Skip to content

API for participants

Roman Bykov edited this page Nov 30, 2025 · 3 revisions

API for submitting stolen flags.

Send PUT-request to /flags endpoint. Don’t forget to pass the X-Team-Token header with the value we will provide to identify your team. The body of the request should be a valid JSON array with flags.
Example:

$ cat flags.json
["PNFP4DKBOV6BTYL9YFGBQ9006582ADC=", "0I7DUCYPX8UB2HP6D6UGN86BA26F2FE=", "PTK3DAGZ6XU4LPETXJTN7CE30EC0B54="]
$ curl -s -H 'X-Team-Token: <your_secret_token>' -X PUT --data @flags.json https://monitor.ructf.org/flags

You will receive something like this:

[
  {
    "msg" : "[PNFP4DKBOV6BTYL9YFGBQ9006582ADC=] Denied: no such flag",
    "status" : false,
    "flag" : "PNFP4DKBOV6BTYL9YFGBQ9006582ADC="
  },
  {
    "msg" : "[STH5LK9R9OMGXOV4E06YZD71F746F53=] Denied: flag is your own",

    "flag" : "STH5LK9R9OMGXOV4E06YZD71F746F53=",
    "status" : false
  },
  {
    "status" : false,
    "flag" : "0I7DUCYPX8UB2HP6D6UGN86BA26F2FE=",
    "msg" : "[0I7DUCYPX8UB2HP6D6UGN86BA26F2FE=] Denied: you already submitted this flag"
  },
  {
    "msg" : "[PTK3DAGZ6XU4LPETXJTN7CE30EC0B54=] Accepted. 1.73205080756888 flag points",
    "flag" : "PTK3DAGZ6XU4LPETXJTN7CE30EC0B54=",
    "status" : true
  }
]

API for receiving a list of teams

To receive a list of all teams, send a GET request to /teams.
Example:

$ curl -s https://monitor.ructf.org/teams

You will receive something like this:

{
    "1": {  // 1 is team’s id
        "id": 1,
         "name": "Hackerdom",
         "network": "10.60.1.0/24",
         "logo": "https://monitor.ructf.org/logos/hackerdom.png",
         "country": "RU"
     },
     ...
}

API for receiving a list of services

To receive a list of all services, send a GET request to /services. Example:

$ curl -s https://monitor.ructf.org/services

You will receive something like this:

{
     "<service1_id>": "<service1_name>",
     "<service2_id>": "<service2_name>",
     ...
}

API for receiving an actual list of flag ids and descriptions

For each service that supports this feature, you can receive a list of non-expired flags of other teams.

What is a flag id? You will receive the explanation with a list of ids :-) Usually, flag id is some identifier for private data in the service, i.e. email of the user, the primary key of the message, etc.

To receive flag ids send the GET request to /flag_ids?service=<service_id> endpoint. Don’t forget to pass the X-Team-Token header with the value we will provide to identify your team.
Example:

$ curl -s -H 'X-Team-Token: <your_secret_token>' https://monitor.ructf.org/flag_ids?service=<service_id>
{
    "flag_id_description": "Flag id is a user email",
    "flag_ids": {
        "1": {  // "1" is team’s id from /teams endpoint"
           "host": "10.60.1.3",
           "flag_ids": ["qyui-asdf-iedj@gmail.com", "mjef-vie4-x4hf@ya.com"]
        },
        ...
    }
}