Documentation to build on the Passmarked platform


This document detail how authentication works within the Passmarked API. The service itself is open to everyone with users only having to log in to run a bigger number of tests and a crawl of an entire website.


To authenticate with the API, a token is used. These tokens never expire and have a limited scope.

The easiest way to see the profile of the current token is to call:

Creating a Token

To create a token all apps can head over to Grant where the user will be presented with a UI that can be used to create a token and then copied for use.


Every token is allowed the following actions:

Get the current profile (user/team/website).
Get the balance of available credits for the user/team.
Create a report by starting a crawl on a given page using the credits from the user/team account.
View report results.
Poll the progress of the report.
List issues found by the web crawler at any stage of a report.
List the occurrences of a particular issue on a report.

Token on all requests

Not all requests require a token, which is by design. But for tracking purposes to help the team debug any issues, include the token if available. It won't change any requests/responses - it just helps the team paint a better picture.

Token Expiration

Due to the limited nature of tokens, they will never expire. The idea is to keep it as simple as possible to make integrations easy.

Signup icon
Ready to see how well your site scores?

Passmarked works best when you have an account. It allows you to keep a dashboard with saved data of the sites you have run through the system, we’ll alert you about important updates and you get access to the Passmarked Slack forum.

Sign up to get started