Link or unlink discovered APIs to targets
This feature is available with Invicti API Security Standalone or Bundle
Associating your discovered and imported APIs with targets enables you to scan those APIs for vulnerabilities. Whenever the target is scanned, the linked API will also be scanned automatically. This guide shows you how to link and unlink APIs with targets from your API Discovery in Invicti Platform.
Access to API Security in Invicti Platform requires either an Administrator, Owner, Security Analyst, Security Manager role, or a custom role with the API Security permission. |
Steps to link an API to a target
Once you have some APIs in your API Discovery, you can link each API to an existing target or create a new target to link to if the API base URL is not yet set up as a target in Invicti Platform.
When linking an API to a target, the API base URL must be a subset of the target URL.
When the API base URL is different from the target URL, a new target needs to be added.
|
To link an API from your API Discovery to a target follow these steps:
- Select Discovery > API Discovery from the left-side menu.
- Locate the API you want to link and select Link or Create.
- Link - Select an existing target from the list if you already have a target that matches your API base URL.
- Create - This option will take you to the Create target page. If you need help with creating a target, refer to the linked document. Create the target and come back to this page to complete the linking of the target to an API.
Adding a target will use one of your available FQDNs (licenses). |
- Click Link to open the Link target dialog.
- Using the dropdown menus, select the target and API base URL, then click Link target.
The name of the linked target is now displayed in the Target column of the API Discovery. The next time the linked target is scanned, the associated API specification will also be scanned automatically.
After scanning a target that is linked to an API, the Vulnerabilities tab on the Scans > All scans > Scan details page will indicate which vulnerabilities are from the scanned API by placing an 'API' tag next to the vulnerability name. |
Steps to unlink an API from a target
- Select Inventory > API catalog from the left-side menu.
- Locate the API you want to unlink, click the three dots icon on the right, and select Unlink target.
- Click Unlink target to confirm the action.
The API is no longer linked to a target and cannot be scanned unless you link it to a target again. Any previously identified vulnerabilities related to the API are no longer shown in the API catalog.