API Vulnerability Scanning
If you have a Single-Page Application that makes XMLHttpRequests (XHR) to an API, Probely will seamlessly follow those requests and scan the API endpoints.
If instead, your APIs integrates with more than one application or with 3rd parties, you will probably need to fully test the API, as you will most likely have a standalone API.
The main difference between these two use-cases lies in the crawler. In the case of a standalone API, it doesn’t need to navigate a web application. Instead, an API schema file is parsed to ensure complete coverage.
We support APIs defined by OpenAPI/Swagger schema files or Postman Collections.
-
Single Schema File URL
Define the schema file URL once, and a new version will be fetched before each scan. There is no need to upload a new schema file every time the API changes.
-
Dynamic Authentication
If your API requires an authentication token for all requests, which is retrieved beforehand from an authentication endpoint, Probely supports this.
-
Attribute Custom Values
You can set custom values for the attributes used in your schema file.