Introduction
An API scan involves examining the endpoints, parameters, and responses of an application programming interface (API) to identify vulnerabilities or potential security risks.
This guide details how to initiate and complete an API scan on the platform.
Prerequisites:
You should be signed in with CloudDefense.ai. If not, please refer to our guide on creating a CloudDefense.ai account.
We support only swagger endpoints for API Scans for now, so if you have any APIs which aren't in swagger, we request you to create a swagger file using those APIs.
Step 1: Navigation for API scan
Click on “Applications” on Navbar
Click the green “SCAN” button on the left side of the page, and choose “Other” to proceed.
After clicking on “Other” select “API”
Step 2:
Now you can run a simple scan by just providing Swagger Details
If you want more control over your scanning configuration and features then you can use “Advanced options”
We’ll use https://petstore.swagger.io/v2/swagger.json for testing here (Remember we need json as output not any html website, there is difference between swagger viewer and swagger json)
In App URL you need to provide (Base URL) example - https://petstore.swagger.io/
In JSON Path provide full URL of JSON - https://petstore.swagger.io/v2/swagger.json
Step 3: Scan your API Key
Then click on “Run Scan” and your scan should start.
API Scan from CloudDefense CLI guidelines are given below:
a) Install Cdefense CLI in your Device using these steps -
https://github.com/CloudDefenseAI/cd#installation
b) Now run below command to run API Scan from CLI
cdefense api --api-key=<CLOUDDEFENSE_API_KEY> --url=https://petstore.swagger.io/ --openapi-jsonurl=https://petstore.swagger.io/v2/swagger.json --project-name=example-api-scan --verbose
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article