Modify Data

API

Description

POST /api/startTest

Start a new test run on the selected API collections or endpoints.

POST /api/stopTest

Stop an ongoing test run before it completes.

POST /api/importInBurp

Paginate through sample data for a collection and return Burp Suite-compatible HTTP request/response strings.

POST /api/uploadRecordedFlow

Upload and optionally execute a recorded login flow to extract an authentication token.

/api/stopTest

post

Header parameters

x-api-keystringRequired

You can get this from Settings > Integrations > Akto APls > Generate token

Example: API_KEY

Body

testingRunHexIdstringRequiredExample: 68b841d0828b657eb835f30c

Responses

200

description

application/json

post

/api/stopTest

POST /api/stopTest HTTP/1.1
Host: app.akto.io
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 46

{
  "testingRunHexId": "68b841d0828b657eb835f30c"
}

200

description

{
  "metadata": "null",
  "continuousTesting": false,
  "allTestsCountMap": "{}",
  "sendMsTeamsAlert": false,
  "testRunByTestEditor": false,
  "source": "null",
  "testRunIds": "null",
  "selectedTestRunResultHexIds": "null",
  "issueSummaryInfo": "SUCCESS",
  "testingRunResult": "null",
  "testCountMap": "null",
  "limit": 0,
  "testingRunHexId": "68b841d0828b657eb835f30c",
  "testRoleId": "null",
  "testName": "null",
  "testingRunResultSummaryHexId": "null",
  "selectedSlackWebhook": 0,
  "maxConcurrentRequests": 0,
  "testingRuns": "null",
  "metadataFilters": "null",
  "latestTestingRunResultSummaries": "null",
  "sortKey": "null",
  "sortOrder": 0,
  "endTimestamp": 0,
  "issuesDescriptionMap": "null",
  "currentTestStateStatus": "SUCCESS",
  "testingRunResults": "null",
  "testingRunResultSummaries": "null",
  "runIssues": "null",
  "skip": 0,
  "issuesSummaryInfoMap": {
    "REPLACE_CSRF_CUSTOM_1715683047": 1,
    "SERVER_VERSION_EXPOSED_VIA_RESPONSE_HEADER": 21,
    "SENSITIVE_DATA_EXPOSURE_EMAIL": 11,
    "DESCRIPTIVE_ERROR_MESSAGE_INVALID_PAYLOAD": 6,
    "REMOVE_TOKENS": 5,
    "REPLACE_CSRF_CUSTOM_1715683043": 1,
    "FILE_INCLUSION_NEW_PARAM": 1,
    "TIME_BASED_NOSQLI_JSON_BODY_REPLACE": 1,
    "PORT_SCANNING": 4,
    "KUBERNETES_EXPOSED": 9,
    "REPLACE_CSRF_CUSTOM_1715683090": 1,
    "BYPASS_INPUT_VALIDATION_WITH_NULL_VALUES": 1,
    "PAGINATION_MISCONFIGURATION": 1,
    "PAYLOAD_ALL_KEYS_INVALID_VALUES": 4,
    "BOOLEAN_BASED_SQLI": 1,
    "LFI_IN_HEADERS_LINUX": 2,
    "SENSITIVE_DATA_EXPOSURE_IP_ADDRESS": 4,
    "CHECK_GENERAL_GROUP_CHANGES_OTHER_USERS": 3,
    "USER_ENUM_RESPONSE_CONTENT": 1,
    "REPLACE_CSRF": 10,
    "BYPASS_OTP_RATE_LIMIT": 1,
    "CHECK_FL_BOLA": 25,
    "MISCONFIGURED_X_FRAME_OPTIONS_HEADER": 2,
    "NOSQLI_ERROR_BASED_PARAM_MONGO_SPECIAL_CHARACTERS": 6,
    "CUSTOM_GFB": 13,
    "DOS_ATTACH_FILE_IN_BODY": 2,
    "USER_ENUM_REDIRECT_PAGE": 1,
    "UNWANTED_RESPONSE_HEADERS": 2,
    "SERVER_VERSION_EXPOSED_IN_AN_INVALID_REQUEST": 2,
    "PAYLOAD_KEYS_INVALID_VALUES": 1,
    "HEADER_ALL_KEYS_INVALID_VALUES": 5,
    "HTTP_RESPONSE_SPLITTING": 1,
    "NOSQLI_ERROR_BASED_REPLACE_BODY_MONGO_CUSTOM": 1,
    "JWT_INVALID_SIGNATURE": 1,
    "FETCH_SENSITIVE_FILES": 2,
    "DEFAULT_LOGIN_CREDENTIALS": 2,
    "OVERWRITING_EXISTING_RESOURCES_BY_MANIPULATING_IDENTIFIERS": 3,
    "AUTH_BYPASS_MULTI_CREDENTIAL_SINGLE_PARAM": 1,
    "MANIPULATE_NUMBER_DATA_TYPE": 3,
    "UNION_DATA_TYPE_BASED_SQLI_GET": 1,
    "CHECK_GENERAL_GROUP_CHANGES": 1,
    "SWAGGER_API_EXPOSURE": 3,
    "STANDARD_SSRF": 2,
    "REPLACE_AUTH_TOKEN_CACHING": 7,
    "REMOVE_CSRF": 11,
    "REMOVE_TOKENS_NEW": 3,
    "AUTH_BYPASS_SQL_INJECTION": 1,
    "REPLACE_AUTH_TOKEN": 3,
    "MUST_CONTAIN_RESPONSE_HEADERS": 5,
    "JWT_NONE_ALGO": 16,
    "SENSITIVE_DATA_EXPOSURE_JWT": 2
  },
  "testingRunsCount": 0,
  "cleanUpTestingResources": false,
  "jiraIssuesMapForResults": "null",
  "cicdTests": [
    {
      "date": "2024-05-12T13:40:11",
      "timestamp": 1715521211
    }
  ],
  "authMechanism": "null",
  "testRunsByUser": false,
  "currentTestsStatus": {
    "totalTestsCompleted": 0,
    "testRunsScheduled": 0,
    "testRunsQueued": 0
  },
  "latestSummaryIds": "null",
  "miniTestingServiceNames": "null",
  "usageTestRuns": "SUCCESS",
  "allTestsCountsRanges": "null",
  "sampleDataVsCurlMap": "null",
  "selectedTests": "null",
  "filters": "null",
  "testingRunType": "null",
  "recurringDaily": false,
  "overriddenTestAppUrl": "null",
  "workflowTest": "null",
  "testingRun": "null",
  "misConfiguredTestsCount": 0,
  "testRunTime": 0,
  "startTimestamp": 0,
  "errorEnums": "{}",
  "triggeredBy": "null"
}

