Skip to main content
availability

Package: Invicti AppSec Core (on-demand)

Kong Konnect

Invicti AppSec Core can connect to Kong Konnect to automatically import Swagger 2 and OpenAPI 3 specifications from your API Products Dashboard into the API catalog.

This document explains how to generate a Kong Konnect personal access token and configure the source in Invicti AppSec Core.

Why this matters

Kong Konnect centralizes API management across your teams and services. Connecting it to Invicti AppSec Core means every API published in your API Products Dashboard is automatically available for security scanning, giving you coverage without extra steps.

Prerequisites

Before you begin, make sure you have a Kong Konnect account with API specifications published via the API Products Dashboard.

Step 1: Generate a personal access token

  1. In Kong Konnect, click your profile icon in the top-right corner.
  2. Select Personal access tokens.
  3. Click + Generate token.
  4. Enter a name and set an expiration period.
  5. Click Generate and copy the token. You can't retrieve it after leaving this page.

Step 2: Configure Kong Konnect in Invicti AppSec Core

  1. Select Discovery > API sources from the left-side menu.
  2. Click Add source.
  3. Select the Kong Konnect source type card.
  4. Click Continue.
  5. Enter a name for the source.
  6. Select the Region that matches your Kong Konnect account location.
  7. Paste the personal access token.
  8. Click Authenticate and save.

Step 3: Synchronize

To run an immediate sync, click the sync icon next to the source on the API sources page.

Invicti AppSec Core automatically synchronizes with Kong Konnect every 24 hours. You can trigger a manual sync or turn off auto-sync using the toggle on the source.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Was this page useful?