Fetch Data
API
Description
POST /api/getAllCollectionsBasic
Fetch a lightweight list of all API collections with only basic metadata. Useful for quick lookups or dropdowns.
POST /api/getAllCollections
Retrieve the complete list of all API collections with detailed information.
POST /api/getAllUsersCollections
Fetch all API collections accessible to the current user.
POST /api/getCoverageInfoForCollections
Get test coverage data for each collection (e.g., how many endpoints are tested vs. untested).
POST /api/getSeverityInfoForCollections
Retrieve aggregated severity information (High, Medium, Low) across API collections.
POST /api/getSeveritiesCountPerCollection
Get the count of issues grouped by severity for each collection.
POST /api/getLastSeenTrafficInfoForCollections
Fetch last seen traffic timestamps for each collection, helping track activity recency.
POST /api/getSensitiveInfoForCollections
Retrieve sensitive data findings per collection (e.g., PII, secrets).
POST /api/getRiskScoreInfo
Get risk scores calculated for API collections, based on threats and sensitive data exposure.
POST /api/fetchCollectionWiseApiEndpoints
Fetch all API endpoints belonging to a specific collection.
POST /api/fetchApiInfosForCollection
Retrieve detailed API information for a given collection (method, path, params, etc.).
POST /api/fetchApiInfosFromSTIs
Fetch API details using stored traffic identifiers (STIs). Useful for replay or drill-down.
POST /api/fetchEndpointsCount
Get a count of API endpoints per collection.
POST /api/fetchApiCallStats
Retrieve traffic statistics such as call counts, trends, and usage metrics per API.
POST /api/fetchIpLevelApiCallStats
Get API call stats broken down by IP, useful for identifying abusive clients or usage patterns.
POST /api/fetchSampleData
Fetch sample request/response payloads observed for a given API, used for testing or schema generation.
POST /api/generateOpenApiFile
Generate an OpenAPI (Swagger) specification file from discovered API data.
Header parameters
x-api-keystringRequiredExample:
You can get this from Settings > Integrations > Akto APls > Generate token
API_KEYBody
objectOptional
Responses
200
description
application/json
post
POST /api/getAllCollectionsBasic HTTP/1.1
Host:
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 2
{}200
description
{
"sensitiveUrlsInResponse": 0,
"shadowApisCount": 0,
"redacted": false,
"riskScoreOfCollectionsMap": "{}",
"apiCount": 0,
"lastTrafficSeenMap": "{}",
"uningestedApiCountMap": "{}",
"endpointsFromConditions": "SUCCESS",
"sensitiveUnauthenticatedEndpointsCount": 0,
"endpointsListFromConditions": "SUCCESS",
"apiStatsStart": "null",
"deactivatedHostnameCountMap": "{}",
"criticalEndpointsCount": 0,
"countForHostnameDeactivatedCollections": "SUCCESS",
"testedEndpointsMaps": "{}",
"severityInfo": "{}",
"apiList": "null",
"sensitiveSubtypesInCollection": "{}",
"hasUsageEndpoints": false,
"countForUningestedApis": "SUCCESS",
"apiCollectionId": 0,
"timerInfo": "null",
"response": {
"apiCount": 0
},
"apiCollections": [
{
"hostName": "null",
"urlsCount": 0,
"runDependencyAnalyser": false,
"displayName": "Password Reset APIs",
"redact": false,
"sseCallbackUrl": "null",
"description": "mlewmdmweldmew",
"mcpCollection": false,
"startTs": 1756885380,
"type": "API_GROUP",
"deactivated": false,
"automated": true,
"matchDependencyWithOtherCollections": false,
"vxlanId": 0,
"envType": "null",
"tagsList": "null",
"genAICollection": false,
"name": "Password Reset APIs",
"userSetEnvType": "null",
"id": 111111130,
"isOutOfTestingScope": false,
"sampleCollectionsDropped": false,
