API reference
You will need the following inputs for each of the API endpoints:
YOUR_API_KEY: Go to My account > Settings > Integrations and fetch API key under Akto API. You should pass it with the headerX-API-KEY.URL: This is the url of your Akto dashboard.
Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
testingRunResultHexIdstringOptionalExample:
6464783658e3a17b14ddfa67Responses
200
description
application/json
post
POST /api/fetchTestRunResultDetails HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 52
{
"testingRunResultHexId": "6464783658e3a17b14ddfa67"
}200
description
{
"metadata": "null",
"testingRunResults": "null",
"testingRunResultSummaries": "null",
"runIssues": "null",
"selectedTests": "null",
"maxConcurrentRequests": 0,
"testingRuns": "null",
"recurringDaily": false,
"workflowTest": "null",
"testingRunResult": {
"testResults": [
{
"testInfo": "null",
"vulnerable": true,
"percentageMatch": 100,
"confidence": {
"_name": "HIGH"
},
"message": "{\"request\": {\"url\": \"https://juiceshop.akto.io/\", \"method\": \"DELETE\", \"type\": \"HTTP/1.1\", \"queryParams\": null, \"body\": \"\", \"headers\": \"{\\\"sec-fetch-mode\\\":\\\"navigate\\\",\\\"sec-fetch-site\\\":\\\"none\\\",\\\"cookie\\\":\\\"language=en; welcomebanner_status=dismiss; cookieconsent_status=dismiss; continueCode=v7BmaPZbQ7NroLqvm1YzMVnwOBAVkTefndgpE5jkJlXey43R68K2D9xWNQgq\\\",\\\"accept-language\\\":\\\"en-GB,en-US;q=0.9,en;q=0.8\\\",\\\"sec-fetch-user\\\":\\\"?1\\\",\\\"x-akto-ignore\\\":\\\"0\\\",\\\"accept\\\":\\\"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\\\",\\\"sec-ch-ua\\\":\\\"\\\\\\\"Not A(Brand\\\\\\\";v=\\\\\\\"24\\\\\\\", \\\\\\\"Chromium\\\\\\\";v=\\\\\\\"110\\\\\\\"\\\",\\\"sec-ch-ua-mobile\\\":\\\"?0\\\",\\\"sec-ch-ua-platform\\\":\\\"\\\\\\\"macOS\\\\\\\"\\\",\\\"host\\\":\\\"juiceshop.akto.io\\\",\\\"upgrade-insecure-requests\\\":\\\"1\\\",\\\"connection\\\":\\\"close\\\",\\\"accept-encoding\\\":\\\"gzip, deflate\\\",\\\"user-agent\\\":\\\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.178 Safari/537.36\\\",\\\"sec-fetch-dest\\\":\\\"document\\\"}\"}, \"response\": {\"statusCode\": 200, \"body\": \"<!--\\n ~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.\\n ~ SPDX-License-Identifier: MIT\\n --><!DOCTYPE html><html lang=\\\"en\\\"><head>\\n <meta charset=\\\"utf-8\\\">\\n <title>OWASP Juice Shop</title>\\n <meta name=\\\"description\\\" content=\\\"Probably the most modern and sophisticated insecure web application\\\">\\n <meta name=\\\"viewport\\\" content=\\\"width=device-width, initial-scale=1\\\">\\n <link id=\\\"favicon\\\" rel=\\\"icon\\\" type=\\\"image/x-icon\\\" href=\\\"assets/public/favicon_js.ico\\\">\\n <link rel=\\\"stylesheet\\\" type=\\\"text/css\\\" href=\\\"//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css\\\">\\n <script src=\\\"//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js\\\"></script>\\n <script src=\\\"//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js\\\"></script>\\n <script>\\n window.addEventListener(\\\"load\\\", function(){\\n window.cookieconsent.initialise({\\n \\\"palette\\\": {\\n \\\"popup\\\": { \\\"background\\\": \\\"#546e7a\\\", \\\"text\\\": \\\"#ffffff\\\" },\\n \\\"button\\\": { \\\"background\\\": \\\"#558b2f\\\", \\\"text\\\": \\\"#ffffff\\\" }\\n },\\n \\\"theme\\\": \\\"classic\\\",\\n \\\"position\\\": \\\"bottom-right\\\",\\n \\\"content\\\": { \\\"message\\\": \\\"This website uses fruit cookies to ensure you get the juiciest tracking experience.\\\", \\\"dismiss\\\": \\\"Me want it!\\\", \\\"link\\\": \\\"But me wait!\\\", \\\"href\\\": \\\"https://www.youtube.com/watch?v=9PnbKL3wuH4\\\" }\\n })});\\n </script>\\n<style>.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@charset \\\"UTF-8\\\";@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel=\\\"stylesheet\\\" href=\\\"styles.css\\\" media=\\\"print\\\" onload=\\\"this.media='all'\\\"><noscript><link rel=\\\"stylesheet\\\" href=\\\"styles.css\\\"></noscript></head>\\n<body class=\\\"mat-app-background bluegrey-lightgreen-theme\\\">\\n <app-root></app-root>\\n<script src=\\\"runtime.js\\\" type=\\\"module\\\"></script><script src=\\\"polyfills.js\\\" type=\\\"module\\\"></script><script src=\\\"vendor.js\\\" type=\\\"module\\\"></script><script src=\\\"main.js\\\" type=\\\"module\\\"></script>\\n\\n</body></html>\", \"headers\": \"{\\\"date\\\":\\\"Wed, 17 May 2023 06:46:14 GMT\\\",\\\"access-control-allow-origin\\\":\\\"*\\\",\\\"last-modified\\\":\\\"Tue, 16 May 2023 08:42:03 GMT\\\",\\\"x-content-type-options\\\":\\\"nosniff\\\",\\\"x-recruiting\\\":\\\"/#/jobs\\\",\\\"vary\\\":\\\"Accept-Encoding\\\",\\\"x-frame-options\\\":\\\"SAMEORIGIN\\\",\\\"content-type\\\":\\\"text/html; charset=UTF-8\\\",\\\"etag\\\":\\\"W/\\\\\\\"7c3-18823b94087\\\\\\\"\\\",\\\"accept-ranges\\\":\\\"bytes\\\",\\\"cache-control\\\":\\\"public, max-age=0\\\",\\\"feature-policy\\\":\\\"payment 'self'\\\"}\"}}",
"originalMessage": "{\"method\":\"GET\",\"requestPayload\":\"\",\"responsePayload\":\"<!--\\n ~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.\\n ~ SPDX-License-Identifier: MIT\\n --><!DOCTYPE html><html lang=\\\"en\\\"><head>\\n <meta charset=\\\"utf-8\\\">\\n <title>OWASP Juice Shop</title>\\n <meta name=\\\"description\\\" content=\\\"Probably the most modern and sophisticated insecure web application\\\">\\n <meta name=\\\"viewport\\\" content=\\\"width=device-width, initial-scale=1\\\">\\n <link id=\\\"favicon\\\" rel=\\\"icon\\\" type=\\\"image/x-icon\\\" href=\\\"assets/public/favicon_js.ico\\\">\\n <link rel=\\\"stylesheet\\\" type=\\\"text/css\\\" href=\\\"//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css\\\">\\n <script src=\\\"//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js\\\"></script>\\n <script src=\\\"//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js\\\"></script>\\n <script>\\n window.addEventListener(\\\"load\\\", function(){\\n window.cookieconsent.initialise({\\n \\\"palette\\\": {\\n \\\"popup\\\": { \\\"background\\\": \\\"#546e7a\\\", \\\"text\\\": \\\"#ffffff\\\" },\\n \\\"button\\\": { \\\"background\\\": \\\"#558b2f\\\", \\\"text\\\": \\\"#ffffff\\\" }\\n },\\n \\\"theme\\\": \\\"classic\\\",\\n \\\"position\\\": \\\"bottom-right\\\",\\n \\\"content\\\": { \\\"message\\\": \\\"This website uses fruit cookies to ensure you get the juiciest tracking experience.\\\", \\\"dismiss\\\": \\\"Me want it!\\\", \\\"link\\\": \\\"But me wait!