Secure Your APIs Now Pricing

Full Feature Comparison

 

 
  • API SECURITY TESTING
  • Security Audits / Month - IDE
  • Security Scans / Month - IDE
  • Security Audits / Month - CI/CD
  • Security Scan / Month - CI/CD
  • Secure Storage of Reports
  • Tenant on Platform
  • Role based sharing of APIs
  • Single Sign On
  • Data Dictionary
  • Security Quality Gates (SQGs)
  • Security Audit Customizations
  • Security Scan Customizations
  • RUNTIME THREAT PROTECTION
  • Threat Protection Firewall
  • Enforce Standard Security Policies
  • AUTOGENERATE OPENAPI CONTRACTS
  • API Capture
  • INTEGRATIONS
  • API Gateway integration (Firewall)
  • SIEM / SOC Integrations (Firewall)
  • SUPPORT SERVICES
  • Support
  • Onboarding Services
  • Designated Customer Success Architect (TAM)

Freemium User

  • API SECURITY TESTING
  • Security Audits / Month - IDE25 Full | 100 Operation
  • Security Scans / Month - IDE25 Full | 100 Operation
  • Security Audits / Month - CI/CD25 per Repo | Max 3 Repos
  • Security Scan / Month - CI/CD25 per Repo | Max 3 Repos
  • Secure Storage of ReportsNo - Stateless
  • Tenant on PlatformNone
  • Role based sharing of APIs
  • Single Sign On
  • Data DictionaryDefault
  • Security Quality Gates (SQGs)Default
  • Security Audit Customizations
  • Security Scan Customizations
  • RUNTIME THREAT PROTECTION
  • Threat Protection Firewall
  • Enforce Standard Security Policies
  • AUTOGENERATE OPENAPI CONTRACTS
  • API Capture
  • INTEGRATIONS
  • API Gateway integration (Firewall)
  • SIEM / SOC Integrations (Firewall)
  • SUPPORT SERVICES
  • SupportLimited (or Self Service)
  • Onboarding Services
  • Designated Customer Success Architect (TAM)

Teams

  • API SECURITY TESTING
  • Security Audits / Month - IDEUnlimited
  • Security Scans / Month - IDEUnlimited
  • Security Audits / Month - CI/CDUnlimited
  • Security Scan / Month - CI/CDUnlimited
  • Secure Storage of Reports
  • Tenant on PlatformDedicated Tenant
  • Role based sharing of APIs
  • Single Sign OnNo
  • Data DictionaryCustomizable
  • Security Quality Gates (SQGs)Customizable
  • Security Audit CustomizationsCustomizable
  • Security Scan CustomizationsCustomizable
  • RUNTIME THREAT PROTECTION
  • Threat Protection FirewallOn Request
  • Enforce Standard Security PoliciesOn Request
  • AUTOGENERATE OPENAPI CONTRACTS
  • API Capture
  • INTEGRATIONS
  • API Gateway integration (Firewall)
  • SIEM / SOC Integrations (Firewall)
  • SUPPORT SERVICES
  • SupportAs per Standard SLA
  • Onboarding Services
  • Designated Customer Success Architect (TAM)

Enterprise

  • API SECURITY TESTING
  • Security Audits / Month - IDEUnlimited
  • Security Scans / Month - IDEUnlimited
  • Security Audits / Month - CI/CDUnlimited
  • Security Scan / Month - CI/CDUnlimited
  • Secure Storage of Reports
  • Tenant on PlatformDedicated Platform (Optional Upgrade)
  • Role based sharing of APIs
  • Single Sign On
  • Data DictionaryCustomizable
  • Security Quality Gates (SQGs)Customizable
  • Security Audit CustomizationsCustomizable
  • Security Scan CustomizationsCustomizable
  • RUNTIME THREAT PROTECTION
  • Threat Protection FirewallOn Request
  • Enforce Standard Security PoliciesOn Request
  • AUTOGENERATE OPENAPI CONTRACTS
  • API CaptureOn Request
  • INTEGRATIONS
  • API Gateway integration (Firewall)
  • SIEM / SOC Integrations (Firewall)
  • SUPPORT SERVICES
  • SupportAs per Standard SLA
  • Onboarding Services
  • Designated Customer Success Architect (TAM)On Request

Freemium User FAQs

Please check out our Freemium User FAQ page.

Frequently Asked Pricing Questions

Yes. We offer a sliding scale of prices from a base entry level price for up to 5 users all the way to 25 users as part of our Teams pricing.

If you have any special requests please contact us.

42Crunch offers both Standard and Premium Support and Maintenance services for the 42Crunch Platform.

The services delivered are subject to the Master Customer Agreement entered into between a paying subscriber and 42Crunch.

For further information about our support levels please contact us.

You can use your credit card to pay for any monthly or annual "Teams' subscription.

If you sign up for any annual subscription then we then we can arrange that you pay by bank transfer.  Please contact us to arrange this option.

If you are on a "Teams" package you can add and replace users up to the limit of that package e.g. if you are on the 15 users team package and only have 12 users on the account then you can add three more users without any additional charge.

If you have reached the limit of users allowed in the package then you will need to upgrade to the next package. You can upgrade using the "Teams"  billing portal.

If you have any special requests then feel free to contact us

If you are on a "Teams" subscription then you can manage your subscription by logging into the billing portal.

If you are an enterprise customer you can contact our billing team or your account manager directly.

Frequently Asked Product Questions

API Audit is a 42Crunch static API testing service that helps users find and fix issues with their OpenAPI contracts during the design time and avoid releasing unprotected APIs.

