Add, edit or delete API authorization
This document is for:
Invicti Platform
To scan APIs that require authentication, you must add the appropriate authorization credentials. This ensures Invicti can access and analyze all protected endpoints during a scan.
This document explains how to add, edit or delete authorization credentials for APIs listed in the API catalog in Invicti Platform.
Add authorization credentials
- Select Inventory > API catalog from the left-side menu.
- Locate your target and use the three dots (⋮) menu to select Add authorization.
- In the dialog that opens, enter the Admin and Standard users' credentials:
- Name - enter a label to help organize labels.
- Authorization type – Select one of the following options:
- API key – Enter the key–value pair required by the API.
- Basic authentication – Enter the username and password.
- Bearer token – Enter the bearer token used for authorization.
- Enter the login credentials for the selected users. You may skip any users for whom you do not wish to provide credentials.
- Only one user can be made default.
- Click Save credentials to complete the process.
- The API catalog now shows a little key icon next to the API.
Edit authorization credentials
- Select Inventory > API catalog from the left-side menu.
- Locate your target and use the three dots (⋮) menu to select Edit authorization.
- In the dialog that opens, use the Edit button to amend the user details such as name, authorization type and authentication. Or, use the toggles to disable and enable the user.
- Click Save credentials to save the changes.
Delete authorization credentials
To remove credentials for a single user, simply toggle off that user's entry. To delete the entire authorization, follow the steps below.
- Select Inventory > API catalog from the left-side menu.
- Locate your target and use the three dots (⋮) menu to select Edit authorization.
- In the dialog that opens, click Delete all credentials. The credentials are deleted without a warning message.