          type: string
          description: filter by request source (api, platform, unknown)
        - name: X-Team-Id
          in: header
          type: string
          description: 'Retrieve the Team ID from: https://cloud.projectdiscovery.io/settings/team'
    - name: v1-team-audit_log-search
      path: /v1/team/audit_log/search
      operations:
      - name: getv1teamauditlogsearch
        method: GET
        description: Smart search across audit logs
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: q
          in: query
          type: string
          description: 'Search query. Automatically detects search intent:'
          required: true
        - name: offset
          in: query
          type: integer
          description: number of rows to skip
        - name: limit
          in: query
          type: integer
          description: number of rows to get (max 100)
        - name: X-Team-Id
          in: header
          type: string
          description: '''Retrieve the Team ID from: https://cloud.projectdiscovery.io/settings/team'''
          required: true
    - name: v1-template-leaderboard-name
      path: /v1/template/leaderboard/{name}
      operations:
      - name: getv1templateleaderboardid
        method: GET
        description: Get Leaderboard ID Details
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: fields
          in: query
          type: array
          description: List of fields to return(comma separated)
        - name: limit
          in: query
          type: integer
          description: The numbers of items to return
        - name: offset
          in: query
          type: integer
          description: The numbers of items to skip
    - name: v1-template-share-template_id
      path: /v1/template/share/{template_id}
      operations:
      - name: patchv1templatesharetemplateid
        method: PATCH
        description: Update Shared Template
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: deletev1templatesharetemplateid
        method: DELETE
        description: Unshare/Delete template
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: v1-user-domain-verification-request
      path: /v1/user/domain-verification/request
      operations:
      - name: deletev1userdomainverificationrequest
        method: DELETE
        description: Request Domain Delete
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: X-Team-Id
          in: header
          type: string
          description: 'Retrieve the Team ID from: https://cloud.projectdiscovery.io/settings/team'
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: v1-vulns-coverage
      path: /v1/vulns/coverage
      operations:
      - name: getv1vulnscoverage
        method: GET
        description: Get Vulnerability Template Coverage Statistics
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: q
          in: query
          type: string
          description: SearchQL query to filter vulnerabilities (e.g., "severity:critical", "affected_products.product:wordpress")
        - name: term_facets
          in: query
          type: array
          description: List of term facets to apply
        - name: range_facets
          in: query
          type: array
          description: List of range facets to apply
    - name: v2-template
      path: /v2/template
      operations:
      - name: getv2template
        method: GET
        description: Your GET endpoint
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: X-Team-Id
          in: header
          type: string
          description: 'Retrieve the Team ID from: https://cloud.projectdiscovery.io/settings/team'
        - name: scope
          in: query
          type: string
        - name: limit
          in: query
          type: integer
        - name: offset
          in: query
          type: integer
        - name: fields
          in: query
          type: array
          description: List of fields to return(comma separated)
        - name: sort_desc
          in: query
          type: string
        - name: sort_asc
          in: query
          type: string
        - name: template-ids
          in: query
          type: array
        - name: id
          in: query
          type: array
        - name: exclude-id
          in: query
          type: array
        - name: tags
          in: query
          type: array
        - name: include-tags
          in: query
          type: array
        - name: exclude-tags
          in: query
          type: array
        - name: severity
          in: query
          type: array
        - name: exclude-severity
          in: query
          type: array
        - name: type
          in: query
          type: array
        - name: exclude-type
          in: query
          type: array
        - name: templates
          in: query
          type: array
        - name: exclude-templates
          in: query
          type: array
        - name: profile_name
          in: query
          type: string
        - name: is_new
          in: query
          type: boolean
        - name: is_early
          in: query
          type: boolean
        - name: is_github
          in: query
          type: boolean
        - name: is_draft
          in: query
          type: boolean
    - name: v2-template-user-upload
      path: /v2/template/user/upload
      operations:
      - name: postv2templateuserupload
        method: POST
        description: Upload Templates
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: patchv2templateuserupload
        method: PATCH
        description: Bulk Update User Template
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: v2-vulnerability-filters
      path: /v2/vulnerability/filters
      operations:
      - name: getv2vulnerabilityfilters
        method: GET
        description: Get All Filters for Vulnerabilities
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: v2-vulnerability-product-filters
      path: /v2/vulnerability/product/filters
      operations:
      - name: getv2productfilters
        method: GET
        description: Get All Filters for Products
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: v2-vulnerability-product-search
      path: /v2/vulnerability/product/search
      operations:
      - name: getv2productsearch
        method: GET
        description: Search Products
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: limit
          in: query
          type: integer
          description: The numbers of items to return
        - name: offset
          in: query
          type: integer
