Linking and unlinking discovered APIs to targets
This feature is available with Invicti API Security Standalone or Bundle
Associating your discovered and imported APIs with targets enables you to scan those APIs for vulnerabilities. Whenever the target is scanned, the linked API will also be scanned automatically. This guide shows you how to link and unlink APIs with targets from your API Inventory in Acunetix.
NOTE: Access to API Discovery in Acunetix requires either an Account or System Administrator role, or a custom role with the API Discovery permission. |
How to link an API to a target
Once you have some APIs in your API Inventory, you can link each API specification file to an existing target or create a new target to link to if the API base URL is not yet set up as a target in Acunetix.
IMPORTANT: When linking an API to a target, the API base URL must be a subset of the target URL.
When the API base URL is different from the target URL, a new target needs to be added.
|
To link an API from your API Inventory to a target:
- Select APIs from the left-side menu.
- From your API Inventory, locate the API you want to link and click Link Target.
- Click the Target drop-down and choose your preferred option:
- Select an existing target from the list if you already have a target that matches your API base URL.
- Select + Add new target if you need to add a new target to match your API base URL.
NOTE: Adding a new target will use one of your available licenses. |
- Enter the API base URL of the API you are linking.
- Click Link target or Add Target.
The URL of the linked target is now displayed in the Linked target column of your API Inventory. The next time the linked target is scanned, the associated API specification will also be scanned automatically.
TIP: After scanning a target that is linked to an API, the Vulnerabilities tab on the Scan Detail page will indicate which vulnerabilities are from the scanned API by placing an 'API' tag next to the vulnerability name. The API tag is also visible on the Vulnerabilities page to help identify which vulnerabilities have come from APIs. |
How to unlink an API from a target
To unlink an API in your API Inventory from a target:
- Select APIs from the left-side menu.
- From your API Inventory, locate the API you want to unlink, click the three dots icon on the right, and select Unlink target.
- Click Unlink target to confirm the action.
The API is no longer linked to a target and cannot be scanned unless you link it to a target again. Any previously identified vulnerabilities related to the API are no longer shown in the API Inventory.