Fetch Data

API
Description

POST /api/getAllCollectionsBasic

Fetch a lightweight list of all API collections with only basic metadata. Useful for quick lookups or dropdowns.

POST /api/getAllCollections

Retrieve the complete list of all API collections with detailed information.

POST /api/getAllUsersCollections

Fetch all API collections accessible to the current user.

POST /api/getCoverageInfoForCollections

Get test coverage data for each collection (e.g., how many endpoints are tested vs. untested).

POST /api/getSeverityInfoForCollections

Retrieve aggregated severity information (High, Medium, Low) across API collections.

POST /api/getSeveritiesCountPerCollection

Get the count of issues grouped by severity for each collection.

POST /api/getLastSeenTrafficInfoForCollections

Fetch last seen traffic timestamps for each collection, helping track activity recency.

POST /api/getSensitiveInfoForCollections

Retrieve sensitive data findings per collection (e.g., PII, secrets).

POST /api/getRiskScoreInfo

Get risk scores calculated for API collections, based on threats and sensitive data exposure.

POST /api/fetchCollectionWiseApiEndpoints

Fetch all API endpoints belonging to a specific collection.

POST /api/fetchApiInfosForCollection

Retrieve detailed API information for a given collection (method, path, params, etc.).

POST /api/fetchApiInfosFromSTIs

Fetch API details using stored traffic identifiers (STIs). Useful for replay or drill-down.

POST /api/fetchEndpointsCount

Get a count of API endpoints per collection.

POST /api/fetchApiCallStats

Retrieve traffic statistics such as call counts, trends, and usage metrics per API.

POST /api/fetchIpLevelApiCallStats

Get API call stats broken down by IP, useful for identifying abusive clients or usage patterns.

POST /api/fetchSampleData

Fetch sample request/response payloads observed for a given API, used for testing or schema generation.

POST /api/generateOpenApiFile

Generate an OpenAPI (Swagger) specification file from discovered API data.

/api/getAllCollectionsBasic

post
Header parameters
x-api-keystringRequired

You can get this from Settings > Integrations > Akto APls > Generate token

Example: API_KEY
Body
objectOptional
Responses
200

description

application/json
post
POST /api/getAllCollectionsBasic HTTP/1.1
Host: 
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 2

{}
200

description

{
  "sensitiveUrlsInResponse": 0,
  "shadowApisCount": 0,
  "redacted": false,
  "riskScoreOfCollectionsMap": "{}",
  "apiCount": 0,
  "lastTrafficSeenMap": "{}",
  "uningestedApiCountMap": "{}",
  "endpointsFromConditions": "SUCCESS",
  "sensitiveUnauthenticatedEndpointsCount": 0,
  "endpointsListFromConditions": "SUCCESS",
  "apiStatsStart": "null",
  "deactivatedHostnameCountMap": "{}",
  "criticalEndpointsCount": 0,
  "countForHostnameDeactivatedCollections": "SUCCESS",
  "testedEndpointsMaps": "{}",
  "severityInfo": "{}",
  "apiList": "null",
  "sensitiveSubtypesInCollection": "{}",
  "hasUsageEndpoints": false,
  "countForUningestedApis": "SUCCESS",
  "apiCollectionId": 0,
  "timerInfo": "null",
  "response": {
    "apiCount": 0
  },
  "apiCollections": [
    {
      "hostName": "null",
      "urlsCount": 0,
      "runDependencyAnalyser": false,
      "displayName": "Password Reset APIs",
      "redact": false,
      "sseCallbackUrl": "null",
      "description": "mlewmdmweldmew",
      "mcpCollection": false,
      "startTs": 1756885380,
      "type": "API_GROUP",
      "deactivated": false,
      "automated": true,
      "matchDependencyWithOtherCollections": false,
      "vxlanId": 0,
      "envType": "null",
      "tagsList": "null",
      "genAICollection": false,
      "name": "Password Reset APIs",
      "userSetEnvType": "null",
      "id": 111111130,
      "isOutOfTestingScope": false,
      "sampleCollectionsDropped": false,
      "conditions": "null"
    }
  ],
  "mcpDataCount": 0,
  "usersCollectionList": {
    "NUMBER": "null"
  },
  "allUsersCollections": "SUCCESS",
  "apiStatsEnd": "null",
  "conditions": "null",
  "uningestedApiList": "null",
  "highRiskThirdPartyEndpointsCount": 0
}

