API

For scanning web APIs, define your API type, explore methods, and specify domains to be tested.

Setting

Details

API type

Select the API type you want to scan from the following options:
OpenAPI/GraphQL/Other Based on the selected type, the options to add a description file and/or a Postman collection will be displayed.
  • OpenAPI
    • OpenAPI description file
      • Add description file
    • Postman collection
      • Select Postman collection
  • GraphQL
    • Select Postman collection
  • Other
    • Select Postman collection
Additional parameters When you add a OpenAPI description file, AppScan analyzes and displays the HTTP parameters in this table. It is recommended that you update these parameter values to cover all endpoints for better scan coverage.
If your description file contains authentication, configure it using one of the following methods:

Domains to be tested

If you're using a Postman Collection, enter the domains you want to include in the scan. If you're using a description file, the domains of your Base URL are automatically listed.

If your API includes links to domains other than the domain of the Base URL, you must add them in order for them to be included in the scan.

For more information, see Domains to be tested.

Note: When you have configured any additional settings, such as Login or Test policy and optimization, you can run a full scan or Explore only.