Welcome to the API testing ground. Explore the endpoints below and see what you can discover.
Hint: I'm sure you can find something with some OSINT powers (hint: creator of challenge)
| Route | Method | Description |
|---|---|---|
| /api/admin | GET | Admin endpoint |
| /api/secret | GET | Secret information |
| /api/user | GET | User data |
| /api/flag | GET | Get the flag |
| /api/creds | GET | Credentials |
| /api/config | GET | Configuration data (no authorisation required) |
Using curl:
curl -H "X-API-Key: YOUR_API_KEY_HERE" https://<your-domain>/api/config