/api/getSeverityInfoForCollections

post
Header parameters
x-api-keystringRequired

You can get this from Settings > Integrations > Akto APls > Generate token

Example: API_KEY
Body
objectOptional
Responses
200

description

application/json
Responseobject
post
POST /api/getSeverityInfoForCollections HTTP/1.1
Host: 
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 2

{}
200

description

{}

/api/getLastSeenTrafficInfoForCollections

post
Header parameters
x-api-keystringRequired

You can get this from Settings > Integrations > Akto APls > Generate token

Example: API_KEY
Body
objectOptional
Responses
200

description

application/json
post
POST /api/getLastSeenTrafficInfoForCollections HTTP/1.1
Host: 
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 2

{}
200

description

{
  "NUMBER": "null"
}

/api/getSensitiveInfoForCollections

post
Header parameters
x-api-keystringRequired

You can get this from Settings > Integrations > Akto APls > Generate token

Example: API_KEY
Body
objectOptional
Responses
200

description

application/json
post
POST /api/getSensitiveInfoForCollections HTTP/1.1
Host: 
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 2

{}
200

description

{
  "sensitiveUrlsInResponse": 26,
  "shadowApisCount": 0,
  "redacted": false,
  "apiCount": 0,
  "riskScoreOfCollectionsMap": "{}",
  "lastTrafficSeenMap": "{}",
  "uningestedApiCountMap": "{}",
  "endpointsFromConditions": "SUCCESS",
  "sensitiveUnauthenticatedEndpointsCount": 0,
  "endpointsListFromConditions": "SUCCESS",
  "apiStatsStart": "null",
  "criticalEndpointsCount": 0,
  "deactivatedHostnameCountMap": "{}",
  "countForHostnameDeactivatedCollections": "SUCCESS",
  "testedEndpointsMaps": "{}",
  "severityInfo": "{}",
  "apiList": "null",
  "sensitiveSubtypesInCollection": {
    "NUMBER": "null"
  },
  "hasUsageEndpoints": false,
  "countForUningestedApis": "SUCCESS",
  "apiCollectionId": 0,
  "timerInfo": "null",
  "response": {
    "apiCount": 0
  },
  "mcpDataCount": 0,
  "usersCollectionList": {
    "NUMBER": "null"
  },
  "allUsersCollections": "SUCCESS",
  "apiStatsEnd": "null",
  "conditions": "null",
  "highRiskThirdPartyEndpointsCount": 0,
  "uningestedApiList": "null"
}

/api/getRiskScoreInfo

post
Header parameters
x-api-keystringRequired

You can get this from Settings > Integrations > Akto APls > Generate token

Example: API_KEY
Body
objectOptional
Responses
200

description

application/json
post
POST /api/getRiskScoreInfo HTTP/1.1
Host: 
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 2

{}
200

description

{
  "sensitiveUrlsInResponse": 0,
  "shadowApisCount": 0,
  "redacted": false,
  "apiCount": 0,
  "riskScoreOfCollectionsMap": {
    "NUMBER": "null"
  },
  "lastTrafficSeenMap": "{}",
  "uningestedApiCountMap": "{}",
  "endpointsFromConditions": "SUCCESS",
  "sensitiveUnauthenticatedEndpointsCount": 0,
  "endpointsListFromConditions": "SUCCESS",
  "apiStatsStart": "null",
  "criticalEndpointsCount": 0,
  "deactivatedHostnameCountMap": "{}",
  "countForHostnameDeactivatedCollections": "SUCCESS",
  "testedEndpointsMaps": "{}",
  "severityInfo": "{}",
  "apiList": "null",
  "sensitiveSubtypesInCollection": "{}",
  "hasUsageEndpoints": false,
  "countForUningestedApis": "SUCCESS",
  "apiCollectionId": 0,
  "timerInfo": "null",
  "response": {
    "apiCount": 0
  },
  "usersCollectionList": {
    "NUMBER": "null"
  },
  "mcpDataCount": 0,
  "allUsersCollections": "SUCCESS",
  "apiStatsEnd": "null",
  "conditions": "null",
  "highRiskThirdPartyEndpointsCount": 0,
  "uningestedApiList": "null"
}

/api/getCoverageInfoForCollections

post
Header parameters
x-api-keystringRequired

You can get this from Settings > Integrations > Akto APls > Generate token

Example: API_KEY
Body
objectOptional
Responses
200

description

application/json
Responseobject
post
POST /api/getCoverageInfoForCollections HTTP/1.1
Host: 
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 2

