HuntCode
API Reference
Docs API Reference

GET /v1/catalog

Retrieve the current HuntCode course catalog available for partner distribution and integration workflows.

Authentication

The HuntCode API allows authorized partners to retrieve course catalog data for distribution platforms and integrations. All API requests must be authenticated using a Bearer API key issued by HuntCode.

To authenticate a request, include your API key in the Authorization header using the Bearer scheme. API keys are issued to partner organizations and should be kept secure.

Example request: 

curl https://huntcode.com/v1/catalog \
  -H "Authorization: Bearer hc_live_your_api_key"

Catalog Fields

The GET /v1/catalog endpoint returns a list of courses available for distribution through partner platforms.

Each course object contains the following fields:

  • course_id - Unique identifier for the course within the HuntCode platform.
  • title - Human-readable title of the course.
  • short_description - Brief summary of the course used in catalogs and integrations.
  • estimated_hours - Estimated number of hours required to complete the course.
  • difficulty - Difficulty level of the course (e.g. Beginner, Intermediate, Advanced).
  • target_learner - Description of the intended audience for the course.
  • outcomes - List of skills or competencies learners will gain after completing the course.
  • prerequisites - Recommended knowledge or experience required before starting the course.
  • updated_at - Timestamp representing the most recent update to the course.

Rate Limits

The HuntCode API enforces per-API-key request limits in 1-minute windows to ensure fair usage and platform stability.

By default, each partner API key may make up to 60 requests per minute, unless a custom rate limit is configured.

Rate limit information is included in the response headers:

  • X-RateLimit-Limit - maximum requests allowed per minute
  • X-RateLimit-Remaining - number of requests remaining in the current window
  • X-RateLimit-Reset - Unix timestamp when the rate limit window resets

If the limit is exceeded, the API returns a 429 Too Many Requests response.

Errors

The HuntCode API uses standard HTTP status codes to indicate whether a request was successful or if an error occurred.

If a request fails, the API will return an appropriate HTTP status code along with a JSON error message describing the issue.

  • 200 OK - The request completed successfully.
  • 401 Unauthorized - The request did not include a valid API key.
  • 429 Too Many Requests - The API rate limit for the provided key has been exceeded.
  • 500 Internal Server Error - An unexpected error occurred on the HuntCode servers.

Example Response

The following example shows a typical JSON response returned by the GET /v1/catalog endpoint. 

{
  "courses": [
    {
      "course_id": 1,
      "title": "Cyber Defense Analyst Path",
      "short_description": "Role-aligned credential path for SOC and blue-team readiness",
      "estimated_hours": 40,
      "difficulty": "Beginner to intermediate",
      "target_learner": "Aspiring SOC analysts, junior blue-team practitioners, and IT professionals transitioning into defensive security who want practical readiness for monitoring, triage, and basic incident response.",
      "outcomes": [
        "Apply core hardening controls (MFA, password policy, patching, rate limiting) to reduce common attack paths",
        "Understand logging/telemetry sources and how to use a SIEM for basic querying and investigations"
      ],
      "prerequisites": [
        "Basic computer and networking literacy (IP, DNS, HTTP basics)",
        "Comfort using a command line (Windows PowerShell or Bash) at a beginner level"
      ],
      "updated_at": "2026-01-28T18:48:49.000Z"
    }
  ]
}