API Scanner Getting Started Guide
To start scanning your API, you will need the documentation that defines the endpoints, parameters, expected responses, etc. of your API. The currently supported documentation format is OpenAPI Specification v2, also known as Swagger 2. We plan to support many more formats in the future, so if there is one in particular that you would like to see, let us know! Once you have your documentation, you can begin by creating an account.
If you don't already have an account, you can create one here.
Creating an Organization
Now that we're logged in, let's create an organization for your APIs. Organizations allow you to organize groups of APIs and control who can access them. We'll go over access control and user management at the end of this guide.
Just click the "New Organization" button, and give it a name:
After your organization is created, click on New API:
After clicking on "New API" you'll need to enter the name of your API and either upload or give us the URL to the documentation of your API:
After entering all of the necessary information click on "Create" and this will save your API.
Setting up Authenticators
Now that you have created your Organization and added your API you can now set up your authenticators, if necessary. Authenticators allow you to define authentication methods so that the scanner can access APIs behind authentication. Click on the lock icon under the name of your API:
The lock brings you to the page to configure subjects and authenticators.
Add subjects by clicking on the "+" icon on the right side of the page:
You will then need to click on "Add Authenticators" and select the correct authenticators for your API. After you are finished, select "Save Subject". It is recommended that you leave the "Unauthenticated" subject, as you may want to see how your API reacts to unauthenticated users.
Running your first scan
You're ready to scan your API! Click on "Scan" in the top right corner to begin your scan:
Adding Users to Organizations
To add members to your team, simply click on the "Group" icon:
Add the email of the new team member and click on "Add." This sends the user an invite link via their email:
To remove a user's access, click on the "x" icon under the "Actions" column: