- Knowledge base
- API Security
- General
-
Security updates
-
Product news
-
Next-Gen Vulnerability Management
-
Getting started
-
General
-
Operating status
-
Network & System Security
-
Web Application Security
-
Cloud Security
-
API Security
-
Phishing Simulation & Awareness Training
-
Attack Surface Management
-
Scanner Appliance
-
Device Agent
-
On-premise platform deployment
-
Asset management
-
Vulnerability manager
-
Reports
-
Digest reports
-
Organizer
-
Continuous monitoring
-
Integrations
-
Platform API
-
Remediation
-
Users
-
PCI DSS ASV scans
-
Terms & conditions
-
Dashboard
How do I configure a REST API scan?
To configure a web application asset to parse the REST API of a web application, please follow these steps:
Domain consistency
It is important to ensure domain consistency when configuring a web application asset to parse the API. Ensure that the Open API URL domain matches the target URL domain.
- Log in to the Security Center.
- Click Asset Manager in the main menu.
- Click Web applications.
- Choose Add web application.
- Under General information, add the API root URL under Target and set a name under Application name.
- Verify the swagger documentation with http://editor.swagger.io/ (external link) so there are no errors.
- Click REST API scanning in the window menu.
- Add the Open API path (the link to the specification, e.g., /swagger/v1/swagger.json). JSON or YAML specifications for REST APIs.
- Configure Query string authentication or Header authentication if required for your endpoints by filling out a valid header to access the endpoints in the specification.
- Click OK to save.
- Done!
To initiate a scan
After following all the steps in this guide, the next step is configuring the asset for a scan. To learn how to complete the scan configuration, please refer to this article:
https://support.holmsecurity.com/knowledge/how-do-i-schedule-a-scan-for-an-web-app