\\\", \\\"href\\\": \\\"https://www.youtube.com/watch?v=9PnbKL3wuH4\\\" }\\n })});\\n </script>\\n<style>.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@charset \\\"UTF-8\\\";@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel=\\\"stylesheet\\\" href=\\\"styles.css\\\" media=\\\"print\\\" onload=\\\"this.media='all'\\\"><noscript><link rel=\\\"stylesheet\\\" href=\\\"styles.css\\\"></noscript></head>\\n<body class=\\\"mat-app-background bluegrey-lightgreen-theme\\\">\\n <app-root></app-root>\\n<script src=\\\"runtime.js\\\" type=\\\"module\\\"></script><script src=\\\"polyfills.js\\\" type=\\\"module\\\"></script><script src=\\\"vendor.js\\\" type=\\\"module\\\"></script><script src=\\\"main.js\\\" type=\\\"module\\\"></script>\\n\\n</body></html>\",\"ip\":\"null\",\"source\":\"HAR\",\"type\":\"HTTP/1.1\",\"akto_vxlan_id\":\"1679459648\",\"path\":\"https://juiceshop.akto.io/\",\"requestHeaders\":\"{\\\"Cookie\\\":\\\"language=en; welcomebanner_status=dismiss; cookieconsent_status=dismiss; continueCode=v7BmaPZbQ7NroLqvm1YzMVnwOBAVkTefndgpE5jkJlXey43R68K2D9xWNQgq\\\",\\\"Accept\\\":\\\"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\\\",\\\"User-Agent\\\":\\\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.178 Safari/537.36\\\",\\\"Connection\\\":\\\"close\\\",\\\"Sec-Fetch-Site\\\":\\\"none\\\",\\\"Sec-Fetch-Dest\\\":\\\"document\\\",\\\"Host\\\":\\\"juiceshop.akto.io\\\",\\\"Accept-Encoding\\\":\\\"gzip, deflate\\\",\\\"Sec-Fetch-Mode\\\":\\\"navigate\\\",\\\"sec-ch-ua\\\":\\\"\\\\\\\"Not A(Brand\\\\\\\";v=\\\\\\\"24\\\\\\\", \\\\\\\"Chromium\\\\\\\";v=\\\\\\\"110\\\\\\\"\\\",\\\"sec-ch-ua-mobile\\\":\\\"?0\\\",\\\"Upgrade-Insecure-Requests\\\":\\\"1\\\",\\\"sec-ch-ua-platform\\\":\\\"\\\\\\\"macOS\\\\\\\"\\\",\\\"Sec-Fetch-User\\\":\\\"?1\\\",\\\"Accept-Language\\\":\\\"en-GB,en-US;q=0.9,en;q=0.8\\\"}\",\"responseHeaders\":\"{\\\"Access-Control-Allow-Origin\\\":\\\"*\\\",\\\"X-Content-Type-Options\\\":\\\"nosniff\\\",\\\"Connection\\\":\\\"close\\\",\\\"Last-Modified\\\":\\\"Thu, 09 Mar 2023 14:46:29 GMT\\\",\\\"Date\\\":\\\"Thu, 09 Mar 2023 14:48:39 GMT\\\",\\\"X-Frame-Options\\\":\\\"SAMEORIGIN\\\",\\\"Accept-Ranges\\\":\\\"bytes\\\",\\\"X-Recruiting\\\":\\\"/#/jobs\\\",\\\"Cache-Control\\\":\\\"public, max-age=0\\\",\\\"ETag\\\":\\\"W/\\\\\\\"7c3-186c6d67748\\\\\\\"\\\",\\\"Feature-Policy\\\":\\\"payment 'self'\\\",\\\"Vary\\\":\\\"Accept-Encoding\\\",\\\"Content-Length\\\":\\\"1987\\\",\\\"Content-Type\\\":\\\"text/html; charset=UTF-8\\\"}\",\"time\":\"1678373319\",\"contentType\":\"text/html; charset=UTF-8\",\"akto_account_id\":\"1000000\",\"statusCode\":\"200\",\"status\":\"OK\"}"
}
],
"testSubType": "CHANGE_METHOD_TO_DELETE",
"vulnerable": true,
"testRunResultSummaryId": {
"date": "2023-05-17T12:16:08",
"timestamp": 1684305968
},
"testRunId": {
"date": "2023-05-17T12:14:33",
"timestamp": 1684305873
},
"testSuperType": "BFLA",
"id": {
"date": "2023-05-17T12:16:14",
"timestamp": 1684305974
},
"apiInfoKey": {
"method": {
"_name": "GET"
},
"apiCollectionId": 1679459648,
"url": "https://juiceshop.akto.io/"
},
"confidencePercentage": 100,
"endTimestamp": 1684305974,
"startTimestamp": 1684305973,
"hexId": "6464783658e3a17b14ddfa67"
},
"authMechanism": "null",
"fetchCicd": false,
"testingRun": "null",
"testRunTime": 0,
"testingRunHexId": "null",
"endTimestamp": 0,
"startTimestamp": 0,
"testName": "null"
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
objectOptional
Sample description
Responses
200
description
application/json
Responseobject
AKTO_ERROR while building schema
post
POST /api/fetchDataTypes HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 2
{}200
description
{}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
Responses
200
description
application/json
post
POST /api/fetchAffectedEndpoints HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 253
{
"issueId": {
"testSubCategory": "CHANGE_METHOD_TO_DELETE",
"testErrorSource": "AUTOMATED_TESTING",
"testCategoryFromSourceConfig": "null",
"apiInfoKey": {
"method": "GET",
"apiCollectionId": 1679459648,
"url": "https://juiceshop.akto.io/"
},
"testSourceConfig": "null"
}
}200
description
{
"filterSubCategory": "null",
"vulnerableRequests": "null",
"issueId": {
"testSubCategory": "CHANGE_METHOD_TO_DELETE",
"testErrorSource": "AUTOMATED_TESTING",
"testCategoryFromSourceConfig": "null",
"apiInfoKey": {
"method": "GET",
"apiCollectionId": 1679459648,
"url": "https://juiceshop.akto.io/"
},
"testSourceConfig": "null"
},
"filterCollectionsId": "null",
"similarlyAffectedIssues": [
{
"severity": "HIGH",
"lastSeen": 1684301995,
"creationTime": 1684301995,
"testRunIssueStatus": "OPEN",
"latestTestingRunSummaryId": {
"date": "2023-05-17T11:09:37",
"timestamp": 1684301977
},
"ignoreReason": "null",
"id": {
"testSubCategory": "CHANGE_METHOD_TO_DELETE",
"testErrorSource": "AUTOMATED_TESTING",
"testCategoryFromSourceConfig": "null",
"apiInfoKey": {
"method": "GET",
"apiCollectionId": 1679462413,
"url": "https://backend.getbeamer.com/initialize"
},
"testSourceConfig": "null"
}
}
],
"filterStatus": "null",
"skip": 0,
"filterSeverity": "null",
"startEpoch": 0,
"issueIdArray": "null",
"testSourceConfigs": "null",
"issues": "null",
"subCategories": "null",
"totalIssuesCount": 0,
"testingRunResult": "null",
"ignoreReason": "null",
"limit": 0,
"categories": "null",
"statusToBeUpdated": "null"
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
objectOptional
Sample description
Responses
200
description
application/json
post
POST /api/fetchTagConfigs HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 2
{}200
description
{
"tagConfigs": {
"tagConfigs": [
{
"name": "API",
"creatorId": 1679380132,
"active": true,
"id": {
"date": "2023-03-22T10:52:11",
"timestamp": 1679462531
},
"keyConditions": {
"predicates": [
{
"type": "REGEX",
"value": ".*api.*"
}
],
"operator": "AND"
},
"timestamp": 1679462531
}
],
"usersMap": {
"NUMBER": "null"
}
},
"tagConfig": "null",
"name": "null",
"active": false,
"keyConditionFromUsers": "null",
"createNew": false,
"keyOperator": "null"
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
apiCollectionIdinteger · int32OptionalExample:
1684477780Responses
200
description
application/json
Responseobject
Sample description
post
POST /api/loadContent HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 30
{
"apiCollectionId": 1684477780
}200
description
{}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
fetchCicdbooleanOptionalExample:
falseResponses
200
description
application/json
