Skip to content

Phisherman API v1 stable

Interact with the Phisherman's service via the Phisherman API.

Using the Phisherman API requires authentication so that we know who is making requests, what permissions you have and how many requests you are making.

If you do not have access to the dashboard, please see our Getting Started page



Requests must be sent over HTTPS with any payload formatted in JSON.


All API endpoints require authentication. Provide your bearer token in the Authorization Bearer Token Header when making requests.


"Authorization": "Bearer 04eff65e-309c-1a2b-cde3-4567f8901gh"

API Permissions

Some API endpoints require additional permissions to be enabled for your account as well as an API token to be sent via headers. You can view your current API permissions on your settings page

Rate Limit

The Phisherman API rate limits requests in order to prevent abuse and overload of our services. All users can make up to 15 requests per 10 seconds to our API.


Exceeding these limits will automatically block subsequent requests for a limited time. Repeated or continual breaches of these limits may result in your API key being revoked.

All applications should make reasonable attempts to avoid making invalid requests. For example:

  • 401 responses are avoided by providing a valid token in the authorization header when required and by stopping further requests after a token becomes invalid
  • 403 responses are avoided by inspecting required permissions and by not making requests that are restricted by such permissions

If you have a very large application that may exceed this limit on a regular or sustained basis, please contact us via ModMail.

HTTP Response Codes

The status of a response can be determined from the HTTP status code.

200OKRequest successful
201CreatedRequest successful, resource was created
202AcceptedRequest successful, resource was created or updated
204No ContentRequest successful, no additional information to return
400Bad RequestRequest was invalid of malformed
401UnauthorizedYou did not supply valid authentication credentials
403ForbiddenYou are not allowed to perform that action
429Too many requestsYour request exceeded the API rate limit
500Internal Server ErrorUnable to perform the request due to server-side problems