Start a new Scan

Application creation stepper¶

1. Navigate to your applications list and click Secure a new app

2. Select your application type:

   • GraphQL API
   • REST API
   • Frontend SPA

3. For APIs, provide a schema, if not yet generated and available in Inventory:

   • GraphQL: GraphQL Introspection or GQL Schema
   • REST: Swagger v2, OpenAPI v3 (including OData, Hydra Core Vocabulary and Redocly extensions), Postman Collection, Insomnia Collection, Burp Suite Export, HAR Files

Note: For both Burp Suite and HAR imports, if your file contains requests to more than one host (for example, api1.example.com & api2.example.com), Escape will automatically use the host with the highest number of requests found. This will also be reported in the validation events and you can see which host was used.

1. Enter your endpoint URL and click Next

2. Configure authentication:

   • Add authorization headers if needed
   • Click Skip if no authentication is required

3. Complete the setup:

   • Name your application
   • Select environment type:
     • Development (read-write mode)
     • Production (read-only mode)

Common pitfalls¶

My endpoint is not a valid endpoint¶

If we cannot validate your API endpoint but you believe it is correct, please contact us for assistance.

Your endpoint requires authentication¶

Tests may fail if your endpoint requires authentication, whether through:

• A firewall protecting the server
• Application-layer authentication for endpoint fingerprinting

In these cases, provide authorization headers that will be included with all HTTP requests.