/api/startTest

post

Header parameters

x-api-keystringRequired

You can get this from Settings > Integrations > Akto APls > Generate token

Example: API_KEY

Body

autoTicketingDetailsstringRequiredExample: null

continuousTestingbooleanRequiredExample: false

sendMsTeamsAlertbooleanRequiredExample: false

selectedTestsstring[]RequiredExample: ID_WRAP_ARRAY_OF_PARAMS_JSON_BODY_INTEGER_VAL

sourcestringRequiredExample: TESTING_UI

maxConcurrentRequestsinteger · int32RequiredExample: -1

typestringRequiredExample: CUSTOM

cleanUpTestingResourcesbooleanRequiredExample: false

recurringDailybooleanRequiredExample: false

overriddenTestAppUrlstringRequired

sendSlackAlertbooleanRequiredExample: false

recurringWeeklybooleanRequiredExample: false

testRunTimeinteger · int32RequiredExample: -1

startTimestampinteger · int32RequiredExample: 1756905566

recurringMonthlybooleanRequiredExample: false

testRoleIdstringRequired

testNamestringRequiredExample: juice_shop_demo_BFLA_BOLA_NO_AUTH

Responses

200

description

application/json

post

/api/startTest

POST /api/startTest HTTP/1.1
Host: app.akto.io
x-api-key: API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 596

{
  "autoTicketingDetails": "null",
  "continuousTesting": false,
  "sendMsTeamsAlert": false,
  "selectedTests": [
    "ID_WRAP_ARRAY_OF_PARAMS_JSON_BODY_INTEGER_VAL"
  ],
  "apiInfoKeyList": [
    {
      "method": "POST",
      "apiCollectionId": 1712830390,
      "url": "https://juiceshop.akto.io/rest/products/reviews"
    }
  ],
  "source": "TESTING_UI",
  "maxConcurrentRequests": -1,
  "type": "CUSTOM",
  "cleanUpTestingResources": false,
  "recurringDaily": false,
  "overriddenTestAppUrl": "",
  "sendSlackAlert": false,
  "recurringWeekly": false,
  "testRunTime": -1,
  "startTimestamp": 1756905566,
  "recurringMonthly": false,
  "testRoleId": "",
  "testName": "juice_shop_demo_BFLA_BOLA_NO_AUTH"
}

