General

How do I configure a REST API scan?

To configure a web application asset to parse the REST API of a web application, please follow these steps:

Domain consistency
It is important to ensure domain consistency when configuring a web application asset to parse the API. Ensure that the Open API URL domain matches the target URL domain.

  1. Log in to the Security Center.
  2. Click Asset Manager in the main menu.
  3. Click Web applications.
  4. Choose Add web application.
  5. Under General information, add the API root URL under Target and set a name under Application name.
  6. Verify the swagger documentation with http://editor.swagger.io/ (external link) so there are no errors. 
  7. Click REST API scanning in the window menu.
  8. Add the Open API path (the link to the specification, e.g., /swagger/v1/swagger.json). JSON or YAML specifications for REST APIs.
  9. Configure Query string authentication or Header authentication if required for your endpoints by filling out a valid header to access the endpoints in the specification.
  10. Click OK to save.
  11. Done!

To initiate a scan
After following all the steps in this guide, the next step is configuring the asset for a scan. To learn how to complete the scan configuration, please refer to this article:
https://support.holmsecurity.com/knowledge/how-do-i-schedule-a-scan-for-an-web-app