"conditions": "null"
}
],
"mcpDataCount": 0,
"usersCollectionList": {
"NUMBER": "null"
},
"allUsersCollections": "SUCCESS",
"apiStatsEnd": "null",
"conditions": "null",
"uningestedApiList": "null",
"highRiskThirdPartyEndpointsCount": 0
}Header parameters
x-api-keystringRequiredExample:
You can get this from Settings > Integrations > Akto APls > Generate token
API_KEYBody
objectOptional
Responses
200
description
application/json
Responseobject
post
POST /api/getSeverityInfoForCollections HTTP/1.1
Host:
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 2
{}200
description
{}Header parameters
x-api-keystringRequiredExample:
You can get this from Settings > Integrations > Akto APls > Generate token
API_KEYBody
objectOptional
Responses
200
description
application/json
post
POST /api/getLastSeenTrafficInfoForCollections HTTP/1.1
Host:
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 2
{}200
description
{
"NUMBER": "null"
}Header parameters
x-api-keystringRequiredExample:
You can get this from Settings > Integrations > Akto APls > Generate token
API_KEYBody
objectOptional
Responses
200
description
application/json
post
POST /api/getSensitiveInfoForCollections HTTP/1.1
Host:
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 2
{}200
description
{
"sensitiveUrlsInResponse": 26,
"shadowApisCount": 0,
"redacted": false,
"apiCount": 0,
"riskScoreOfCollectionsMap": "{}",
"lastTrafficSeenMap": "{}",
"uningestedApiCountMap": "{}",
"endpointsFromConditions": "SUCCESS",
"sensitiveUnauthenticatedEndpointsCount": 0,
"endpointsListFromConditions": "SUCCESS",
"apiStatsStart": "null",
"criticalEndpointsCount": 0,
"deactivatedHostnameCountMap": "{}",
"countForHostnameDeactivatedCollections": "SUCCESS",
"testedEndpointsMaps": "{}",
"severityInfo": "{}",
"apiList": "null",
"sensitiveSubtypesInCollection": {
"NUMBER": "null"
},
"hasUsageEndpoints": false,
"countForUningestedApis": "SUCCESS",
"apiCollectionId": 0,
"timerInfo": "null",
"response": {
"apiCount": 0
},
"mcpDataCount": 0,
"usersCollectionList": {
"NUMBER": "null"
},
"allUsersCollections": "SUCCESS",
"apiStatsEnd": "null",
"conditions": "null",
"highRiskThirdPartyEndpointsCount": 0,
"uningestedApiList": "null"
}Header parameters
x-api-keystringRequiredExample:
You can get this from Settings > Integrations > Akto APls > Generate token
API_KEYBody
objectOptional
Responses
200
description
application/json
post
POST /api/getRiskScoreInfo HTTP/1.1
Host:
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 2
{}200
description
{
"sensitiveUrlsInResponse": 0,
"shadowApisCount": 0,
"redacted": false,
"apiCount": 0,
"riskScoreOfCollectionsMap": {
"NUMBER": "null"
},
"lastTrafficSeenMap": "{}",
"uningestedApiCountMap": "{}",
"endpointsFromConditions": "SUCCESS",
"sensitiveUnauthenticatedEndpointsCount": 0,
"endpointsListFromConditions": "SUCCESS",
"apiStatsStart": "null",
"criticalEndpointsCount": 0,
"deactivatedHostnameCountMap": "{}",
"countForHostnameDeactivatedCollections": "SUCCESS",
"testedEndpointsMaps": "{}",
"severityInfo": "{}",
"apiList": "null",
"sensitiveSubtypesInCollection": "{}",
"hasUsageEndpoints": false,
"countForUningestedApis": "SUCCESS",
"apiCollectionId": 0,
"timerInfo": "null",
"response": {
"apiCount": 0
},
"usersCollectionList": {
"NUMBER": "null"
},
"mcpDataCount": 0,
"allUsersCollections": "SUCCESS",
"apiStatsEnd": "null",
"conditions": "null",
"highRiskThirdPartyEndpointsCount": 0,
"uningestedApiList": "null"
}Header parameters
x-api-keystringRequiredExample:
You can get this from Settings > Integrations > Akto APls > Generate token
API_KEYBody
objectOptional
Responses
