Support
API Discovery

Linking and unlinking discovered APIs to targets

This document is for:
Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

This feature is available with Invicti API Security Standalone or Bundle

Associating your discovered and imported APIs with targets enables you to scan those APIs for vulnerabilities. Whenever the target is scanned, the linked API will also be scanned automatically. This guide shows you how to link and unlink APIs with targets from your API Inventory in Invicti Enterprise.

NOTE: Access to API Discovery in Invicti Enterprise requires either an Account Administrator role or the View API Inventory permission added to a new or existing role.

How to link an API to a target

Once you have some APIs in your API Inventory, you can link each API specification file to an existing target or create a new target to link to if the API base URL is not yet set up as a target in Invicti Enterprise.

IMPORTANT: When linking an API to a target, the API base URL must be a subset of the target URL. 

  • For example, if www.example.com is the target URL you are linking to, then the base URL for the API needs to be www.example.com/api/v1. 

When the API base URL is different from the target URL, a new target needs to be added. 

  • For example, if the API base URL is api.example.com and your target URL is www.example.com, then you would need to add a new target for api.example.com.

To link an API from your API Inventory to a target:

  1. Select APIs > API Inventory from the left-side menu.
  2. From your API Inventory, locate the API you want to link and click Link Target.

  1. Click the Target drop-down and choose your preferred option:
  1. Select an existing target from the list if you already have a target that matches your API base URL.
  2. Select + Add new target if you need to add a new target to match your API base URL.

NOTE: Adding a new target will use one of your available licenses.

  1. Click the Scan profile drop-down and choose your preferred option:
  1. Select an existing scan profile from the list.
  2. Select + Add new scan profile, then enter a name for the new scan profile.  
  1. Enter the API base URL of the API you are linking. 
  2. Click Link target or Add Target.

The URL of the linked target is now displayed in the Target column of your API Inventory. The next time the linked target is scanned, the associated API specification will also be scanned automatically.

How to unlink an API from a target

To unlink an API in your API Inventory from a target:

  1. Select APIs > API Inventory from the left-side menu.
  2. From your API Inventory, locate the API you want to unlink, click the three dots icon on the right, and select Unlink target.

  1. Click Unlink target to confirm the action.

The API is no longer linked to a target and cannot be scanned unless you link it to a target again. Any previously identified vulnerabilities related to the API are no longer shown in the API Inventory.