The PhishingBox API area includes a token page where users can enter an endpoint path, provide an API token, and use the Test button to send a request. This is helpful for validating that the token, endpoint, and request format are working before building the request into a script, application, or external integration. The documentation also notes that API calls must use the correct request method, such as GET, POST, PATCH, PUT, or DELETE.
If an API request fails, users should review the response code and error message returned by the API. The documentation includes common error response codes such as 401, 403, 405, 500, and 501. These can indicate issues such as missing or invalid authentication, insufficient permissions, an incorrect request method, or a server-side/API availability issue. Checking the required headers, endpoint path, HTTP method, request body, and token permissions is usually the best first step when troubleshooting.