The API Security Audit performs over 300+ checks on the OpenAPI Contract checking for adherence to the OpenAPI specification, data definition quality (how well your schema is defined) and potential security vulnerabilities.

API Audit is available from a number of IDE marketplaces (via the openAPI Editor) and CI/CD platforms (as a plugin).  It is available either for free with limited usage or on the 42Crunch platform as a paid subscription.

You can run the audit from the 42Crunch OpenAPI editor in VS Code, IntelliJ and Eclipse. 

First you need to activate the service. Here is a short video to explain.

Once the Audit service is active you can take a look at the tutorial video page on how to run the API Security Audit.

There is an option to run the audit for freemium users from GitHub Actions. We will be expanding to Azure DevOps and other CI/CD platforms in the coming months. 

For paying subscribers, we also offer integrations with Bitbucket, Azure Pipelines, Bamboo, Jenkins, Gitlab, GitHub Actions and Sonarqube.

Please take a look at a tutorial video on how to run the API Security Audit & API Scan from GitHub.

API Scan is a dynamic API Security Testing tool for REST APIs. This means that API Scan sends real API traffic to your API and examines and validates the responses.

The tests are automatically created by using the API's OpenAPI Definition file (OpenAPI Contract) to test the following:

  1. Does the API conform to the API Design i.e. does it do what it is supposed  to do according to the design
  2. Does it perform as it is supposed to - does it only allow the expected traffic and reject not expected traffic.
  3. Are there any security weakness based on how the API is implemented.

Here is an explainer video

API Scan is available in IDEs (via the OpenAPI Editor) and the GitHub Actions CI/CD.  It is available for free with limited usage and non commercial basis (see Freemium FAQ section above).

You can also run API Scan on the 42Crunch platform. This is available only to paid subscribers.

You can run API Scan from VS Code IDE. We will be expanding to IntelliJ and Eclipse in the coming months. 

Please visit our dedicated video tutorial page on running API scan in VS code


There is an option to run the API Scan from GitHub Actions. We will be expanding to Azure DevOps and other CI/CD platforms in the coming months. 

Please take a look at a tutorial video on how to run the API Security Audit & API Scan for freemium users from GitHub.

API Security Testing with 42Crunch combines a number of our tools and integrates in the development lifecycle of the API as follows:

  1. API Design - we help developers create and edit OpenAPI files using our Free OpenAPI editor tool in their favorite IDEs
  2. API Audit - checks the API Design file for different structure, semantic and security flaws, marks the API Design file out of a score of 100 and also offers remediation advice and quick ways to fix the issues identified. This way you can quickly fix and create a robust OpenAPI contract. (more info above)
  3. API Scan - checks the actual API for security flaws by sending dynamic traffic to it. The tests we do are based on the API design file of the same API. More Above

Now we also add in some additional things like data dictionaries to help standardize definitions used across all APIs, security quality gates that can prevent changes to APIs going into production without first having passed an approved score in both the API Audit and API Scan checks and finally we give all of this visibility to security teams which enables security teams and development teams work together with agreed security policies in a faster and more secure development process.

There are multiple benefits to upgrading to a paid subscription (see section below) but if you are unsure then please request an introductory call with one of our pre-sales engineers who can discuss your requirements with you.

The Data Dictionary capability helps organizations define a dictionary of formats that should be used in APIs.

By harmonizing what formats your APIs can accept you can increase their security as the stricter data definition quality for input and output data narrows down the attack surface.

For developers, this means that they do not have to reinvent the wheel but can check the data dictionaries for formats already in use and use the existing ones.

Here is an explainer video

Security Quality Gates (SQGs) help implement security compliance and governance across the enterprise. 

SQGs can highlight or prevent APIs or changes to APIs from being committed via CI/CD pipelines without first having passed an approved threshold. SQGs apply both to API Audit and API Scan static and dynamic reports.

In the IDE, SQGs will highlight to the developer if the score on either the API Audit or API Scan reports is not sufficient to pass the required standard. 

In CI/CD there is an option to either enforce the SQG or just report on the SQG. 

For freemium users a standard SQG is available. For paid subscriptions you can customize the SQGs.

This video will explain Security Quality Gates

API Protect is an API micro-firewall that enforces the API security policy at runtime. It creates an allowlist of valid operations from the API's OpenAPI contract and enforces the contract on all incoming and outgoing operations. The micro-firewall will automatically change when any changes are made to the OpenAPI contract.

Here is a video explainer

Don't want to build OpenAPI contracts from scratch or have lots of APIs without OpenAPI design files?  API Capture can use traffic data, Postman collections, API test configurations and even half built OpenAPI files to automatically build OpenAPI contracts saving your developers lots of time and effort. It will also save your front end, backend teams and testing teams time as they now have a design file to work off.

Here is a video explainer

Getting up and running with 42Crunch is easy.
Collaborate with the freedom you want and the visibility that security and operation teams need. Available in IDEs, CI/CDs, SIEMs, API gateways and Runtime containers.  

Trusted by Security & Development Teams Globally

42C Customers_Allianz copy
42C Customers_Bridgestone copy
bt-group-logo small
UK Central Digital & Data Office
42C Customers_Ford copy
42C Customers_Insulet Corporation copy
Logo_Logius BW
42C Customers_Pollinate copy
42C Customers_Travelers copy
42C Customers_Verizon copy

Ready to Learn More?

Developer-first solution for delivering API security as code.