Skip to content

Start a new Scan

Application creation stepper

stepper

  1. Navigate to your applications list and click Secure a new app

  2. Select your application type:

    • GraphQL API
    • REST API
    • Frontend SPA

  3. For APIs, provide a schema, if not yet generated and available in Inventory:

    • GraphQL: GraphQL Introspection or GQL Schema
    • REST: Swagger v2, OpenAPI v3 (including OData, Hydra Core Vocabulary and Redocly extensions), Postman Collection, Insomnia Collection, Burp Suite Export, HAR Files

For both Burp Suite and HAR files, your export must contain only requests/responses for the API you want to scan.

  1. Enter your endpoint URL and click Next

  2. Configure authentication:

    • Add authorization headers if needed
    • Click Skip if no authentication is required

  3. Complete the setup:

    • Name your application
    • Select environment type:
      • Development (read-write mode)
      • Production (read-only mode)

Common pitfalls

My endpoint is not a valid endpoint

If we cannot validate your API endpoint but you believe it is correct, please contact us for assistance.

Your endpoint requires authentication

Tests may fail if your endpoint requires authentication, whether through:

  • A firewall protecting the server
  • Application-layer authentication for endpoint fingerprinting

In these cases, provide authorization headers that will be included with all HTTP requests.