API

For scanning web APIs, define your API type, explore methods, and specify domains to be tested.

Setting

Details

API type

Select the API type you want to scan from the following options:
  • OpenAPI specification file
  • Postman collection
For more information, see the following topics:
Additional parameters When you add a OpenAPI specification file, AppScan analyzes and displays the HTTP parameters in this table. AppScan automatically detects parameters' values during explore, but you can manually update parameters for better performance in cases where the value cannot be detected automatically during scan.
If your specification file contains authentication, configure it using one of the following methods:

Domains to be tested

If you're using a Postman Collection, enter the domains you want to include in the scan. If you're using a specification file, the domains of your Base URL are automatically listed.

If your API includes links to domains other than the domain of the Base URL, you must add them in order for them to be included in the scan.

For more information, see Domains to be tested.

Note: When you have configured any additional settings, such as Login or Test policy and optimization, you can run a full scan or Explore only.