post
POST /api/retrieveAllCollectionTests HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 19
{
"fetchCicd": false
}200
description
{
"metadata": "null",
"testingRunResults": "null",
"testingRunResultSummaries": "null",
"runIssues": "null",
"selectedTests": "null",
"maxConcurrentRequests": 0,
"recurringDaily": false,
"workflowTest": "null",
"authMechanism": {
"authParams": [
{
"showHeader": true,
"where": "HEADER",
"value": "text",
"key": "access-token"
}
],
"id": {
"date": "2023-03-22T12:11:33",
"timestamp": 1679467293
},
"type": "HARDCODED",
"uuid": "83c47038-0770-4f7c-946c-539b5927a97f"
},
"testingRunResult": "null",
"fetchCicd": false,
"testingRun": "null",
"testRunTime": 0,
"testingRunHexId": "null",
"endTimestamp": 1684564190,
"startTimestamp": 1684477790,
"testName": "null"
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
api_keystringOptionalExample:
PMAK-646733223asdasas579bbdd-dca753sdufhgy98erhwui245f12102Responses
200
description
application/json
post
POST /api/fetchPostmanWorkspaces HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 73
{
"api_key": "PMAK-646733223asdasas579bbdd-dca753sdufhgy98erhwui245f12102"
}200
description
{
"postmanCred": "{}",
"workspaces": [
{
"name": "My Workspace",
"id": "48dada0a-f1c4-499d-8d4b-0bcbc2ff016f",
"type": "personal"
}
]
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
objectOptional
Sample description
Responses
200
description
application/json
post
POST /api/fetchQuickStartPageState HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 2
{}200
description
{
"aktoMirroringStackName": "null",
"awsRegion": "null",
"awsAccountId": "null",
"aktoDashboardStackName": "null",
"configuredItems": [
"BURP"
],
"aktoDashboardRoleName": "null"
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
postmanCollectionFilestringOptionalExample:
{ "info": { "_postman_id": "c144967f-ca7f-4d01-a2a3-b171512d11e7", "name": "test01", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", "_exporter_id": "16638923" }, "item": [ { "name": "req01", "request": { "method": "GET", "header": [], "url": { "raw": "url01?p01=v01&p02&p03", "host": [ "url01" ], "query": [ { "key": "p01", "value": "v01" }, { "key": "p02", "value": null }, { "key": "p03", "value": null } ] } }, "response": [] }, { "name": "re02", "request": { "auth": { "type": "apikey", "apikey": [ { "key": "value", "value": "", "type": "string" }, { "key": "key", "value": "k01", "type": "string" } ] }, "method": "POST", "header": [ { "key": "h01", "value": "", "type": "default" }, { "key": "h02", "value": "", "type": "default" } ], "url": { "raw": "re102?p01&p02&p03&p04", "host": [ "re102" ], "query": [ { "key": "p01", "value": null }, { "key": "p02", "value": null }, { "key": "p03", "value": null }, { "key": "p04", "value": null } ] } }, "response": [] }, { "name": "r03", "request": { "method": "DELETE", "header": [], "url": { "raw": "d01?p01", "host": [ "d01" ], "query": [ { "key": "p01", "value": null } ] } }, "response": [] } ] }allowReplaybooleanOptionalExample:
trueResponses
200
description
application/json
post
POST /api/importDataFromPostmanFile HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 2668
{
"postmanCollectionFile": "{\n\t\"info\": {\n\t\t\"_postman_id\": \"c144967f-ca7f-4d01-a2a3-b171512d11e7\",\n\t\t\"name\": \"test01\",\n\t\t\"schema\": \"https://schema.getpostman.com/json/collection/v2.1.0/collection.json\",\n\t\t\"_exporter_id\": \"16638923\"\n\t},\n\t\"item\": [\n\t\t{\n\t\t\t\"name\": \"req01\",\n\t\t\t\"request\": {\n\t\t\t\t\"method\": \"GET\",\n\t\t\t\t\"header\": [],\n\t\t\t\t\"url\": {\n\t\t\t\t\t\"raw\": \"url01?p01=v01&p02&p03\",\n\t\t\t\t\t\"host\": [\n\t\t\t\t\t\t\"url01\"\n\t\t\t\t\t],\n\t\t\t\t\t\"query\": [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"key\": \"p01\",\n\t\t\t\t\t\t\t\"value\": \"v01\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"key\": \"p02\",\n\t\t\t\t\t\t\t\"value\": null\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"key\": \"p03\",\n\t\t\t\t\t\t\t\"value\": null\n\t\t\t\t\t\t}\n\t\t\t\t\t]\n\t\t\t\t}\n\t\t\t},\n\t\t\t\"response\": []\n\t\t},\n\t\t{\n\t\t\t\"name\": \"re02\",\n\t\t\t\"request\": {\n\t\t\t\t\"auth\": {\n\t\t\t\t\t\"type\": \"apikey\",\n\t\t\t\t\t\"apikey\": [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"key\": \"value\",\n\t\t\t\t\t\t\t\"value\": \"\",\n\t\t\t\t\t\t\t\"type\": \"string\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"key\": \"key\",\n\t\t\t\t\t\t\t\"value\": \"k01\",\n\t\t\t\t\t\t\t\"type\": \"string\"\n\t\t\t\t\t\t}\n\t\t\t\t\t]\n\t\t\t\t},\n\t\t\t\t\"method\": \"POST\",\n\t\t\t\t\"header\": [\n\t\t\t\t\t{\n\t\t\t\t\t\t\"key\": \"h01\",\n\t\t\t\t\t\t\"value\": \"\",\n\t\t\t\t\t\t\"type\": \"default\"\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\t\"key\": \"h02\",\n\t\t\t\t\t\t\"value\": \"\",\n\t\t\t\t\t\t\"type\": \"default\"\n\t\t\t\t\t}\n\t\t\t\t],\n\t\t\t\t\"url\": {\n\t\t\t\t\t\"raw\": \"re102?p01&p02&p03&p04\",\n\t\t\t\t\t\"host\": [\n\t\t\t\t\t\t\"re102\"\n\t\t\t\t\t],\n\t\t\t\t\t\"query\": [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"key\": \"p01\",\n\t\t\t\t\t\t\t\"value\": null\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"key\": \"p02\",\n\t\t\t\t\t\t\t\"value\": null\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"key\": \"p03\",\n\t\t\t\t\t\t\t\"value\": null\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"key\": \"p04\",\n\t\t\t\t\t\t\t\"value\": null\n\t\t\t\t\t\t}\n\t\t\t\t\t]\n\t\t\t\t}\n\t\t\t},\n\t\t\t\"response\": []\n\t\t},\n\t\t{\n\t\t\t\"name\": \"r03\",\n\t\t\t\"request\": {\n\t\t\t\t\"method\": \"DELETE\",\n\t\t\t\t\"header\": [],\n\t\t\t\t\"url\": {\n\t\t\t\t\t\"raw\": \"d01?p01\",\n\t\t\t\t\t\"host\": [\n\t\t\t\t\t\t\"d01\"\n\t\t\t\t\t],\n\t\t\t\t\t\"query\": [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"key\": \"p01\",\n\t\t\t\t\t\t\t\"value\": null\n\t\t\t\t\t\t}\n\t\t\t\t\t]\n\t\t\t\t}\n\t\t\t},\n\t\t\t\"response\": []\n\t\t}\n\t]\n}",
"allowReplay": true
}200
description
{
"postmanCred": "{}",
"workspaces": "null"
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
useHostbooleanOptionalExample:
falseapiCollectionIdinteger · int32OptionalExample:
1684477780Responses
200
description
application/json
post
POST /api/fetchAPICollection HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 46
{
"useHost": false,
"apiCollectionId": 1684477780
}200
description
{
"data": {
"endpoints": [
{
"startTs": 1684477861,
"changesCount": 67,
"_id": {
"method": "POST",
