Tutorials
API Security & Conformance Scan using OpenAPI Swagger Editor Extension in VS Code
A dynamic security scan of your API to check for conformance against the API design (OpenAPI contract) and security vulnerabilities such as BOLA and BFLA. The tutorial videos below are relevant for all the available IDEs. API Scan is also available on the 42Crunch Platform and CI/CD platforms such as GitHub Actions and Azure DevOps.
Activate API Scan
You can run the dynamic API Scan security test locally on your machine without having to share the API. Activation differs slightly between free and paying customers. Please refer to the relevant video below.
Paying Customers
Free Customers
Overview of the Scan Configuration Viewer
Explanation of the scan configuration viewer where you configure and run your scan tests
Running your first API Scan
Learn how to configure and run your first API Scan and read the results
Use Variable Substitution
Variable substitution is a powerful feature that enables dynamic changes to your requests and responses
Setup Dynamic API Authentication
Authentication tokens such as OAuth or an API key may be required In order to test your API. Find out how to configure the scan for dynamic authentication.
API Happy Path "Scanarios"
You can add additional operations and requests to your scan configuration scenario to create more complex test scenarios. Take a look at the video explainer.
Setup and Teardown using Global Blocks
Set up and tear down test resources or create test states to test the API using before and after blocks e.g. Create a new test user account, run tests and then delete the new user