          description: The numbers of items to skip
        - name: sort_asc
          in: query
          type: string
          description: Sort results in ascending order (CSV field names)
        - name: sort_desc
          in: query
          type: string
          description: Sort results in descending order (CSV field names)
        - name: fields
          in: query
          type: array
          description: List of fields to return(comma separated)
        - name: term_facets
          in: query
          type: array
          description: List of fields to return(comma separated)
        - name: range_facets
          in: query
          type: array
          description: List of fields to return(comma separated)
        - name: q
          in: query
          type: string
          description: query
        - name: highlight
          in: query
          type: boolean
          description: Whether to highlight the search results
        - name: facet_size
          in: query
          type: integer
          description: Number of facets to return
    - name: v2-vulnerability-product-id
      path: /v2/vulnerability/product/{id}
      operations:
      - name: getproductbyid
        method: GET
        description: Get Product by ID
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: fields
          in: query
          type: string
          description: product data fields
    - name: v2-vulnerability-product-id-timeline
      path: /v2/vulnerability/product/{id}/timeline
      operations:
      - name: getproducttimeline
        method: GET
        description: Get Vulnerability Timeline for Product
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: limit
          in: query
          type: integer
          description: The numbers of items to return
        - name: offset
          in: query
          type: integer
          description: The numbers of items to skip
        - name: sort_asc
          in: query
          type: string
          description: Sort results in ascending order (CSV field names)
        - name: sort_desc
          in: query
          type: string
          description: Sort results in descending order (CSV field names)
        - name: fields
          in: query
          type: array
          description: List of fields to return(comma separated)
        - name: term_facets
          in: query
          type: array
          description: List of fields to return(comma separated)
        - name: range_facets
          in: query
          type: array
          description: List of fields to return(comma separated)
        - name: q
          in: query
          type: string
          description: query
        - name: highlight
          in: query
          type: boolean
          description: Whether to highlight the search results
        - name: facet_size
          in: query
          type: integer
          description: Number of facets to return
    - name: v2-vulnerability-product-id-vulns
      path: /v2/vulnerability/product/{id}/vulns
      operations:
      - name: getproductvulns
        method: GET
        description: Get Vulnerabilities for Product
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: limit
          in: query
          type: integer
          description: The numbers of items to return
        - name: offset
          in: query
          type: integer
          description: The numbers of items to skip
        - name: sort_asc
          in: query
          type: string
          description: Sort results in ascending order (CSV field names)
        - name: sort_desc
          in: query
          type: string
          description: Sort results in descending order (CSV field names)
        - name: fields
          in: query
          type: array
          description: List of fields to return(comma separated)
        - name: term_facets
          in: query
          type: array
          description: List of fields to return(comma separated)
        - name: range_facets
          in: query
          type: array
          description: List of fields to return(comma separated)
        - name: q
          in: query
          type: string
          description: query
        - name: highlight
          in: query
          type: boolean
          description: Whether to highlight the search results
        - name: facet_size
          in: query
          type: integer
          description: Number of facets to return
    - name: v2-vulnerability-search
      path: /v2/vulnerability/search
      operations:
      - name: getv2vulnerabilitysearch
        method: GET
        description: Full Text Search
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: limit
          in: query
          type: integer
          description: The numbers of items to return
        - name: offset
          in: query
          type: integer
          description: The numbers of items to skip
        - name: sort_asc
          in: query
          type: string
          description: Sort results in ascending order (CSV field names)
        - name: sort_desc
          in: query
          type: string
          description: Sort results in descending order (CSV field names)
        - name: fields
          in: query
          type: array
          description: List of fields to return(comma separated)
        - name: term_facets
          in: query
          type: array
          description: List of fields to return(comma separated)
        - name: range_facets
          in: query
          type: array
          description: List of fields to return(comma separated)
        - name: q
          in: query
          type: string
          description: query
        - name: highlight
          in: query
          type: boolean
          description: Whether to highlight the search results
        - name: facet_size
          in: query
          type: integer
          description: Number of facets to return
    - name: v2-vulnerability-id
      path: /v2/vulnerability/{id}
      operations:
      - name: getvulnerabilitybyid
        method: GET
        description: Get Vulnerability by ID
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: fields
          in: query
          type: string
          description: template data fields
    authentication:
      type: apikey
      key: X-API-Key
      value: '{{env.NUCLEI_API_KEY}}'
      placement: header
  exposes:
  - type: rest
    namespace: nuclei-general-rest
    port: 8080
    description: REST adapter for PDCP API. One Spectral-compliant resource per consumed operation, prefixed with /v1.