"apiCollectionId": 1684477780,
"url": "/api/fetchTestRunResultDetails",
"tags": [
"API"
]
}
}
],
"apiInfoList": [
{
"lastSeen": 1684477862,
"actualAuthType": [
"JWT"
],
"allAuthTypesFound": [
[
"JWT"
]
],
"violations": "{}",
"id": {
"method": "POST",
"apiCollectionId": 1684477780,
"url": "/api/fetchTestRunResultDetails"
}
}
]
}
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
objectOptional
Sample description
Responses
200
description
application/json
Responseobject
AKTO_ERROR while building schema
post
POST /api/fetchAllSubCategories HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 2
{}200
description
{}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
endTimestampinteger · int32OptionalExample:
1684477941startTimestampinteger · int32OptionalExample:
1679293941Responses
200
description
application/json
post
POST /api/fetchNewParametersTrend HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 55
{
"endTimestamp": 1684477941,
"startTimestamp": 1679293941
}200
description
{
"data": {
"endpoints": [
{
"count": 3892,
"_id": 19496
}
]
}
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
objectOptional
Sample description
Responses
200
description
application/json
post
POST /api/fetchFilters HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 2
{}200
description
{
"runtimeFilters": [
{
"useCase": "DETERMINE_API_ACCESS_TYPE",
"customFilterList": [
{
"endValue": 299,
"startValue": 200
}
],
"name": "Open Endpoints",
"id": 1679459648,
"customFiltersOperator": "AND",
"customFieldName": "access_type"
}
]
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
objectOptional
Sample description
Responses
200
description
application/json
post
POST /api/fetchTestRoles HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 2
{}200
description
{
"testRoles": [
{
"authMechanism": {
"authParams": [
{
"showHeader": true,
"where": "HEADER",
"value": "eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJBa3RvIiwic3ViIjoibG9naW4iLCJzaWduZWRVcCI6InRydWUiLCJ1c2VybmFtZSI6ImFua3VzaEBha3RvLmlvIiwiaWF0IjoxNjc5NDY3MjQxLCJleHAiOjE2Nzk0NjgxNDF9.HAK__lPJUyeGIFCqNPdstCDAYZYzIQTMmJfRLKWTYRKGnZDX6TF2XWs756SflLJYLRl9vE8LONPB5D1ij2LZpokP1rtYGDVe7e2PtgPqlEumoK4xMutucT6i42QStBTaSimVXcU4k9lwr3n4thL-lZt1KNctcsdG4cXvdOoMV6oAClQEJpgAChbO8WAHunIgQQ3vsCUXTOEEqy0atJEeed4UnXut3810g1QuCbJtKGn1I7lqh99MrQnE_T33TNIIpWJ_VeZgunroURFCMTaMJSyc8h2UiM8Bx60SGyDE6G7kwODYBRx_OKWTW-V0jV9GTTzhIYcDNBqkZ3O0uADO1w",
"key": "access-token"
}
],
"id": "null",
"requestData": "null",
"type": "HARDCODED",
"uuid": "25edec4b-b739-468c-9517-7869ce6bddbf"
},
"createdBy": "[email protected]",
"name": "ADMIN",
"lastUpdatedTs": 1679467896,
"endpointLogicalGroupId": {
"date": "2023-03-22T11:43:13",
"timestamp": 1679465559
},
"id": {
"date": "2023-03-22T11:43:13",
"timestamp": 1679465559
},
"createdTs": 1679465559,
"endpointLogicalGroup": {
"groupName": "MEMBER_endpoint-logical-group",
"createdBy": "[email protected]",
"testingEndpoints": {
"andConditions": "null",
"type": "LOGICAL_GROUP",
"orConditions": {
"predicates": [
{
"type": "CONTAINS",
"value": "api"
}
],
"operator": "OR"
}
},
"id": {
"date": "2023-03-22T11:43:13",
"timestamp": 1679465559
},
"updatedTs": 1679467896,
"createdTs": 1679465559
}
}
],
"roleName": "null",
"andConditions": "null",
"selectedRole": "null",
"orConditions": "null"
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
endTimestampinteger · int32OptionalExample:
1684478055startTimestampinteger · int32OptionalExample:
0Responses
200
description
application/json
post
POST /api/fetchSubTypeCountMap HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 46
{
"endTimestamp": 1684478055,
"startTimestamp": 0
}200
description
{
"listOfEndpointsInCollection": "null",
"endpoints": "null",
"method": "null",
"skip": 0,
"apiCollectionId": -1,
"filters": "null",
"url": "null",
"filterOperators": "null",
"urls": "null",
"sortKey": "null",
"response": {
"subTypeCountMap": {
"REQUEST": {
"USERNAME": 2,
"PHONE_NUMBER": 1,
"EMAIL": 7
},
"RESPONSE": {
"JWT": 15,
"USERNAME": 5,
"IP_ADDRESS": 1,
"EMAIL": 26,
"TOKEN": 1,
"SECRET": 3
}
}
},
"sortOrder": 0,
"limit": 0
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
testingRunResultHexIdstringOptionalExample:
6464783658e3a17b14ddfa67Responses
200
description
application/json
post
POST /api/fetchIssueFromTestRunResultDetails HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 52
{
"testingRunResultHexId": "6464783658e3a17b14ddfa67"
}200
description
{
"metadata": "null",
"testingRunResults": "null",
"testingRunResultSummaries": "null",
"runIssues": {
"severity": "HIGH",
"lastSeen": 1684305974,
"creationTime": 1684305974,
"testRunIssueStatus": "OPEN",
"ignoreReason": "null",
"latestTestingRunSummaryId": {
"date": "2023-05-17T12:16:08",
"timestamp": 1684305968
},
"id": {
"testSubCategory": "CHANGE_METHOD_TO_DELETE",
"testErrorSource": "AUTOMATED_TESTING",
"testCategoryFromSourceConfig": "null",
"apiInfoKey": {
"method": "GET",
"apiCollectionId": 1679459648,
"url": "https://juiceshop.akto.io/"
},
"testSourceConfig": "null"
}
},
"selectedTests": "null",
"maxConcurrentRequests": 0,
"testingRuns": "null",
"recurringDaily": false,
"workflowTest": "null",
"authMechanism": "null",
"testingRunResult": "null",
"fetchCicd": false,
"testingRun": "null",
"testRunTime": 0,
"testingRunHexId": "null",
"endTimestamp": 0,
"startTimestamp": 0,
"testName": "null"
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
searchTextstringOptional
Responses
200
description
application/json
post
POST /api/fetchSearchTestResults HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 17
{
"searchText": ""
}200
description
{
"severity": "null",
"searchText": "",
"description": "null",
"defaultCreator": false,
"inbuiltTests": [
{
"issueTags": [
"Business logic"
],
"issueImpact": "text",
"superCategory": {
"severity": {
"_name": "HIGH"
},
"displayName": "Broken Object Level Authorization (BOLA)",
"name": "SSRF",
"shortName": "Broken Function Level Authorization"
},
"references": "null",
"_name": "ADD_PUT_METHOD_OVERRIDE_HEADERS",
"name": "ADD_PUT_METHOD_OVERRIDE_HEADERS",