200

description

{
  "metadata": "null",
  "continuousTesting": false,
  "sendMsTeamsAlert": false,
  "allTestsCountMap": "{}",
  "testRunByTestEditor": false,
  "source": "TESTING_UI",
  "testRunIds": "null",
  "selectedTestRunResultHexIds": "null",
  "issueSummaryInfo": "SUCCESS",
  "testingRunResult": "null",
  "testCountMap": "null",
  "limit": 0,
  "testingRunHexId": "68b840be828b657eb835e928",
  "testRoleId": "",
  "testName": "juice_shop_demo_BFLA_BOLA_NO_AUTH",
  "testingRunResultSummaryHexId": "null",
  "selectedSlackWebhook": 0,
  "maxConcurrentRequests": -1,
  "latestTestingRunResultSummaries": "{}",
  "metadataFilters": "null",
  "sortKey": "scheduleTimestamp",
  "sortOrder": 0,
  "endTimestamp": 0,
  "issuesDescriptionMap": "null",
  "currentTestStateStatus": "SUCCESS",
  "testingRunResults": "null",
  "testingRunResultSummaries": "null",
  "runIssues": "null",
  "skip": 0,
  "issuesSummaryInfoMap": {
    "LLM_GLITCH_4": 1,
    "LLM_GLITCH_5": 1,
    "LLM_GLITCH_6": 1,
    "LLM_MALWARE_EVADE_SWIFT": 1,
    "AUTH_BYPASS_LOCKED_ACCOUNT_TOKEN_ROLE": 1,
    "LLM_GLITCH_1": 1,
    "REPLACE_TOKENS_CUSTOM_1712573847": 7,
    "LLM_GLITCH_2": 1,
    "DESCRIPTIVE_ERROR_MESSAGE_INVALID_PAYLOAD": 3,
    "PROMPT_LEAK_INJECTION": 1,
    "REMOVE_TOKENS": 5,
    "LLM_MALWARE_PAYLOAD_SWIFT": 1,
    "OPEN_REDIRECT_SUBDOMAIN_WHITELIST": 1,
    "OPEN_REDIRECT": 1,
    "LLM_MISLEADING": 1,
    "WORKSPACE_DATA_VULN": 11,
    "JWT_APPEND_SQL_INJECTION_MYSQL_CUSTOM_1723798796": 1,
    "NOSQLI_BOOLEAN_BASED_QUERY_PARAM": 1,
    "REMOVE_TOKENS_CUSTOM_1725722607": 9,
    "LLM_MALWARE_SUBFUNCTION_SWIFT": 1,
    "JWT_NONE_ALGO": 1,
    "LLM_MALWARE_COMPLETE_SWIFT": 1
  },
  "testingRunsCount": 0,
  "jiraIssuesMapForResults": "null",
  "cleanUpTestingResources": false,
  "authMechanism": {
    "authParams": [
      {
        "showHeader": true,
        "where": "HEADER",
        "value": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2ODhiMzc3Mjc4ZTQ1ZjQ2ZGMxMjEwNDEiLCJ1c2VybmFtZSI6ImFiY2QiLCJpc0FkbWluIjoiZmFsc2UiLCJpYXQiOjE3NTM5NTQxNjZ9.0m7COPCfDhagJNpNu9_Ti0cy1ehf0oKbGJzP53IoJ5Q",
        "key": "authorization"
      }
    ],
    "apiCollectionIds": "null",
    "cacheExpired": true,
    "id": "null",
    "type": "HardCoded",
    "requestData": "null",
    "recordedLoginFlowInput": "null",
    "uuid": "17702181-967a-414b-ab7b-f774798f3b3e"
  },
  "miniTestingServiceNames": "null",
  "currentTestsStatus": {
    "totalTestsCompleted": 0,
    "testRunsScheduled": 0,
    "testRunsQueued": 1
  },
  "latestSummaryIds": "null",
  "testRunsByUser": false,
  "usageTestRuns": "SUCCESS",
  "allTestsCountsRanges": "null",
  "sampleDataVsCurlMap": "null",
  "selectedTests": [
    "ID_WRAP_ARRAY_OF_PARAMS_JSON_BODY_INTEGER_VAL"
  ],
  "filters": "null",
  "testingRunType": "null",
  "recurringDaily": false,
  "overriddenTestAppUrl": "",
  "workflowTest": "null",
  "testingRun": "null",
  "testRunTime": -1,
  "misConfiguredTestsCount": 0,
  "startTimestamp": 0,
  "errorEnums": "{}",
  "triggeredBy": "null"
}

Bulk-export collection sample data for Burp Suite

post

Paginates through the sample data of the named collection and returns Burp Suite-compatible raw HTTP request + response strings for each endpoint. Pagination is cursor-based: pass lastUrlFetched and lastMethodFetched from the previous response to fetch the next page. Maximum 500 endpoints per page.

