Application Security Platform
API configuration and Target association

Add, edit or delete API authorization

This document is for:
Invicti Platform

To scan APIs that require authentication, you must add the appropriate authorization credentials. This ensures Invicti can access and analyze all protected endpoints during a scan.

This document explains how to add, edit or delete authorization credentials for APIs listed in the API catalog in Invicti Platform.

Add authorization credentials

  1. Select Inventory > API catalog from the left-side menu.
  2. Locate your target and use the three dots (⋮) menu to select Add authorization.

  1. In the dialog that opens, enter the Admin and Standard users' credentials:

  • Name - enter a label to help organize labels.
  • Authorization type – Select one of the following options:
  • API key – Enter the key–value pair required by the API.
  • Basic authentication – Enter the username and password.
  • Bearer token – Enter the bearer token used for authorization.
  1. Enter the login credentials for the selected users. You may skip any users for whom you do not wish to provide credentials.
  2. Only one user can be made default.

  1. Click Save credentials to complete the process.
  2. The API catalog now shows a little key icon next to the API.

Edit authorization credentials

  1. Select Inventory > API catalog from the left-side menu.
  2. Locate your target and use the three dots (⋮) menu to select Edit authorization.

  1. In the dialog that opens, use the Edit button to amend the user details such as name, authorization type and authentication. Or, use the toggles to disable and enable the user.

  1. Click Save credentials to save the changes.

Delete authorization credentials

To remove credentials for a single user, simply toggle off that user's entry. To delete the entire authorization, follow the steps below.

  1. Select Inventory > API catalog from the left-side menu.
  2. Locate your target and use the three dots (⋮) menu to select Edit authorization.

  1. In the dialog that opens, click Delete all credentials. The credentials are deleted without a warning message.


Share This Article