"issueDetails": "\"The endpoint appears to be vulnerable to Server Side Request Forgery attack. The original request was replayed by replacing CSV upload parameter with url that redirects to AWS IMDS endpoint. The application responded with 2XX success code and also gave out sensitive AWS information in response. Server-Side Request Forgery (SSRF) flaws occur whenever an API is fetching a remote resource without validating the user-supplied URL. It allows an attacker to coerce the application to send a crafted request to an unexpected destination, even when protected by a firewall or a VPN.\\n \"Modern concepts in application development make SSRF more common and more dangerous.\\n\" \"More common - the following concepts encourage developers to access an external resource based on user input: Webhooks, file fetching from URLs, custom SSO, and URL previews.\\n\" \"More dangerous - Modern technologies like cloud providers, Kubernetes, and Docker expose management and control channels over HTTP on predictable, well-known paths. Those channels are an easy target for an SSRF attack.\\n\" \"It is also more challenging to limit outbound traffic from your application, because of the connected nature of modern applications.\\n\" + \"The SSRF risk can not always be completely eliminated. While choosing a protection mechanism, it is important to consider the business risks and needs.\"\n",
"issueDescription": "Quite often, APIs do not impose any restrictions on the size or number of resources that can be requested by the user.",
"testName": "BFLA by HTTP DELETE method overriding"
}
],
"categories": [
{
"severity": {
"_name": "HIGH"
},
"_name": "SSRF",
"displayName": "Improper Assets Management (IAM)",
"name": "SSRF",
"shortName": "Broken Function Level Authorization"
}
],
"testSourceConfigs": "null",
"category": "null",
"subcategory": "null",
"searchResults": [
{
"severity": {
"_name": "HIGH"
},
"creator": "default",
"addedEpoch": 1679402464,
"description": "",
"stars": 0,
"id": "https://github.com/akto-api-security/tests-library/blob/master/Misconfiguration/configs/appspec-yml-disclosure.yaml",
"category": {
"severity": {
"_name": "HIGH"
},
"_name": "INJ",
"displayName": "Broken Object Level Authorization (BOLA)",
"name": "INJ",
"shortName": "Injection"
},
"subcategory": "redirect",
"installs": 0,
"tags": "null"
}
],
"url": "null",
"tags": "null"
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
methodstringOptionalExample:
POSTapiCollectionIdinteger · int32OptionalExample:
1684477780urlstringOptionalExample:
/api/fetchQuickStartPageStateResponses
200
description
application/json
post
POST /api/fetchSensitiveSampleData HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 84
{
"method": "POST",
"apiCollectionId": 1684477780,
"url": "/api/fetchQuickStartPageState"
}200
description
{
"sensitiveSampleData": "{}",
"sampleDataList": "null",
"traffic": "{}"
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
methodstringOptionalExample:
POSTapiCollectionIdinteger · int32OptionalExample:
1684477780urlstringOptionalExample:
/api/fetchQuickStartPageStateResponses
200
description
application/json
post
POST /api/loadParamsOfEndpoint HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 84
{
"method": "POST",
"apiCollectionId": 1684477780,
"url": "/api/fetchQuickStartPageState"
}200
description
{
"data": {
"params": [
{
"isUrlParam": false,
"method": "POST",
"maxValue": -9223372036854675000,
"values": {
"elements": [
"http://localhost:8080"
]
},
"count": 5,
"isPrivate": true,
"apiCollectionId": 1684477780,
"sensitive": false,
"url": "/api/fetchQuickStartPageState",
"responseCode": 200,
"duration": 0,
"minValue": 9223372036854675000,
"lastSeen": 1684477861,
"publicCount": 0,
"param": "date",
"isHeader": true,
"subTypeString": "GENERIC",
"domain": "ENUM",
"subType": {
"sensitiveAlways": false,
"name": "GENERIC",
"swaggerSchemaClass": "class io.swagger.v3.oas.models.media.StringSchema",
"sensitivePosition": [
"RESPONSE_PAYLOAD"
],
"superType": "STRING"
},
"timestamp": 1684477861,
"uniqueCount": 0
}
]
}
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
objectOptional
Sample description
Responses
200
description
application/json
post
POST /api/getAllCollections HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 2
{}200
description
{
"apiCollections": [
{
"hostName": "null",
"urlsCount": 0,
"vxlanId": 0,
"displayName": "AktoSwagger",
"name": "AktoSwagger",
"startTs": 1679462413,
"id": 0
}
],
"apiCollectionId": 0
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
ignoreReasonstringOptionalExample:
No time to fixstatusToBeUpdatedstringOptionalExample:
IGNOREDResponses
200
description
application/json
post
POST /api/updateIssueStatus HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 318
{
"issueId": {
"testSubCategory": "REMOVE_TOKENS",
"testErrorSource": "AUTOMATED_TESTING",
"testCategoryFromSourceConfig": "null",
"apiInfoKey": {
"method": "GET",
"apiCollectionId": 1679462413,
"url": "http://localhost:8080/api/updateProfile"
},
"testSourceConfig": "null"
},
"ignoreReason": "No time to fix",
"statusToBeUpdated": "IGNORED"
}200
description
{
"filterSubCategory": "null",
"vulnerableRequests": "null",
"issueId": {
"testSubCategory": "REMOVE_TOKENS",
"testErrorSource": "AUTOMATED_TESTING",
"testCategoryFromSourceConfig": "null",
"apiInfoKey": {
"method": "GET",
"apiCollectionId": 1679462413,
"url": "http://localhost:8080/api/updateProfile"
},
"testSourceConfig": "null"
},
"filterCollectionsId": "null",
"similarlyAffectedIssues": "null",
"filterStatus": "null",
"skip": 0,
"filterSeverity": "null",
"startEpoch": 0,
"issueIdArray": "null",
"testSourceConfigs": "null",
"issues": "null",
"subCategories": "null",
"totalIssuesCount": 0,
"testingRunResult": "null",
"ignoreReason": "null",
"limit": 0,
"categories": "null",
"statusToBeUpdated": "OPEN"
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
apiCollectionIdinteger · int32OptionalExample:
1684477780Responses
200
description
application/json
post
POST /api/fetchAktoGptConfig HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 30
{
"apiCollectionId": 1684477780
}200
description
{
"apiCollectionId": 1684477780,
"currentState": [
{
"state": "ENABLED",
"id": 1684477780,
"collectionName": "AktoSwagger"
}
]
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
objectOptional
Sample description
Responses
200
description
application/json
post
POST /api/fetchDataTypeNames HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 2
{}200
description
{
"totalSampleDataCount": 0,
"dataTypes": "null",
"currentProcessed": 0,
"customSubTypeMatches": "null",
"customDataType": "null",
"allDataTypes": [
"IBAN EUROPE"
],
"sensitivePosition": "null",
"aktoDataType": "null"
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
endTimestampinteger · int32OptionalExample:
1684477941startTimestampinteger · int32OptionalExample:
1679293941Responses
200
