API Reference

The WithGiga API gives you full programmatic control of security audits, findings, reports, and the underlying cloud computer infrastructure. Base URL 
https://api.withgiga.ai

Authentication

Every request requires an API key in the Authorization header: 
Authorization: Bearer giga_sk_YOUR_KEY
Generate a key from Profile → API Keys in the dashboard, or via POST /api/keys. See Authentication for details.

Security audits

The primary product surface — programmatic offensive engagements.
ResourceDescription
AuditsLaunch and retrieve security audits
WorkspacesTarget containers and engagement history
SubdomainsStandalone passive OSINT enumeration
Scheduled AuditsCron-based recurring audits

Cloud computers

Lower-level computer-use API. Powers audits internally and is available for custom automations.
ResourceDescription
DeploymentsCloud computer instances
Sessions & RunsAI agent conversations and executions
SandboxSandbox lifetime management
FilesSync files to and from sandboxes

Account

ResourceDescription
API KeysManage your API credentials
BillingPlans, credits, subscription
ErrorsFull error code reference

Response envelope

All successful responses use this shape: 
{
  "success": true,
  "data": { ... }
}

Error format

All non-2xx responses use a consistent error envelope: 
{
  "error": {
    "code": "ERROR_CODE",
    "message": "Human-readable explanation",
    "hint": "Optional remediation guidance",
    "requestId": "uuid-for-support"
  }
}
See Errors for the full code reference.

Rate limits

  • 60 requests/minute per API key
  • Throttled requests return HTTP 429 with Retry-After and X-RateLimit-Remaining headers
  • Use exponential backoff in automated clients

Versioning

The API is currently unversioned. Breaking changes will be announced with a migration period via Discord and email.