API
For scanning web APIs, define your API type, explore methods, and specify domains to be tested.
Setting |
Details |
---|---|
API type |
Select the API type you want to scan
from the following options:
|
OpenAPI/GraphQL/Other | Based on the selected type, the options
to add a description file and/or a Postman collection will be displayed.
|
Additional parameters | When you add a OpenAPI description file,
AppScan analyzes and displays the HTTP parameters in this table. It is recommended
that you update these parameter values to cover all endpoints for better scan
coverage. If your description file contains authentication, configure it using one
of the following methods: |
Domains to be tested |
If you're using a Postman Collection,
enter the domains you want to include in the scan. If you're using a description file,
the domains of your Base URL are automatically listed. If your API includes links to domains other than the domain of the Base URL, you must add them in order for them to be included in the scan. For more information, see Domains to be tested. |
Note: When you have configured any additional settings, such
as Login or Test policy and optimization, you can run a full scan or Explore
only.
|