Overview
The Lupasafe Reporting API gives you programmatic access to your cybersecurity data — training results, phishing campaign outcomes, domain security scores, and scanned assets. Use it to build custom dashboards, feed data into your PSA (e.g. Autotask), or automate compliance reporting.
Base URL: https://portal.lupasafe.com
API Documentation (Swagger): backend.lupasafe.com/reporting/index.html
Authentication
All requests require an X-Api-Key header. API keys start with ls_ and are scoped to your account.
X-Api-Key: ls_your_api_key_hereWhere to find your key: Go to Settings > Integrations > Reporting API Keys in the Lupasafe portal to generate or manage your keys.
Key types:
- Client key — returns data for a single organisation
- MSP key — returns data across all clients under your MSP account
Available Endpoints
The Lupasafe Reporting API exposes four main endpoint groups:
- Training Results — training completion data per employee and campaign
- Phishing Results — individual and aggregated phishing simulation data
- Domain Security — DKIM, DMARC, and SPF scores per domain
- Assets — scanned domains and network devices with risk scoring
See the individual endpoint articles in this folder for full details, parameters, and example responses.
Pagination
All list endpoints return paginated results:
{
"total": 54,
"limit": 50,
"offset": 0,
"data": [...]
}To retrieve all records, increment offset by limit until offset >= total.
Error Handling
| HTTP Code | Meaning |
|---|---|
| 200 | Success |
| 400 | Bad request — check parameter format |
| 401 | Unauthorised — invalid or missing API key |
| 404 | Endpoint not found |
| 405 | Method not allowed — only GET is supported |
| 500 | Server error — contact support |
Date format errors return a helpful message:
{"error": "from_date must be in yyyy-MM-dd format (ISO 8601), e.g. \"2025-01-01\"."}Rate Limits
There are currently no strict rate limits. We recommend keeping requests below 60 per minute per API key to ensure optimal performance.
Common Use Cases
Feed data into Autotask: Use the phishing and training endpoints to pull results into your PSA for automated client reporting. Combine with Lupasafe's built-in Autotask ticket integration for a complete workflow.
Build a Power BI dashboard: Pull training completion rates, phishing click rates, and domain scores into Power BI for executive-level reporting across all clients.
Compliance evidence for NIS2: Training and phishing data serves as audit evidence for NIS2 control 2.2 (employee education). Export results to demonstrate compliance to auditors.
Automate monthly client reports: Combine API data with your own templates to generate custom reports per client. Or use Lupasafe's built-in automated PDF reports (Settings > Reports) for zero-effort monthly branded reports.
Need Help?
Swagger documentation: backend.lupasafe.com/reporting/index.html