API Access

Integrate ZION OFFSEC into your workflow. Automate purchases, manage licenses, and query our arsenal programmatically.

API Status: Operational
Version: v2.0 Base URL: api.zion-offsec.net/v2

Endpoints

Rate Limits

Free: 100 req/hr
Pro: 1,000 req/hr
Enterprise: 10,000 req/hr

Quick Start

Generate your API key from your account settings. Include it in every request as a Bearer token:

curl -X GET https://api.zion-offsec.net/v2/products \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"
POST

Authentication

Exchange credentials for a JWT token. Tokens expire after 24 hours.

Request
POST /v2/auth/token

{
  "username": "operator",
  "password": "your_password",
  "totp": "123456"
}
Response
{
  "token": "eyJhbGciOi...",
  "expires_at": "2026-02-02T00:00:00Z",
  "operator": {
    "id": 42,
    "rank": "elite",
    "clearance": 5
  }
}
GET

Products

Query the full arsenal catalog with filtering and pagination.

Parameter Type Description
category string Filter by category slug
difficulty string beginner, intermediate, advanced, elite
min_price float Minimum price filter
max_price float Maximum price filter
search string Full-text search query
sort string price_asc, price_desc, newest, popular
page int Page number (default: 1)
per_page int Items per page (max: 50) 
GET /v2/products?category=exploits-0days&difficulty=advanced&sort=newest&per_page=10
GET

Categories

GET /v2/categories

// Response
{
  "data": [
    {
      "id": 1,
      "name": "Exploits & 0days",
      "slug": "exploits-0days",
      "product_count": 10,
      "icon": "fas fa-bug"
    },
    ...
  ]
}
GET

Orders

Retrieve your order history and download links.

GET /v2/orders
GET /v2/orders/{order_id}
GET /v2/orders/{order_id}/downloads
GET

Licenses

Manage and validate your product licenses.

GET /v2/licenses
GET /v2/licenses/{license_key}/validate
POST /v2/licenses/{license_key}/activate

// Validation Response
{
  "valid": true,
  "product": "Process Hollowing Injector",
  "activated_on": "2026-01-15",
  "expires": "2027-01-15",
  "max_activations": 3,
  "current_activations": 1
}
GET

Account

GET /v2/account
PUT /v2/account
GET /v2/account/stats

// Stats Response
{
  "total_purchases": 15,
  "total_spent": "2,450.00",
  "rank": "elite",
  "xp": 4200,
  "badges": ["first_blood", "exploit_master", "top_buyer"]
}
POST

Webhooks

Receive real-time notifications for events in your account.

POST /v2/webhooks
{
  "url": "https://your-server.com/webhook",
  "events": ["order.completed", "license.activated", "product.updated"],
  "secret": "your_webhook_secret"
}

// Webhook Payload (sent to your URL)
{
  "event": "order.completed",
  "timestamp": "2026-01-15T12:00:00Z",
  "data": { ... },
  "signature": "sha256=..."
}

Error Codes

Code Meaning Resolution
401 Unauthorized Check your API key or re-authenticate
403 Forbidden Insufficient clearance level for this resource
404 Not Found Resource does not exist
429 Rate Limited Slow down — wait for rate limit reset
500 Server Error Contact support with request ID

SDKs & Libraries

Python
pip install zion-sdk
Node.js
npm i @zion/sdk
Go
go get zion.dev/sdk
Rust
cargo add zion-sdk