{}
200

description

{}

/api/getAllCollections

post
Header parameters
x-api-keystringRequired

You can get this from Settings > Integrations > Akto APls > Generate token

Example: API_KEY
Body
objectOptional
Responses
200

description

application/json
post
POST /api/getAllCollections HTTP/1.1
Host: 
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 2

{}
200

description

{
  "sensitiveUrlsInResponse": 0,
  "shadowApisCount": 0,
  "redacted": false,
  "apiCount": 0,
  "riskScoreOfCollectionsMap": "{}",
  "lastTrafficSeenMap": "{}",
  "uningestedApiCountMap": "{}",
  "endpointsFromConditions": "SUCCESS",
  "sensitiveUnauthenticatedEndpointsCount": 0,
  "endpointsListFromConditions": "SUCCESS",
  "apiStatsStart": "null",
  "criticalEndpointsCount": 0,
  "deactivatedHostnameCountMap": "{}",
  "countForHostnameDeactivatedCollections": "SUCCESS",
  "testedEndpointsMaps": "{}",
  "apiList": "null",
  "severityInfo": "{}",
  "sensitiveSubtypesInCollection": "{}",
  "hasUsageEndpoints": false,
  "countForUningestedApis": "SUCCESS",
  "apiCollectionId": 0,
  "timerInfo": "null",
  "response": {
    "apiCount": 0
  },
  "apiCollections": [
    {
      "hostName": "null",
      "urlsCount": 0,
      "runDependencyAnalyser": false,
      "displayName": "Password Reset APIs",
      "redact": false,
      "sseCallbackUrl": "null",
      "description": "null",
      "mcpCollection": false,
      "startTs": 1756885380,
      "type": "null",
      "deactivated": false,
      "automated": true,
      "matchDependencyWithOtherCollections": false,
      "envType": "null",
      "vxlanId": 0,
      "tagsList": "null",
      "userSetEnvType": "null",
      "name": "Password Reset APIs",
      "genAICollection": false,
      "id": 111111130,
      "isOutOfTestingScope": false,
      "conditions": "null",
      "sampleCollectionsDropped": true
    }
  ],
  "mcpDataCount": 0,
  "usersCollectionList": {
    "NUMBER": "null"
  },
  "allUsersCollections": "SUCCESS",
  "apiStatsEnd": "null",
  "conditions": "null",
  "highRiskThirdPartyEndpointsCount": 0,
  "uningestedApiList": "null"
}

/api/getAllUsersCollections

post
Header parameters
x-api-keystringRequired

You can get this from Settings > Integrations > Akto APls > Generate token

Example: API_KEY
Body
objectOptional
Responses
200

description

application/json
post
POST /api/getAllUsersCollections HTTP/1.1
Host: 
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 2

{}
200

description

{
  "NUMBER": "null"
}

/api/getSeveritiesCountPerCollection

post
Header parameters
x-api-keystringRequired

You can get this from Settings > Integrations > Akto APls > Generate token

Example: API_KEY
Body
apiCollectionIdinteger · int32RequiredExample: 1111111111
Responses
200

description

application/json
Responseobject
post
POST /api/getSeveritiesCountPerCollection HTTP/1.1
Host: 
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 30

{
  "apiCollectionId": 1111111111
}
200

description

{}

/api/fetchCollectionWiseApiEndpoints

post
Header parameters
x-api-keystringRequired

You can get this from Settings > Integrations > Akto APls > Generate token

Example: API_KEY
Body
apiCollectionIdstringRequiredExample: null
Responses
200

description

application/json
post
POST /api/fetchCollectionWiseApiEndpoints HTTP/1.1
Host: 
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 26

{
  "apiCollectionId": "null"
}
200

description

{
  "endpoints": "null",
  "notTestedEndpointsCount": 0,
  "newCount": 0,
  "oldCount": 0,
  "method": "null",
  "description": "null",
  "severitiesCountPerCollection": "SUCCESS",
  "skip": 0,
  "apiCollectionId": 0,
  "accessTypes": "SUCCESS",
  "summaryInfoForChanges": "SUCCESS",
  "filters": "null",
  "url": "null",
  "deMergedApis": "SUCCESS",
  "filterOperators": "null",
  "urls": "null",
  "sortKey": "null",
  "response": "{}",
  "severityMapForCollection": "{}",
  "sortOrder": 0,
  "limit": 0,
  "onlyOnceTestedEndpointsCount": 0
}