Source: ExportSampleDataAction.importInBurp()

Body

collectionNamestringRequired

Name of the API collection to paginate.

Example: My API Collection

lastUrlFetchedstringOptional

Pagination cursor: URL returned at the end of the previous page. Omit on the first request.

lastMethodFetchedstringOptional

Pagination cursor: HTTP method returned at the end of the previous page. Omit on the first request.

limitintegerOptional

Number of endpoints per page. Values ≤ 0 or > 500 are clamped to 500.

Example: 100

Responses

200

Paginated Burp request/response entries.

application/json

lastUrlFetchedstringOptional

Pass this value as lastUrlFetched in the next request to get the next page. null when there is no more data.

Example: /api/users

lastMethodFetchedstringOptional

Pass this value as lastMethodFetched in the next request.

Example: GET

actionErrorsstring[]Optional

400

collectionName does not match any existing collection.

post

/api/importInBurp

POST /api/importInBurp HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 50

{
  "collectionName": "My API Collection",
  "limit": 100
}

{
  "importInBurpResult": [
    {
      "url": "https://api.example.com/api/users",
      "req": "GET https://api.example.com/api/users HTTP/1.1\nHost: api.example.com\nAuthorization: Bearer [REDACTED_JWT]\n\n",
      "res": "HTTP/1.1 200 \nContent-Type: application/json\n\n{\"users\":[]}"
    }
  ],
  "lastUrlFetched": "/api/users",
  "lastMethodFetched": "GET",
  "actionErrors": [
    "text"
  ]
}

Upload a recorded login flow

post

Stores a recorded login flow and optionally executes it to extract an auth token. Two modes are supported:

Standard mode (default): miniTestingServiceName is null or hybridTestingEnabled is false for the account. The flow is triggered asynchronously. testingRunPlaygroundId is null in the response.
Hybrid mode: miniTestingServiceName is set AND the account has hybridTestingEnabled. A TestingRunPlayground document is created and its ID is returned. Poll fetchRecordedFlowOutput with this ID to retrieve the token.

Source: LoginRecorderAction.uploadRecordedFlow()

Body

contentstringRequired

JSON string representing the recorded login flow steps.

Example:

[{"action":"navigate","url":"https://app.example.com/login"},{"action":"type","selector":"#username","value":"admin"},{"action":"click","selector":"#login-btn"}]

tokenFetchCommandstringRequired

JavaScript expression or command executed after the login flow to extract the auth token (e.g. document.cookie).

Example: document.cookie

roleNamestringRequired

Name of the test role to associate with this login flow.

Example: admin

miniTestingServiceNamestringOptional

If set and the account has hybridTestingEnabled, activates hybrid mode and a TestingRunPlayground ID is returned for polling.

Responses

200

Flow uploaded. testingRunPlaygroundId is non-null only in hybrid mode.

application/json

testingRunPlaygroundIdstringOptional

ObjectId hex of the TestingRunPlayground document. null in standard mode.

actionErrorsstring[]Optional

post

/api/uploadRecordedFlow

POST /api/uploadRecordedFlow HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 260

{
  "content": "[{\"action\":\"navigate\",\"url\":\"https://app.example.com/login\"},{\"action\":\"type\",\"selector\":\"#username\",\"value\":\"admin\"},{\"action\":\"click\",\"selector\":\"#login-btn\"}]",
  "tokenFetchCommand": "document.cookie",
  "roleName": "admin"
}

200

Flow uploaded. testingRunPlaygroundId is non-null only in hybrid mode.

{
  "testingRunPlaygroundId": null,
  "actionErrors": [
    "text"
  ]
}

PreviousFetch Data NextTest results

Last updated 19 days ago

hashtag/api/stopTest

hashtag/api/startTest

hashtagBulk-export collection sample data for Burp Suite

hashtagUpload a recorded login flow

/api/stopTest

/api/startTest

Bulk-export collection sample data for Burp Suite

Upload a recorded login flow