Takumi API
The English user guide is currently in beta preview. Most of the documents have been automatically translated from the Japanese version. Should you find any inaccuracies, please reach out to Flatt Security.
Takumi API is an HTTP API that lets you invoke Takumi's features programmatically. You can integrate Takumi into your development lifecycle—for example, by connecting it to your CI/CD pipeline or ticket management system.
What You Can Do with Takumi API
Takumi API currently supports the following features:
| Feature | Notes |
|---|---|
| Whitebox Assessment | "Full Assessment" mode only |
| Blackbox Assessment | "Full Assessment" mode only |
Currently, only the "Full Assessment" mode is supported for whitebox and blackbox assessments. Support for "Scoped Assessment" mode and other features such as Autofix will be added in future updates.
Takumi API lets you trigger assessments on your own schedule and deliver results wherever you need them, seamlessly integrating Takumi into your development lifecycle. Common use cases include scheduled assessments, CI/CD pipeline integration, and automating workflows based on assessment results. For example:
- Automatically run a blackbox assessment after deploying to a staging environment and post the results to Slack
- Periodically run whitebox assessments on a codebase hosted on Bitbucket and automatically create a Jira ticket for each detected vulnerability
Relationship with Web Console Assessments
Takumi API and the web console's "Assessment" feature use the same assessment engine, but assessment data is not shared between them.
Both use the same underlying engine, so accuracy and credit consumption logic are identical.
The data managed by Takumi API and the web console's "Assessment" feature are independent. Workflow results from the API do not appear in the web console's "Assessment" tab, and assessments run through the web console cannot be retrieved via the API. This is because they are built on different design philosophies:
- The web console is designed for easy progress tracking. It manages the end-to-end flow—crawling, selecting features, running inspections—as state transitions within a single "assessment" unit.
- Takumi API is designed for maximum flexibility. It exposes crawling, assessment, and other capabilities as independent workflows, so you can combine them freely without being constrained by the web console's assessment flow.