description
application/json
post
POST /api/loadRecentEndpoints HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 55
{
"endTimestamp": 1684477941,
"startTimestamp": 1679293941
}200
description
{
"data": {
"endpoints": [
{
"count": 1,
"countTs": 44,
"startTs": 1679927524,
"_id": {
"method": "POST",
"apiCollectionId": 1679462413,
"url": "http://localhost:8080/api/updateProfile",
"tags": [
"API"
]
}
}
],
"apiInfoList": [
{
"lastSeen": 1684477751,
"actualAuthType": [
"AUTHORIZATION_HEADER"
],
"allAuthTypesFound": [
[
"AUTHORIZATION_HEADER"
]
],
"violations": "{}",
"id": {
"method": "POST",
"apiCollectionId": 1681120246,
"url": "/api/fetchTestRunResultDetails"
}
}
]
}
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
limitinteger · int32OptionalExample:
20filterStatusstring[]OptionalExample:
OPENskipinteger · int32OptionalExample:
0startEpochinteger · int32OptionalExample:
0Responses
200
description
application/json
post
POST /api/fetchAllIssues HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 60
{
"limit": 20,
"filterStatus": [
"OPEN"
],
"skip": 0,
"startEpoch": 0
}200
description
{
"vulnerableRequests": "null",
"issueId": "null",
"similarlyAffectedIssues": "null",
"filterStatus": [
"OPEN"
],
"skip": 0,
"startEpoch": 0,
"issueIdArray": "null",
"testSourceConfigs": "null",
"issues": [
{
"severity": "HIGH",
"lastSeen": 1684304084,
"creationTime": 1684304084,
"testRunIssueStatus": "OPEN",
"latestTestingRunSummaryId": {
"date": "2023-05-17T12:16:08",
"timestamp": 1684301977
},
"ignoreReason": "null",
"id": {
"testSubCategory": "ADD_PUT_METHOD_OVERRIDE_HEADERS",
"testErrorSource": "AUTOMATED_TESTING",
"testCategoryFromSourceConfig": "null",
"apiInfoKey": {
"method": "POST",
"apiCollectionId": 1679462413,
"url": "http://localhost:8080/api/updateProfile"
},
"testSourceConfig": "null"
}
}
],
"subCategories": "null",
"totalIssuesCount": 299,
"testingRunResult": "null",
"ignoreReason": "null",
"limit": 20,
"categories": "null",
"statusToBeUpdated": "null"
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
roleNamestringOptionalExample:
GUESTResponses
200
description
application/json
post
POST /api/addTestRoles HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 108
{
"roleName": "GUEST",
"orConditions": {
"predicates": [
{
"type": "CONTAINS",
"value": "api/user/"
}
],
"operator": "OR"
}
}200
description
{
"testRoles": "null",
"roleName": "GUEST",
"andConditions": "null",
"selectedRole": {
"createdBy": "[email protected]",
"authMechanism": "null",
"name": "GUEST",
"lastUpdatedTs": 1684477847,
"id": {
"date": "2023-05-19T12:00:47",
"timestamp": 1684477847
},
"endpointLogicalGroupId": {
"date": "2023-05-19T12:00:47",
"timestamp": 1684477847
},
"createdTs": 1684477847,
"endpointLogicalGroup": {
"groupName": "GUEST_endpoint-logical-group",
"createdBy": "[email protected]",
"testingEndpoints": {
"andConditions": "null",
"type": "LOGICAL_GROUP",
"orConditions": {
"predicates": [
{
"type": "CONTAINS",
"value": "api/user/"
}
],
"operator": "OR"
}
},
"id": {
"date": "2023-05-19T12:00:47",
"timestamp": 1684477847
},
"updatedTs": 1684477847,
"createdTs": 1684477847
}
},
"orConditions": {
"predicates": [
{
"type": "CONTAINS",
"value": "api/user/"
}
],
"operator": "OR"
}
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
testingRunResultSummaryHexIdstringOptionalExample:
6464783058e3a17b14ddf64eResponses
200
description
application/json
post
POST /api/fetchTestingRunResults HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 59
{
"testingRunResultSummaryHexId": "6464783058e3a17b14ddf64e"
}200
description
{
"metadata": "null",
"testingRunResults": [
{
"testResults": "null",
"testRunResultSummaryId": {
"date": "2023-05-17T12:16:08",
"timestamp": 1684305968
},
"testRunId": {
"date": "2023-05-17T12:14:33",
"timestamp": 1684305873
},
"singleTypeInfos": "null",
"vulnerable": true,
"testSubType": "CHANGE_METHOD_TO_GET",
"testSuperType": "BFLA",
"apiInfoKey": {
"method": "POST",
"apiCollectionId": 1679459648,
"url": "https://juiceshop.akto.io/rest/basket/6"
},
"id": {
"date": "2023-05-17T12:16:13",
"timestamp": 1684305973
},
"confidencePercentage": 100,
"endTimestamp": 1684305972,
"startTimestamp": 1684305972,
"hexId": "6464783658e3a17b14ddfa47"
}
],
"testingRunResultSummaries": "null",
"runIssues": "null",
"selectedTests": "null",
"maxConcurrentRequests": 0,
"testingRuns": "null",
"recurringDaily": false,
"workflowTest": "null",
"authMechanism": "null",
"testingRunResult": "null",
"fetchCicd": false,
"testingRun": "null",
"testRunTime": 0,
"testingRunHexId": "null",
"endTimestamp": 0,
"startTimestamp": 0,
"testName": "null"
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
objectOptional
Sample description
Responses
200
description
application/json
Responseobject
AKTO_ERROR while building schema
post
POST /api/fetchAllMarketplaceSubcategories HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 2
{}200
description
{}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
urlsstring[]OptionalExample:
http://localhost:8080/api/updateProfileResponses
200
description
application/json
post
POST /api/fetchSensitiveParamsForEndpoints HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 52
{
"urls": [
"http://localhost:8080/api/updateProfile"
]
}200
description
{
"data": {
"endpoints": [
{
"isUrlParam": false,
"method": "POST",
"maxValue": -9223372036854675000,
"count": 11,
"sensitive": true,
"apiCollectionId": 1679462413,
"isPrivate": true,
"url": "https://forms.hscollectedforms.net:443/collected-forms/submit/form",
"responseCode": 200,
"duration": 0,
"minValue": 9223372036854675000,
"lastSeen": 1681120336,
"publicCount": 0,
"param": "testingRun#userEmail",
"subTypeString": "JWT",
"isHeader": true,
"domain": "ENUM",
"subType": {
"sensitiveAlways": true,
"name": "JWT",
"swaggerSchemaClass": "class io.swagger.v3.oas.models.media.EmailSchema",
"sensitivePosition": [
"RESPONSE_PAYLOAD"
],
"superType": "CUSTOM"
},
"uniqueCount": 0,
"timestamp": 1681120336
}
]
}
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
objectOptional
Sample description
Responses
200
description
application/json
post
POST /api/getPostmanCredential HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 2
{}200
description
{
"postmanCred": "{}",
"workspaces": "null"
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
workspace_idstringOptionalExample:
48dada0a-f1c4-499d-8d4b-0bcbc2ff016fapi_keystringOptionalExample:
PMAK-646733223asdasas579bbdd-dca753sdufhgy98erhwui245f12102allowReplaybooleanOptionalExample:
trueResponses
200
description
application/json
post
POST /api/importPostmanWorkspace HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 146
{
"workspace_id": "48dada0a-f1c4-499d-8d4b-0bcbc2ff016f",
"api_key": "PMAK-646733223asdasas579bbdd-dca753sdufhgy98erhwui245f12102",
"allowReplay": true
}200
description
{
"postmanCred": "{}",
"workspaces": "null"
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
requestbooleanOptionalExample:
falsesortKeystringOptionalExample:
timestampsortOrderinteger · int32OptionalExample:
-1limitinteger · int32OptionalExample:
100skipinteger · int32OptionalExample:
0sensitivebooleanOptionalExample:
falseendTimestampinteger · int32OptionalExample:
1684477941startTimestampinteger · int32OptionalExample:
1679293941Responses
200
description
application/json
post
POST /api/fetchChanges HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 303
{
"request": false,
"filterOperators": {
"color": "OR",
"method": "OR",
"param": "OR",
"isHeader": "OR",
"domain": "OR",
"subType": "OR",
"apiCollectionId": "OR",
"url": "OR",
"timestamp": "OR"
},
"sortKey": "timestamp",
"sortOrder": -1,
"limit": 100,
"skip": 0,
"sensitive": false,
"endTimestamp": 1684477941,
"startTimestamp": 1679293941
}200
description
{
"listOfEndpointsInCollection": "null",
"filterOperators": {
"color": "OR",
"method": "OR",
"param": "OR",
"isHeader": "OR",
"domain": "OR",
"subType": "OR",
"apiCollectionId": "OR",
"url": "OR",
"timestamp": "OR"
},
"urls": "null",
"endpoints": "null",
"sortKey": "timestamp",
"method": "null",
"response": {
"data": {
"endpoints": [
{
"isUrlParam": false,
"method": "POST",
"maxValue": -9223372036854675000,
"values": {
"elements": [
"http://localhost:8080/api/updateProfile"
]
},
"count": 2,
"isPrivate": true,
"apiCollectionId": 1684477780,
"sensitive": true,
"url": "/api/fetchEndpointTrafficData",
"responseCode": 200,
"duration": 0,
"minValue": -9223372036854675000,
"lastSeen": 1684477920,
"publicCount": 0,
"param": "date",
"isHeader": true,
"subTypeString": "OTHER",
"domain": "ENUM",
"subType": {
"sensitiveAlways": true,
"swaggerSchemaClass": "class io.swagger.v3.oas.models.media.BooleanSchema",
"name": "OTHER",
"superType": "FLOAT"
},
"timestamp": 1684477931,
"uniqueCount": 0
}
],
"total": 10604
}
},
"sortOrder": -1,
"limit": 100,
"skip": 0,
"apiCollectionId": -1,
"url": "null"
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
isUrlParambooleanOptionalExample:
falsemethodstringOptionalExample:
POSTmaxValueinteger · int32OptionalExample:
1000000countinteger · int32OptionalExample:
9apiCollectionIdinteger · int32OptionalExample:
1684477780isPrivatebooleanOptionalExample:
truesensitivebooleanOptionalExample:
trueurlstringOptionalExample:
/api/retrieveAllCollectionTestsresponseCodeinteger · int32OptionalExample:
-1durationinteger · int32OptionalExample:
0minValueinteger · int32OptionalExample:
1000000lastSeeninteger · int32OptionalExample:
1684477801publicCountinteger · int32OptionalExample:
0paramstringOptionalExample:
accountisHeaderbooleanOptionalExample:
truesubTypeStringstringOptionalExample:
INTEGER_32domainstringOptionalExample:
ENUMtimestampinteger · int32OptionalExample:
1684477791uniqueCountinteger · int32OptionalExample:
0Responses
200
description
application/json
post
POST /api/addSensitiveField HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 558
{
"isUrlParam": false,
"method": "POST",
"maxValue": 1000000,
"values": {
"elements": [
1000000
]
},
"count": 9,
"apiCollectionId": 1684477780,
"isPrivate": true,
"sensitive": true,
"url": "/api/retrieveAllCollectionTests",
"responseCode": -1,
"duration": 0,
"minValue": 1000000,
"lastSeen": 1684477801,
"publicCount": 0,
"param": "account",
"isHeader": true,
"subTypeString": "INTEGER_32",
"domain": "ENUM",
"subType": {
"sensitiveAlways": false,
"name": "INTEGER_32",
"swaggerSchemaClass": "class io.swagger.v3.oas.models.media.IntegerSchema",
"superType": "INTEGER"
},
"timestamp": 1684477791,
"uniqueCount": 0
}200
description
{
"data": "null"
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
objectOptional
Sample description
Responses
200
description
application/json
post
POST /api/fetchWorkflowTests HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 2
{}200
description
{
"str": "null",
"nodes": "null",
"workflowTestJson": "null",
"logFetchEndTime": 0,
"edges": "null",
"mapNodeIdToWorkflowNodeDetails": "null",
"apiCollectionId": 0,
"id": 0,
"state": "null",
"testingLogs": "null",
"logFetchStartTime": 0
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
roleNamestringOptionalExample:
MEMBERResponses
200
description
application/json
post
POST /api/updateTestRoles HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 105
{
"roleName": "MEMBER",
"orConditions": {
"predicates": [
{
"type": "CONTAINS",
"value": "api-2"
}
],
"operator": "OR"
}
}200
description
{
"testRoles": "null",
"roleName": "MEMBER",
"andConditions": "null",
"selectedRole": "null",
"orConditions": {
"predicates": [
{
"type": "CONTAINS",
"value": "api-2"
}
],
"operator": "OR"
}
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
apiCollectionIdinteger · int32OptionalExample:
1684477780Responses
200
description
application/json
post
POST /api/loadSensitiveParameters HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 30
{
"apiCollectionId": 1684477780
}200
description
{
"data": {
"endpoints": [
{
"isUrlParam": false,
"method": "POST",
"maxValue": -9223372036854675000,
"count": 4,
"sensitive": true,
"apiCollectionId": 1684477780,
"isPrivate": true,
"url": "/dashboard/testing",
"responseCode": 200,
"duration": 0,
"minValue": 9223372036854675000,
"lastSeen": 1684477851,
"publicCount": 0,
"param": "testingRun#userEmail",
"subTypeString": "JWT",
"isHeader": true,
"domain": "ENUM",
"subType": {
"sensitiveAlways": true,
"name": "JWT",
"swaggerSchemaClass": "class io.swagger.v3.oas.models.media.EmailSchema",
"sensitivePosition": [
"RESPONSE_PAYLOAD"
],
"superType": "CUSTOM"
},
"uniqueCount": 0,
"timestamp": 1684477851
}
]
}
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
objectOptional
Sample description
Responses
200
description
application/json
post
POST /api/fetchAuthMechanismData HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 2
{}200
description
{
"workflowTestingRun": "null",
"authParamData": "null",
"authMechanism": {
"authParams": [
{
"showHeader": true,
"where": "HEADER",
"value": "text",
"key": "access-token"
}
],
"id": {
"date": "2023-03-22T12:11:33",
"timestamp": 1679467293