    resources:
    - path: /v1/v1/asset/enumerate/misconfiguration
      name: v1-asset-enumerate-misconfiguration
      description: REST surface for v1-asset-enumerate-misconfiguration.
      operations:
      - method: GET
        name: getv1assetenumeratemisconfiguration
        description: List Misconfiguration Findings
        call: nuclei-general.getv1assetenumeratemisconfiguration
        with:
          X-Team-Id: rest.X-Team-Id
          limit: rest.limit
          offset: rest.offset
          search: rest.search
          finding_type: rest.finding_type
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v1/asset/enumerate/{enumerate-id}/config
      name: v1-asset-enumerate-enumerate-id-config
      description: REST surface for v1-asset-enumerate-enumerate_id-config.
      operations:
      - method: PATCH
        name: patchv1assetenumerateenumerateidconfig
        description: Update enumeration config
        call: nuclei-general.patchv1assetenumerateenumerateidconfig
        with:
          update_type: rest.update_type
          X-Team-Id: rest.X-Team-Id
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v1/asset/enumerate/{enumerate-id}/history
      name: v1-asset-enumerate-enumerate-id-history
      description: REST surface for v1-asset-enumerate-enumerate_id-history.
      operations:
      - method: GET
        name: getv1assetenumerateenumerateidhistory
        description: Get asset enumeration history data
        call: nuclei-general.getv1assetenumerateenumerateidhistory
        with:
          offset: rest.offset
          limit: rest.limit
          start_date: rest.start_date
          time_range: rest.time_range
          end_date: rest.end_date
          X-Team-Id: rest.X-Team-Id
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v1/asset/policy
      name: v1-asset-policy
      description: REST surface for v1-asset-policy.
      operations:
      - method: GET
        name: getv1assetpolicy
        description: List asset policies
        call: nuclei-general.getv1assetpolicy
        with:
          limit: rest.limit
          offset: rest.offset
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: postv1assetpolicy
        description: Create asset policy
        call: nuclei-general.postv1assetpolicy
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v1/asset/policy/suggestion
      name: v1-asset-policy-suggestion
      description: REST surface for v1-asset-policy-suggestion.
      operations:
      - method: GET
        name: getv1assetpolicysuggestion
        description: Get asset policy suggestions
        call: nuclei-general.getv1assetpolicysuggestion
        with:
          enumeration_id: rest.enumeration_id
          limit: rest.limit
          threshold: rest.threshold
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v1/asset/policy/{policy-id}
      name: v1-asset-policy-policy-id
      description: REST surface for v1-asset-policy-policy_id.
      operations:
      - method: GET
        name: getv1assetpolicypolicyid
        description: Get asset policy
        call: nuclei-general.getv1assetpolicypolicyid
        outputParameters:
        - type: object
          mapping: $.
      - method: PATCH
        name: patchv1assetpolicypolicyid
        description: Update asset policy
        call: nuclei-general.patchv1assetpolicypolicyid
        with:
          update_type: rest.update_type
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: deletev1assetpolicypolicyid
        description: Delete asset policy
        call: nuclei-general.deletev1assetpolicypolicyid
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v1/asset/policy/{policy-id}/events
      name: v1-asset-policy-policy-id-events
      description: REST surface for v1-asset-policy-policy_id-events.
      operations:
      - method: GET
        name: getv1assetpolicypolicyidevents
        description: Get asset policy events
        call: nuclei-general.getv1assetpolicypolicyidevents
        with:
          limit: rest.limit
          offset: rest.offset
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v1/leaks
      name: v1-leaks
      description: REST surface for v1-leaks.
      operations:
      - method: GET
        name: getv1leaks
        description: Get all leaked credentials
        call: nuclei-general.getv1leaks
        with:
          type: rest.type
          domain: rest.domain
          email: rest.email
          search: rest.search
          limit: rest.limit
          page_number: rest.page_number
          start_date: rest.start_date
          time_range: rest.time_range
          end_date: rest.end_date
          sort_by: rest.sort_by
          sort_order: rest.sort_order
          status: rest.status
          group_by: rest.group_by
          url: rest.url
          country: rest.country
          device_ip: rest.device_ip
          hostname: rest.hostname
          hardware_id: rest.hardware_id
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v

# --- truncated at 32 KB (55 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/nuclei/refs/heads/main/capabilities/nuclei-general.yaml