Adding a target for the first time

Adding an API schema to an existing target

Adding authentication to an API schema

In the first box, please enter the target you wish to scan and hit 'Add Target':

When you see it pop up on your targets list, click it:

You'll then be taken to the target's detail page, where you have the option to add an API schema, by clicking the APIs tab, followed by the green + Add API Schema button:

From here you'll need to click the top box OpenAPI/Swagger:

👉 Use the first field to give your schema file a name (so you can identify it in the portal)

👉 The second section is for uploading your schema file (for now, we're only supporting .json and .yml)

👉 The third field is where you add the Base URL – this defines the location of the API (or where the API "lives". It's important to note that the Base URL must match the target you're adding the schema to.
(For example, if the target is api-test-rig.intruder.es you couldn't set example.api-test-rig.intruder.es as the Base URL as that's a different target).

Once that's all done your target's detail page will look like this:

At this point, you have two options:

If you choose to add an authentication, you'll need to

2. Either select an existing authentication (if you've already added one for the web-app), or add a new one, by clicking the second button.

3. Once here, click the applicable authentication method and follow the prompts.

(🚨 Form-based authentication cannot be used for authenticated API scanning.)

Detailed guides for each of the authentication methods mentioned above can be found in this section of the Help Centre.

API scanning is available to users with an Application license. More information on our licensing can be found here.