},
"type": "HARDCODED",
"uuid": "83c47038-0770-4f7c-946c-539b5927a97f"
},
"responses": "null",
"type": "null",
"workflowTestResult": "null",
"requestData": "null",
"uuid": "null",
"nodeId": "null"
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
objectOptional
Sample description
Responses
200
description
application/json
post
POST /api/stopAllTests HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 2
{}200
description
{
"metadata": "null",
"testingRunResults": "null",
"testingRunResultSummaries": "null",
"runIssues": "null",
"selectedTests": "null",
"maxConcurrentRequests": 0,
"recurringDaily": false,
"workflowTest": "null",
"authMechanism": "null",
"testingRunResult": "null",
"fetchCicd": false,
"testingRun": "null",
"testRunTime": 0,
"testingRunHexId": "null",
"endTimestamp": 0,
"startTimestamp": 0,
"testName": "null"
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
objectOptional
Sample description
Responses
200
description
application/json
post
POST /api/fetchCustomAuthTypes HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 2
{}200
description
{
"customAuthType": "null",
"usersMap": "{}"
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
methodstringOptionalExample:
POSTendEpochinteger · int32OptionalExample:
1684477910apiCollectionIdinteger · int32OptionalExample:
1684477780startEpochinteger · int32OptionalExample:
1679293910urlstringOptionalExample:
/api/fetchQuickStartPageStateResponses
200
description
application/json
post
POST /api/fetchEndpointTrafficData HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 130
{
"method": "POST",
"endEpoch": 1684477910,
"apiCollectionId": 1684477780,
"startEpoch": 1679293910,
"url": "/api/fetchQuickStartPageState"
}200
description
{
"sensitiveSampleData": "{}",
"sampleDataList": "null",
"traffic": "{}"
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
sensitiveAlwaysbooleanOptionalExample:
falsenamestringOptionalExample:
EMAILsensitivePositionstring[]OptionalExample:
RESPONSE_PAYLOADResponses
200
description
application/json
post
POST /api/saveAktoDataType HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 81
{
"sensitiveAlways": false,
"name": "EMAIL",
"sensitivePosition": [
"RESPONSE_PAYLOAD"
]
}200
description
{
"totalSampleDataCount": 0,
"dataTypes": "null",
"currentProcessed": 0,
"customSubTypeMatches": "null",
"customDataType": "null",
"allDataTypes": "null",
"sensitivePosition": [
"RESPONSE_PAYLOAD"
],
"aktoDataType": {
"sensitiveAlways": false,
"name": "EMAIL",
"ignoreData": {
"ignoredKeysInSelectedAPIs": "{}"
},
"sensitivePosition": [
"RESPONSE_PAYLOAD"
],
"timestamp": 1684478117
}
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
testingRunHexIdstringOptionalExample:
646477d11cf07b51403bf5b1endTimestampinteger · int32OptionalExample:
1684477795startTimestampinteger · int32OptionalExample:
1683901795Responses
200
description
application/json
post
POST /api/fetchTestingRunResultSummaries HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 100
{
"testingRunHexId": "646477d11cf07b51403bf5b1",
"endTimestamp": 1684477795,
"startTimestamp": 1683901795
}200
description
{
"metadata": "null",
"testingRunResults": "null",
"testingRunResultSummaries": [
{
"metadata": "null",
"totalApis": 19,
"testResultsCount": 72,
"countIssues": {
"HIGH": 7,
"MEDIUM": 0,
"LOW": 0
},
"testingRunId": {
"date": "2023-05-17T12:14:33",
"timestamp": 1684305873
},
"id": {
"date": "2023-05-17T12:16:08",
"timestamp": 1684305968
},
"testingRunHexId": "null",
"state": "COMPLETED",
"endTimestamp": 1684305974,
"startTimestamp": 1684305968,
"hexId": "6464783058e3a17b14ddf64e"
}
],
"runIssues": "null",
"selectedTests": "null",
"maxConcurrentRequests": 0,
"testingRuns": "null",
"recurringDaily": false,
"workflowTest": "null",
"authMechanism": "null",
"testingRunResult": "null",
"fetchCicd": false,
"testingRun": {
"periodInSeconds": 0,
"testingRunConfig": "null",
"testingEndpoints": {
"apiCollectionId": 1679459648,
"type": "COLLECTION_WISE"
},
"maxConcurrentRequests": -1,
"testIdConfig": 1684305873,
"pickedUpTimestamp": 1684305968,
"scheduleTimestamp": 1684305852,
"name": "juice_shop_demo_BFLA_RL",
"userEmail": "[email protected]",
"testRunTime": -1,
"id": {
"date": "2023-05-17T12:14:33",
"timestamp": 1684305873
},
"state": "COMPLETED",
"endTimestamp": 1684305974,
"hexId": "646477d11cf07b51403bf5b1"
},
"testRunTime": 0,
"testingRunHexId": "646477d11cf07b51403bf5b1",
"endTimestamp": 1684477795,
"startTimestamp": 1683901795,
"testName": "null"
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
methodstringOptionalExample:
POSTapiCollectionIdinteger · int32OptionalExample:
1684477780urlstringOptionalExample:
/api/fetchQuickStartPageStateResponses
200
description
application/json
post
POST /api/fetchSampleData HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 84
{
"method": "POST",
"apiCollectionId": 1684477780,
"url": "/api/fetchQuickStartPageState"
}200
description
{
"sensitiveSampleData": "{}",
"sampleDataList": [
{
"id": {
"method": "POST",
"bucketEndEpoch": 0,
"bucketStartEpoch": 0,
"apiCollectionId": 1684477780,
"url": "/api/fetchQuickStartPageState",
"responseCode": -1
},
"samples": [
"text"
]
}
],
"traffic": "{}"
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
Sample description
defaultCreatorbooleanOptionalExample:
truesubcategorystringOptionalExample:
BFLAResponses
200
description
application/json
post
POST /api/fetchTestingSources HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 44
{
"defaultCreator": true,
"subcategory": "BFLA"
}200
description
{
"severity": "null",
"searchText": "null",
"defaultCreator": true,
"description": "null",
"categories": "null",
"inbuiltTests": "null",
"category": "null",
"subcategory": "BFLA",
"url": "null",
"tags": "null"
}Header parameters
content-typestringOptionalExample:
application/jsonX-API-KEYstringOptionalExample:
YOUR_API_KEY from Settings > Integrations > Akto APIsBody
objectOptional
Sample description
Responses
200
description
application/json
post
POST /api/fetchActiveLoaders HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 2
{}200
description
{
"loaderList": [
{
"percentage": 100,
"currentCount": 4,
"show": true,
"id": {
"date": "2023-05-19T13:58:42",
"timestamp": 1684484922
},
"type": {
"_name": "POSTMAN_UPLOAD",
"subTitle": "Please wait while we upload your file.",
"name": "Postman",
"title": "Importing postman collection"
},
"totalCount": 4,
"userId": 1684300087,
"hexId": "6467333a0c847a110354cd8d"
}
]
}Last updated
Was this helpful?