/api/fetchIpLevelApiCallStats

post
Header parameters
x-api-keystringRequired

You can get this from Settings > Integrations > Akto APls > Generate token

Example: API_KEY
Body
methodstringRequiredExample: GET
startWindowinteger · int32RequiredExample: 29280083
endWindowinteger · int32RequiredExample: 29281523
apiCollectionIdinteger · int32RequiredExample: 1111111111
urlstringRequiredExample: https://vulnerable-server.akto.io/api/college/revenue/32483
Responses
200

description

application/json
post
POST /api/fetchIpLevelApiCallStats HTTP/1.1
Host: 
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 157

{
  "method": "GET",
  "startWindow": 29280083,
  "endWindow": 29281523,
  "apiCollectionId": 1111111111,
  "url": "https://vulnerable-server.akto.io/api/college/revenue/32483"
}
200

description

{
  "result": "{}",
  "limit": 0,
  "startWindow": 29280083,
  "skip": 0,
  "endWindow": 29281523,
  "apiCollectionId": 1111111111,
  "sensitiveSampleData": "{}",
  "traffic": "{}",
  "sampleDataList": "null"
}

/api/fetchApiInfosForCollection

post
Header parameters
x-api-keystringRequired

You can get this from Settings > Integrations > Akto APls > Generate token

Example: API_KEY
Body
apiCollectionIdinteger · int32RequiredExample: 1111111111
Responses
200

description

application/json
post
POST /api/fetchApiInfosForCollection HTTP/1.1
Host: 
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 30

{
  "apiCollectionId": 1111111111
}
200

description

{
  "redacted": false,
  "apiInfoList": [
    {
      "responseCodes": [
        200
      ],
      "discoveredTimestamp": 1756885376,
      "sources": {
        "HAR": {
          "timestamp": 1756885438
        }
      },
      "violations": "{}",
      "lastCalculatedTime": 0,
      "lastTested": 0,
      "description": "null",
      "severityScore": 0,
      "lastSeen": 1756885435,
      "actualAuthType": [
        "AUTHORIZATION_HEADER"
      ],
      "allAuthTypesFound": [
        [
          "AUTHORIZATION_HEADER"
        ]
      ],
      "isSensitive": false,
      "collectionIds": [
        111111129
      ],
      "riskScore": 0,
      "id": {
        "method": "POST",
        "apiCollectionId": 1111111111,
        "url": "https://vulnerable-server.akto.io/api/v2/feePayment"
      },
      "apiType": "REST"
    }
  ]
}

/api/fetchApiCallStats

post
Header parameters
x-api-keystringRequired

You can get this from Settings > Integrations > Akto APls > Generate token

Example: API_KEY
Body
methodstringRequiredExample: GET
endEpochinteger · int32RequiredExample: 1756891391
apiCollectionIdinteger · int32RequiredExample: 1111111111
startEpochinteger · int32RequiredExample: 1756804989
urlstringRequiredExample: https://vulnerable-server.akto.io/api/college/revenue/32483
Responses
200

description

application/json
post
POST /api/fetchApiCallStats HTTP/1.1
Host: 
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 159

{
  "method": "GET",
  "endEpoch": 1756891391,
  "apiCollectionId": 1111111111,
  "startEpoch": 1756804989,
  "url": "https://vulnerable-server.akto.io/api/college/revenue/32483"
}
200

description

{
  "limit": 0,
  "startWindow": 0,
  "skip": 0,
  "endWindow": 0,
  "apiCollectionId": 1111111111,
  "sensitiveSampleData": "{}",
  "traffic": "{}",
  "sampleDataList": "null"
}

/api/fetchApiInfosFromSTIs

post
Header parameters
x-api-keystringRequired

You can get this from Settings > Integrations > Akto APls > Generate token

Example: API_KEY
Body
apiCollectionIdinteger · int32RequiredExample: 1111111111
Responses
200

description

application/json
post
POST /api/fetchApiInfosFromSTIs HTTP/1.1
Host: 
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 30

{
  "apiCollectionId": 1111111111
}
200

description

{
  "list": [
    {
      "startTs": 1756885376,
      "changesCount": 11,
      "_id": {
        "method": "POST",
        "apiCollectionId": 1111111111,
        "url": "https://vulnerable-server.akto.io/api/college/info/department/branch"
      }
    }
  ]
}

/api/fetchEndpointsCount

post
Header parameters
x-api-keystringRequired

You can get this from Settings > Integrations > Akto APls > Generate token

Example: API_KEY
Body
endTimestampinteger · int32RequiredExample: 0
startTimestampinteger · int32RequiredExample: 0
Responses
200

description

application/json
post
POST /api/fetchEndpointsCount HTTP/1.1
Host: 
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 37

