Application Security Platform
API catalog overview and management

API catalog overview

This document is for:
Invicti Platform

This feature is available with Invicti API Security Standalone or Bundle

Located under Inventory, the API catalog is the area within Invicti Platform Inventory that contains all your discovered and imported APIs. It is a list of all the API endpoints that can be scanned for vulnerabilities by linking the API specification files to an existing or newly created targets.

This document provides an overview of the API catalog in Invicti Platform.

Access to API Security in Invicti Platform requires either an Administrator, Owner, Security Analyst, Security Manager role, or a custom role with the API Security permission.

Page features and actions

Below are listed and described the features that are available on the API catalog overview page.

1. API catalog table columns

  • API: The name/URL of each API.

  • Source: How the API was discovered or imported (for example, via an integration, Invicti NTA, or zero-config crawling).

  • Target: Whether the API is linked to a target for scanning capability.

  • Vulnerabilities: The overall vulnerability count for the API (after it has been scanned) grouped by vulnerability severity.

  • Last scanned: The date and time that the API was last scanned by Invicti.

Each row in the API catalog includes a three-dots (⋮) menu on the right. Selecting this menu opens additional actions you can perform on the selected API entry:

  • Link / Unlink target – Associate or disassociate the API definition with a specific scan target.
  • Edit – Modify the API's metadata such as name or description.
  • Hide API – Remove the API from the visible catalog without deleting it.
  • Delete API – Permanently remove the API from the catalog.
  • Scan Target – Initiate a vulnerability scan on the associated target. Clicking on the target name takes you to the Scan configure target.
  • Add / Edit authorization – Configure or update authentication settings required to scan the API securely.

2. API endpoints

Each API listed in your API catalog can be expanded to show the individual endpoints it contains and their vulnerability count.

  • Operation: The HTTP method and path for the endpoint (e.g., GET /api/admin/products).
  • Vulnerabilities: The vulnerability count for each API endpoint (after it has been scanned), grouped by vulnerability severity.
    This provides quick insight into potential security risks for each endpoint. Endpoints with no detected vulnerabilities will display
    No vulnerabilities.
  • The three-dots (⋮) menu on the right gives the option to exclude from scan.

3. Bulk actions

Bulk actions allow you to manage multiple APIs at once. To use them, select one or more API using the checkboxes in the table, then choose an action from the Bulk Actions menu.

Available bulk actions include:

  • Delete APIs– Permanently delete the selected API. This action cannot be undone.

4. View options

Click the View options menu to select or deselect table columns. This helps customize your view by showing only the information relevant to you.

You can also show / hide hidden APIs.

5. Search and filtering

You can refine the applications table using the Add Filter button or locate specific applications using the search icon (magnifying glass) in the top left.

Filtering

Click Add a filter to narrow down the list of APIs based on specific criteria such as:

  • Source
  • Scan date
  • Remote target

For more information on advanced filtering options, please refer to our Filtering document.

Search

The search field performs a keyword search across API names, helping you quickly locate a specific application.


Share This Article