200
description
application/json
Responseobject
post
POST /api/getCoverageInfoForCollections HTTP/1.1
Host:
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 2
{}200
description
{}Header parameters
x-api-keystringRequiredExample:
You can get this from Settings > Integrations > Akto APls > Generate token
API_KEYBody
objectOptional
Responses
200
description
application/json
post
POST /api/getAllCollections HTTP/1.1
Host:
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 2
{}200
description
{
"sensitiveUrlsInResponse": 0,
"shadowApisCount": 0,
"redacted": false,
"apiCount": 0,
"riskScoreOfCollectionsMap": "{}",
"lastTrafficSeenMap": "{}",
"uningestedApiCountMap": "{}",
"endpointsFromConditions": "SUCCESS",
"sensitiveUnauthenticatedEndpointsCount": 0,
"endpointsListFromConditions": "SUCCESS",
"apiStatsStart": "null",
"criticalEndpointsCount": 0,
"deactivatedHostnameCountMap": "{}",
"countForHostnameDeactivatedCollections": "SUCCESS",
"testedEndpointsMaps": "{}",
"apiList": "null",
"severityInfo": "{}",
"sensitiveSubtypesInCollection": "{}",
"hasUsageEndpoints": false,
"countForUningestedApis": "SUCCESS",
"apiCollectionId": 0,
"timerInfo": "null",
"response": {
"apiCount": 0
},
"apiCollections": [
{
"hostName": "null",
"urlsCount": 0,
"runDependencyAnalyser": false,
"displayName": "Password Reset APIs",
"redact": false,
"sseCallbackUrl": "null",
"description": "null",
"mcpCollection": false,
"startTs": 1756885380,
"type": "null",
"deactivated": false,
"automated": true,
"matchDependencyWithOtherCollections": false,
"envType": "null",
"vxlanId": 0,
"tagsList": "null",
"userSetEnvType": "null",
"name": "Password Reset APIs",
"genAICollection": false,
"id": 111111130,
"isOutOfTestingScope": false,
"conditions": "null",
"sampleCollectionsDropped": true
}
],
"mcpDataCount": 0,
"usersCollectionList": {
"NUMBER": "null"
},
"allUsersCollections": "SUCCESS",
"apiStatsEnd": "null",
"conditions": "null",
"highRiskThirdPartyEndpointsCount": 0,
"uningestedApiList": "null"
}Header parameters
x-api-keystringRequiredExample:
You can get this from Settings > Integrations > Akto APls > Generate token
API_KEYBody
objectOptional
Responses
200
description
application/json
post
POST /api/getAllUsersCollections HTTP/1.1
Host:
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 2
{}200
description
{
"NUMBER": "null"
}Header parameters
x-api-keystringRequiredExample:
You can get this from Settings > Integrations > Akto APls > Generate token
API_KEYBody
apiCollectionIdinteger · int32RequiredExample:
1111111111Responses
200
description
application/json
Responseobject
post
POST /api/getSeveritiesCountPerCollection HTTP/1.1
Host:
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 30
{
"apiCollectionId": 1111111111
}200
description
{}Header parameters
x-api-keystringRequiredExample:
You can get this from Settings > Integrations > Akto APls > Generate token
API_KEYBody
apiCollectionIdstringRequiredExample:
nullResponses
200
description
application/json
post
POST /api/fetchCollectionWiseApiEndpoints HTTP/1.1
Host:
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 26
{
"apiCollectionId": "null"
}200
description
{
"endpoints": "null",
"notTestedEndpointsCount": 0,
"newCount": 0,
"oldCount": 0,
"method": "null",
"description": "null",
"severitiesCountPerCollection": "SUCCESS",
"skip": 0,
"apiCollectionId": 0,
"accessTypes": "SUCCESS",
"summaryInfoForChanges": "SUCCESS",
"filters": "null",
"url": "null",
"deMergedApis": "SUCCESS",
"filterOperators": "null",
"urls": "null",
"sortKey": "null",
"response": "{}",
"severityMapForCollection": "{}",
"sortOrder": 0,
