Skip to main content

Getting Started

The CTFd REST API is the underlying resource that powers almost all CTFd interactions. Most behaviors that are available within CTFd can be done using the REST API. The REST API is considered stable however the ergonomics of certain behaviors can be improved and some endpoints may change in format to improve performance (e.g. adding pagination).

The following document discusses how to begin interacting with the CTFd API.

Generating an Admin Access Token

The API can be used by any user but only admin level users can perform most management actions. To begin interacting with the API it's recommended to have an Admin CTFd user.

  1. Go to the "Settings" page of your user
  2. Click on the "Access Tokens" tab
  3. Set an expiration for the token (the default is 30 days) and click "Generate"
  4. You will receive an Access Token that you should copy and save

Using the Access Token

The CTFd API expects the Authorization header with Token {access_token} in requests as well as a Content-Type set to application/json.

tip

While any HTTP library/tool can be used to interact with the API, it is easiest to use Python with the requests library.

For example the following request will show all challenges publicly viewable by the user:

curl \
--header "Authorization: Token $access_token" \
--header "Content-Type: application/json" \
https://demo.ctfd.io/api/v1/challenges

The same approach can be used for other endpoints such as /api/v1/users, /api/v1/teams, /api/v1/pages, etc. An in-progress breakdown of the endpoints available in CTFd is available at the Swagger UI

Endpoint Methods

In general the API uses the following HTTP methods:

  • GET - To access resource data
  • POST - To create resource data
  • PATCH - To edit resource data
  • DELETE - To delete a resource