APIsec Technical Documentation

1. Register an API

Reading time < 3 min

To get started with APIsec security coverage and scanning for your APIs, you need to first register your API.

On the Homepage, click Register API

1.1. Basic Section

The Basic Section requires the following information:

1. API name: Provide any name that you would like to link with your project.
2. API Document URL or File: Provide a URL or upload a file to allow APIsec to record your API in the database for automated security coverage.
   • The supported formats for a URL link are OpenAPI Specification (OAS), Swagger, Postman & RAML. e.g. https://example.com/v2/api-docs
   • The supported formats for an API document file are same as for URL link.

1.2. Advanced Section

The Advanced Section requires the following information:

1. Credentials: Provide credentials for the API i.e. username, role, email & password. These credentials are for specific user accounts you want to scan via APIsec. We recommend including a user to represent each role within your product or organization.
   • The format is UserA||Basic||[user1@example.com](mailto:user1@example.com)||admin123$
     
2. Tokens: An API token is similar to a password and allows a user to authenticate to a software API to perform actions. The API service generates a unique token for the requested application or user, which is used every time for authentication when the user requests to use the service.
   • Find the steps to generate the token by clicking show more on the comment box of the Advanced Section.
     
3. Scanner Selection: You can select a scanner from the list of APIsec private scanners available in the drop-down menu. I selected Super_1 for this demo.

Once you completed all of the requirements, click Register and proceed.

A message prompt will be displayed on the Homepage like in the screenshot below. Your project name will be created with your settings similar to "Demo" in the screenshot and added to My Projects