"limit": 0,
"onlyOnceTestedEndpointsCount": 0
}Header parameters
x-api-keystringRequiredExample:
You can get this from Settings > Integrations > Akto APls > Generate token
API_KEYBody
methodstringRequiredExample:
GETstartWindowinteger · int32RequiredExample:
29280083endWindowinteger · int32RequiredExample:
29281523apiCollectionIdinteger · int32RequiredExample:
1111111111urlstringRequiredExample:
https://vulnerable-server.akto.io/api/college/revenue/32483Responses
200
description
application/json
post
POST /api/fetchIpLevelApiCallStats HTTP/1.1
Host:
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 157
{
"method": "GET",
"startWindow": 29280083,
"endWindow": 29281523,
"apiCollectionId": 1111111111,
"url": "https://vulnerable-server.akto.io/api/college/revenue/32483"
}200
description
{
"result": "{}",
"limit": 0,
"startWindow": 29280083,
"skip": 0,
"endWindow": 29281523,
"apiCollectionId": 1111111111,
"sensitiveSampleData": "{}",
"traffic": "{}",
"sampleDataList": "null"
}Header parameters
x-api-keystringRequiredExample:
You can get this from Settings > Integrations > Akto APls > Generate token
API_KEYBody
apiCollectionIdinteger · int32RequiredExample:
1111111111Responses
200
description
application/json
post
POST /api/fetchApiInfosForCollection HTTP/1.1
Host:
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 30
{
"apiCollectionId": 1111111111
}200
description
{
"redacted": false,
"apiInfoList": [
{
"responseCodes": [
200
],
"discoveredTimestamp": 1756885376,
"sources": {
"HAR": {
"timestamp": 1756885438
}
},
"violations": "{}",
"lastCalculatedTime": 0,
"lastTested": 0,
"description": "null",
"severityScore": 0,
"lastSeen": 1756885435,
"actualAuthType": [
"AUTHORIZATION_HEADER"
],
"allAuthTypesFound": [
[
"AUTHORIZATION_HEADER"
]
],
"isSensitive": false,
"collectionIds": [
111111129
],
"riskScore": 0,
"id": {
"method": "POST",
"apiCollectionId": 1111111111,
"url": "https://vulnerable-server.akto.io/api/v2/feePayment"
},
"apiType": "REST"
}
]
}Header parameters
x-api-keystringRequiredExample:
You can get this from Settings > Integrations > Akto APls > Generate token
API_KEYBody
methodstringRequiredExample:
GETendEpochinteger · int32RequiredExample:
1756891391apiCollectionIdinteger · int32RequiredExample:
1111111111startEpochinteger · int32RequiredExample:
1756804989urlstringRequiredExample:
https://vulnerable-server.akto.io/api/college/revenue/32483Responses
200
description
application/json
post
POST /api/fetchApiCallStats HTTP/1.1
Host:
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 159
{
"method": "GET",
"endEpoch": 1756891391,
"apiCollectionId": 1111111111,
"startEpoch": 1756804989,
"url": "https://vulnerable-server.akto.io/api/college/revenue/32483"
}200
description
{
"limit": 0,
"startWindow": 0,
"skip": 0,
"endWindow": 0,
"apiCollectionId": 1111111111,
"sensitiveSampleData": "{}",
"traffic": "{}",
"sampleDataList": "null"
}Header parameters
x-api-keystringRequiredExample:
You can get this from Settings > Integrations > Akto APls > Generate token
API_KEYBody
apiCollectionIdinteger · int32RequiredExample:
1111111111Responses
200
description
application/json
post
POST /api/fetchApiInfosFromSTIs HTTP/1.1
Host:
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 30
{
"apiCollectionId": 1111111111
}200
description
{
"list": [
{
"startTs": 1756885376,
"changesCount": 11,
"_id": {
"method": "POST",
"apiCollectionId": 1111111111,
"url": "https://vulnerable-server.akto.io/api/college/info/department/branch"
}
}
]
}Header parameters
x-api-keystringRequiredExample:
You can get this from Settings > Integrations > Akto APls > Generate token
