Skip to main content

🔎 Start your first scan

Application creation stepper

  1. Go to your applications list and click on Secure a new app
  2. Choose between GraphQL and REST
  3. For REST applicatins, you will be required to provide either a Swagger v2, OpenAPI v3 or Postman Collection file.
  4. Enter your endpoint and click on Next
  5. Add an authorization header if desired or click on Skip
  6. Select a name for the application, and select if you want the scan to run in development (read-write mode) or production (read-only) environment.
  7. You are all set!

Common pitfalls

My endpoint is not a valid endpoint

It might occur that we cannot detect if an API endpoint is valid. In the case it is legit, you might want to discuss with us.

Your endpoint requires authentication

A common reason for our test to fail is also that the endpoint requires authentication parameters, whether it be a firewall protecting the server, or an application layer ensuring authentication for the query we use in order to fingerprint the API (query { __typename }). In this case, you are offered to provide authorization headers, that will be attached to the HTTP requests we send.