The REST API v0 is built with Django Ninja and served at /api/v0/. It is the primary integration point for external consumers and official SDKs.
Base URL https://nest.owasp.org/api/v0/
The interactive Swagger documentation is available at /api/v0/docs and the raw OpenAPI schema at /api/v0/openapi.json.
Authentication All endpoints require an API key passed in the X-API-Key request header.
curl https://nest.owasp.org/api/v0/projects/ \ -H "X-API-Key: your-api-key"
Authentication is disabled in Local environments. You can call the API without a key when running the stack with DJANGO_CONFIGURATION=Local.
All list endpoints return paginated responses. Pass page and page_size as query parameters.
Parameter Type Default Max Description pageinteger 1— Page number (1-indexed) page_sizeinteger 100100Items per page
Paginated responses have the following envelope:
{ "current_page" : 1 , "has_next" : true , "has_previous" : false , "items" : [ ... ], "total_count" : 540 , "total_pages" : 6 }
Endpoints Chapters
Retrieve a paginated list of active OWASP chapters. Query parameters Parameter Type Description countrystring Filter by country name orderingstring Sort by created_at, -created_at, updated_at, -updated_at, latitude, -latitude, longitude, -longitude
Response schema (item) Field Type Description keystring Unique chapter key (e.g., www-chapter-london) namestring Chapter display name latitudefloat | null Geographic latitude longitudefloat | null Geographic longitude created_atdatetime Creation timestamp updated_atdatetime Last update timestamp
GET /api/v0/chapters/{chapter_id}
Retrieve details for a single chapter. Path parameters Parameter Example Description chapter_idLondonChapter name or full key (www-chapter-london)
Additional response fields Field Type Description countrystring Country name regionstring Region name leadersarray List of { key, name } leader objects
Committees GET /api/v0/committees GET /api/v0/committees/{committee_id}
Returns paginated OWASP committees.
Events GET /api/v0/events GET /api/v0/events/{event_id}
Returns paginated OWASP events.
Issues
Retrieve a paginated list of GitHub issues. Query parameters Parameter Type Description organizationstring Filter by GitHub organization login (e.g., OWASP) repositorystring Filter by repository name (e.g., Nest) statestring Filter by issue state (open, closed) orderingstring Sort by created_at, -created_at, updated_at, -updated_at
Response schema (item) Field Type Description titlestring Issue title urlstring GitHub issue URL statestring Issue state created_atdatetime Creation timestamp updated_atdatetime Last update timestamp
GET /api/v0/issues/{organization_id}/{repository_id}/{issue_id}
Retrieve a specific GitHub issue. Path parameters Parameter Example Description organization_idOWASPGitHub organization login repository_idNestRepository name issue_id1234Issue number
Additional response fields Field Type Description bodystring Issue body (Markdown)
Labels Returns a paginated list of GitHub labels.
Members GET /api/v0/members GET /api/v0/members/{member_id}
Returns paginated GitHub users associated with OWASP.
Milestones GET /api/v0/milestones GET /api/v0/milestones/{organization_id}/{repository_id}/{milestone_id}
Returns paginated GitHub milestones. Filtering by organization and repository query parameters is supported on the list endpoint. The detail endpoint takes the organization login, repository name, and milestone number as path parameters.
Organizations GET /api/v0/organizations GET /api/v0/organizations/{organization_id}
Returns paginated GitHub organizations affiliated with OWASP.
Projects
Retrieve a paginated list of active OWASP projects. Query parameters Parameter Type Description levelstring Filter by project level (flagship, production, incubator, lab, demo) typestring (multi) Filter by project type. Accepts multiple values. qstring Structured search query (e.g., name:security stars:>100) orderingstring Sort by created_at, -created_at, updated_at, -updated_at
Response schema (item) Field Type Description keystring Unique project key (e.g., www-project-nest) namestring Project display name levelstring Project maturity level typestring Project type created_atdatetime Creation timestamp updated_atdatetime Last update timestamp
GET /api/v0/projects/{project_id}
Retrieve details for a single project. Path parameters Parameter Example Description project_idNestProject name or full key (www-project-nest)
Additional response fields Field Type Description descriptionstring Project description leadersarray List of { key, name } leader objects
Releases GET /api/v0/releases GET /api/v0/releases/{organization_id}/{repository_id}/{release_id}
Returns paginated GitHub releases. Filtering by organization, repository, and tag_name query parameters is supported on the list endpoint. The detail endpoint takes the organization login, repository name, and tag name as path parameters.
Repositories GET /api/v0/repositories GET /api/v0/repositories/{organization_id}/{repository_id}
Returns paginated GitHub repositories. Filter by organization_id query parameter to scope to a specific GitHub organization. The detail endpoint takes the organization login and repository name as path parameters.
Snapshots
Retrieve a paginated list of completed community snapshots. Response schema (item) Field Type Description keystring Snapshot key (e.g., 2025-02) titlestring Snapshot title start_atdatetime Start of the snapshot period end_atdatetime End of the snapshot period created_atdatetime Creation timestamp updated_atdatetime Last update timestamp
GET /api/v0/snapshots/{snapshot_id}
Retrieve details and aggregate counts for a single snapshot. Additional response fields Field Type Description new_chapters_countinteger New chapters in this snapshot new_issues_countinteger New issues in this snapshot new_projects_countinteger New projects in this snapshot new_releases_countinteger New releases in this snapshot new_users_countinteger New users in this snapshot
Each snapshot exposes paginated sub-resource lists: GET /api/v0/snapshots/{snapshot_id}/chapters/ GET /api/v0/snapshots/{snapshot_id}/issues/ GET /api/v0/snapshots/{snapshot_id}/members/ GET /api/v0/snapshots/{snapshot_id}/projects/ GET /api/v0/snapshots/{snapshot_id}/releases/
GET /api/v0/sponsors GET /api/v0/sponsors/{sponsor_id}
Returns paginated OWASP sponsors.
Structured search (query syntax) Some endpoints support a structured search query via the q query parameter. This uses a field-specific syntax parsed server-side.
Example: GET /api/v0/projects/?q=name:security stars:>100Supported on the Projects list endpoint (name, stars). The query syntax supports:
Operator Meaning Example :Exact match or icontains for strings name:nest:>Greater than (numeric) stars:>500:<Less than (numeric) stars:<10:>=Greater than or equal stars:>=100:<=Less than or equal stars:<=50
Example: fetch projects curl "https://nest.owasp.org/api/v0/projects/?level=flagship&page_size=5" \ -H "X-API-Key: your-api-key"
{ "current_page" : 1 , "has_next" : true , "has_previous" : false , "items" : [ { "key" : "www-project-zap" , "name" : "ZAP" , "level" : "flagship" , "type" : "tool" , "created_at" : "2024-01-15T10:00:00Z" , "updated_at" : "2025-03-01T08:30:00Z" } ], "total_count" : 24 , "total_pages" : 5 }
SDK compatibility requirements When adding or modifying endpoints, always assign a unique operationId in the @router.get or @router.post decorator. Duplicate operationIds break SDK generation. The authentication class in apps/api/rest/v0/__init__.py must remain named ApiKey . Renaming it changes the generated api_key parameter name in all SDKs.