API_KEYBody
endTimestampinteger · int32RequiredExample:
0startTimestampinteger · int32RequiredExample:
0Responses
200
description
application/json
post
POST /api/fetchEndpointsCount HTTP/1.1
Host:
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 37
{
"endTimestamp": 0,
"startTimestamp": 0
}200
description
{
"listOfEndpointsInCollection": "null",
"endpoints": "null",
"notTestedEndpointsCount": 0,
"method": "null",
"newCount": 0,
"oldCount": 0,
"description": "null",
"skip": 0,
"severitiesCountPerCollection": "ERROR",
"summaryInfoForChanges": "SUCCESS",
"accessTypes": "SUCCESS",
"apiCollectionId": -1,
"filters": "null",
"url": "null",
"deMergedApis": "SUCCESS",
"urls": "null",
"filterOperators": "null",
"sortKey": "null",
"response": "{}",
"severityMapForCollection": "null",
"sortOrder": 0,
"limit": 0,
"onlyOnceTestedEndpointsCount": 0
}Header parameters
x-api-keystringRequiredExample:
You can get this from Settings > Integrations > Akto APls > Generate token
API_KEYBody
methodstringRequiredExample:
GETapiCollectionIdinteger · int32RequiredExample:
1111111111urlstringRequiredExample:
https://vulnerable-server.akto.io/api/college/revenue/32483Responses
200
description
application/json
post
POST /api/fetchSampleData HTTP/1.1
Host:
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 113
{
"method": "GET",
"apiCollectionId": 1111111111,
"url": "https://vulnerable-server.akto.io/api/college/revenue/32483"
}200
description
{
"result": "{}",
"limit": 0,
"startWindow": 0,
"skip": 0,
"endWindow": 0,
"apiCollectionId": 1111111111,
"sensitiveSampleData": "{}",
"sampleDataList": [
{
"collectionIds": [
1111111111
],
"id": {
"method": "GET",
"bucketEndEpoch": 0,
"bucketStartEpoch": 0,
"apiCollectionId": 1111111111,
"url": "https://vulnerable-server.akto.io/api/college/revenue/32483",
"responseCode": -1
},
"samples": [
"{\"destIp\":null,\"method\":\"GET\",\"requestPayload\":\"{\\\"email\\\":\\\"[email protected]\\\",\\\"role\\\":\\\"user\\\"}\",\"responsePayload\":\"{\\\"revenue\\\":\\\"5324584\\\"}\",\"ip\":\"null\",\"source\":\"HAR\",\"type\":\"HTTP/1.1\",\"akto_vxlan_id\":1111111111,\"path\":\"https://vulnerable-server.akto.io/api/college/revenue/32483\",\"requestHeaders\":\"{\\\"authorization\\\":\\\"JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c\\\",\\\"content-length\\\":\\\"2\\\",\\\"content-type\\\":\\\"application/json\\\"}\",\"responseHeaders\":\"{}\",\"time\":\"1756885435\",\"statusCode\":\"200\",\"status\":\"OK\",\"akto_account_id\":\"1756845370\",\"direction\":null,\"is_pending\":\"false\"}"
]
}
],
"traffic": "{}"
}Header parameters
x-api-keystringRequiredExample:
You can get this from Settings > Integrations > Akto APls > Generate token
API_KEYBody
lastFetchedMethodstringRequiredExample:
GETapiCollectionIdinteger · int32RequiredExample:
1111111111lastFetchedUrlstringRequiredExample:
https://vulnerable-server.akto.io/api/v2/feePaymentResponses
200
description
application/json
post
POST /api/generateOpenApiFile HTTP/1.1
Host:
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 127
{
"lastFetchedMethod": "GET",
"apiCollectionId": 1111111111,
"lastFetchedUrl": "https://vulnerable-server.akto.io/api/v2/feePayment"
}200
description
{
"openAPIString": "{\n \"openapi\" : \"3.0.1\",\n \"info\" : {\n \"title\" : \"vulnerable_apis\",\n \"description\" : \"Akto generated openAPI file\",\n \"version\" : \"1.0.0\"\n },\n \"paths\" : { }\n}",
"importType": "null",
"uploadDetails": "null",
"uploadId": "null",
"apiInfoKeyList": "null",
"lastFetchedMethod": "null",
"lastFetchedUrl": "null"
}Last updated
Was this helpful?