{
  "endTimestamp": 0,
  "startTimestamp": 0
}
200

description

{
  "listOfEndpointsInCollection": "null",
  "endpoints": "null",
  "notTestedEndpointsCount": 0,
  "method": "null",
  "newCount": 0,
  "oldCount": 0,
  "description": "null",
  "skip": 0,
  "severitiesCountPerCollection": "ERROR",
  "summaryInfoForChanges": "SUCCESS",
  "accessTypes": "SUCCESS",
  "apiCollectionId": -1,
  "filters": "null",
  "url": "null",
  "deMergedApis": "SUCCESS",
  "urls": "null",
  "filterOperators": "null",
  "sortKey": "null",
  "response": "{}",
  "severityMapForCollection": "null",
  "sortOrder": 0,
  "limit": 0,
  "onlyOnceTestedEndpointsCount": 0
}

/api/fetchSampleData

post
Header parameters
x-api-keystringRequired

You can get this from Settings > Integrations > Akto APls > Generate token

Example: API_KEY
Body
methodstringRequiredExample: GET
apiCollectionIdinteger · int32RequiredExample: 1111111111
urlstringRequiredExample: https://vulnerable-server.akto.io/api/college/revenue/32483
Responses
200

description

application/json
post
POST /api/fetchSampleData HTTP/1.1
Host: 
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 113

{
  "method": "GET",
  "apiCollectionId": 1111111111,
  "url": "https://vulnerable-server.akto.io/api/college/revenue/32483"
}
200

description

{
  "result": "{}",
  "limit": 0,
  "startWindow": 0,
  "skip": 0,
  "endWindow": 0,
  "apiCollectionId": 1111111111,
  "sensitiveSampleData": "{}",
  "sampleDataList": [
    {
      "collectionIds": [
        1111111111
      ],
      "id": {
        "method": "GET",
        "bucketEndEpoch": 0,
        "bucketStartEpoch": 0,
        "apiCollectionId": 1111111111,
        "url": "https://vulnerable-server.akto.io/api/college/revenue/32483",
        "responseCode": -1
      },
      "samples": [
        "{\"destIp\":null,\"method\":\"GET\",\"requestPayload\":\"{\\\"email\\\":\\\"[email protected]\\\",\\\"role\\\":\\\"user\\\"}\",\"responsePayload\":\"{\\\"revenue\\\":\\\"5324584\\\"}\",\"ip\":\"null\",\"source\":\"HAR\",\"type\":\"HTTP/1.1\",\"akto_vxlan_id\":1111111111,\"path\":\"https://vulnerable-server.akto.io/api/college/revenue/32483\",\"requestHeaders\":\"{\\\"authorization\\\":\\\"JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c\\\",\\\"content-length\\\":\\\"2\\\",\\\"content-type\\\":\\\"application/json\\\"}\",\"responseHeaders\":\"{}\",\"time\":\"1756885435\",\"statusCode\":\"200\",\"status\":\"OK\",\"akto_account_id\":\"1756845370\",\"direction\":null,\"is_pending\":\"false\"}"
      ]
    }
  ],
  "traffic": "{}"
}

/api/generateOpenApiFile

post
Header parameters
x-api-keystringRequired

You can get this from Settings > Integrations > Akto APls > Generate token

Example: API_KEY
Body
lastFetchedMethodstringRequiredExample: GET
apiCollectionIdinteger · int32RequiredExample: 1111111111
lastFetchedUrlstringRequiredExample: https://vulnerable-server.akto.io/api/v2/feePayment
Responses
200

description

application/json
post
POST /api/generateOpenApiFile HTTP/1.1
Host: 
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 127

{
  "lastFetchedMethod": "GET",
  "apiCollectionId": 1111111111,
  "lastFetchedUrl": "https://vulnerable-server.akto.io/api/v2/feePayment"
}
200

description

{
  "openAPIString": "{\n  \"openapi\" : \"3.0.1\",\n  \"info\" : {\n    \"title\" : \"vulnerable_apis\",\n    \"description\" : \"Akto generated openAPI file\",\n    \"version\" : \"1.0.0\"\n  },\n  \"paths\" : { }\n}",
  "importType": "null",
  "uploadDetails": "null",
  "uploadId": "null",
  "apiInfoKeyList": "null",
  "lastFetchedMethod": "null",
  "lastFetchedUrl": "null"
}

Last updated

Was this helpful?