API Security & Conformance Scan using OpenAPI Swagger Editor Extension in VS Code

A dynamic security scan of your API to check for conformance against the API design (OpenAPI contract) and security vulnerabilities. The tutorial videos below are for OpenAPI Editor in Microsoft Visual Studio Code (VS Code). API Scan is also available on the 42Crunch Platform and in GitHub Actions CI/CD.

Activate API Scan CLI

You can run the dynamic API Scan security test locally on your machine without having to share the API. The video explains how. if you are a paying customer you can run the scan in your IDE on local APIs or on APIs in your customer account on the 42Crunch platform

Running your first API Scan

Learn how to configure and run your first API Scan and read the results

API Testing with Dynamic Authentication

Authentication tokens such as OAuth or an API key may be required In order to test your API. Find out how to configure the scan for dynamic authentication.

API Request Chaining

You can add additional operations and requests to your scan configuration scenario to create more complex test scenarios. Take a look at the video explainer.

Latest Resources


Top Things You Need to Know About API Security

Two of the API security industry’s leading experts, Dr Philippe de Ryck and Isabelle Mauny, guide you through some real-world cases of API security attacks and also share some best practices for securing your APIs.


How to Protect APIs from OWASP Authorization Risks: BOLA, BOPLA & BFLA

By Hugh Carroll | February 20, 2024

The OWASP API Top Risks listing identifies three different Authorization challenges  Coding issues relating to Authorization configuration failures continue to present a significant challenge for development and security teams building and protecting APIs. Just read any issue of our fortnightly APIsecurity.io newsletter and you’ll discover that Authorization-based breaches […]


APIs are the core building block of every enterprise’s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developers’ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

Ready to Learn More?

Developer-first solution for delivering API security as code.