Askel.aiAskel.ai
Log in
Askel.aiAskel.ai
Log in
GoPhish logo

GoPhish

IAM & SecurityAPI tokenLive

Connect each customer's self-hosted GoPhish server so your product can launch phishing simulations, pull campaign results, and track employee click and report rates. Every customer brings their own GoPhish host; Askel keeps each connection isolated.

Book a demo
View docs

What you can do

Create and launch phishing campaigns

POST a new campaign to the customer's GoPhish server with a template, landing page, sending profile, and target group. Askel handles auth and translates your product's campaign spec into GoPhish's API format.

Read campaign results and event timelines

Fetch per-campaign results including email sent, opened, clicked, submitted data, and reported counts. Pull the full event timeline per recipient to see exactly which actions each user took.

Manage sending profiles

Read and create sending profiles on the customer's GoPhish instance, covering SMTP host, from address, and header configuration, so simulations appear to come from realistic internal addresses.

List and create email templates

Read existing phishing templates stored on the customer's GoPhish server, or create new ones from your product's template library. Covers HTML body, subject line, and attachment configuration.

Manage landing pages

Read and create landing pages on the customer's GoPhish instance. Landing pages capture submitted credentials (in simulation mode) and can redirect users to awareness training after submission.

Fetch target groups and individual results

Read user groups configured on GoPhish and pull per-user results across campaigns to build a risk score or track improvement over time within your product.

Sample use case

Running a quarterly phishing simulation as part of a security awareness programme

You sell a security awareness training platform. A customer, Whitmore Financial Services, runs their own GoPhish server inside their corporate network. Every quarter you need to run a phishing simulation against their staff, pull per-user results, and trigger remediation training for anyone who clicked.

  1. 1

    Customer provides the API key

    Whitmore's IT admin opens their GoPhish admin panel, navigates to Settings, copies the API key, and pastes it into your product's connection wizard along with their GoPhish host URL. Askel validates the connection with a GET /api/campaigns/ call.

  2. 2

    Template and landing page sync

    Askel reads the existing templates and landing pages on Whitmore's GoPhish server. Your product displays them alongside its own template library so the admin can pick or create the quarterly simulation template.

  3. 3

    Campaign created

    Your product calls Askel to POST a new campaign to Whitmore's GoPhish server with the chosen template, a landing page, the configured sending profile, and the staff target group. GoPhish schedules the send.

  4. 4

    Results pulled daily

    Askel reads the campaign's results each day during the simulation window. Your product updates its dashboard with click rates, credential-submission counts, and per-user event timelines.

  5. 5

    Remediation training triggered

    For each user who clicked, your product automatically enrols them in the next phishing-awareness module in Whitmore's training plan. Askel marks the campaign complete after the simulation window closes.

Authentication

API token

Each customer provides their GoPhish server URL and the API key from their GoPhish admin Settings page. Because every customer runs their own GoPhish instance, the host URL is different per customer. Askel stores the URL and key per customer connection and sends the key as an API key header on every request to that specific host.

Data flow

How Askel sits between your product and the customer's system

Data flow between Customer's GoPhish server, Askel, and Your productCustomer's GoPhish serverAPI endpointAskelauth · mapping · driftYour productyour backend
CampaignsPer-user eventsEmail templatesLanding pagesSending profilesTarget groups

Related integrations

Snyk logo

Snyk

Read vulnerability and license findings from customer Snyk orgs.

Cloudflare logo

Cloudflare

Read DNS, WAF, and rate-limit configuration from customer Cloudflare accounts.

Lupasafe logo

Lupasafe

Pull employee security-posture data from Lupasafe.

FAQ for GoPhish

Does the customer's GoPhish server need to be publicly accessible?+
Askel reaches the customer's GoPhish API over HTTPS. If the server is inside a corporate network behind a firewall, the customer needs to allow inbound traffic from Askel's egress IP range on the GoPhish API port. Askel publishes its egress IPs in the documentation for allowlist configuration.
What GoPhish version is required?+
Askel uses the standard GoPhish REST API, which has been stable across all GoPhish releases from version 0.9 onwards. No specific minimum version is enforced beyond basic API availability.
Is the data from GoPhish stored in Askel permanently?+
Askel reads and forwards campaign data to your product. Raw GoPhish results are not stored in Askel beyond the request cycle. Your product owns the persistent store for campaign history and user risk scores.
Can we run simulations against multiple GoPhish servers for the same customer?+
Each GoPhish host is a separate Askel connection. A customer that runs separate GoPhish servers for different business units can have multiple connections under the same customer record in Askel, and your product can target the correct connection per campaign.
Ready to ship integrations faster?customers faster?implementations faster?
Join onboarding teams delivering integrations without the engineering queue,
catching drift before it breaks, and hitting go-live dates.
Book a demo
Security & Compliance
ISO 27001 Certified
GDPR Compliant
Askel.ai
Askel.ai
Automation for customer onboarding teams
Product
FeaturesDocumentationIntegrations
Company
About usOur teamBlogContact
Resources
Terms of ServicePrivacy PolicyData Processing AgreementDocumentation

© 2025 Askel.ai. All rights reserved.