Skip to main content

Add, edit or delete API authorization

This document is for Invicti Platform

To scan APIs that require authentication, you must add the appropriate authorization credentials. This ensures Invicti can access and analyze all protected endpoints during a scan.

This document explains how to add, edit, or delete authorization credentials for APIs listed in the API catalog in Invicti Platform.

Add authorization credentials

  1. Select Inventory > API catalog from the left-side menu.
  2. Locate your target and use the three-dot menu (⋮) to select Add authorization.
API catalog showing the three-dot menu with Add authorization option
  1. In the dialog that opens, enter the Admin and Standard users' credentials:
Authorization dialog showing form fields for entering credentials
  • Name—enter a label to help organize labels.
  • Authorization type—Select one of the following options:
    • API key—Enter the key—value pair required by the API.
    • Basic authentication—Enter the username and password.
    • Bearer token—Enter the bearer token used for authorization.
  1. Enter the login credentials for the selected users. You may skip any users for whom you do not wish to provide credentials.
  2. Only one user can be made default.
Credentials form showing default user selection option
  1. Click Save credentials to complete the process.
  2. The API catalog now shows a little key icon next to the API.
API catalog displaying API entry with key icon indicating configured authorization

Edit authorization credentials

  1. Select Inventory > API catalog from the left-side menu.
  2. Locate your target and use the three-dot menu (⋮) to select Edit authorization.
API catalog showing the three-dot menu with Edit authorization option
  1. In the dialog that opens, use the Edit button to amend the user details such as name, authorization type and authentication. Or, use the toggles to turn off and turn on the user.
Edit authorization dialog showing user details and toggle options
  1. Click Save credentials to save the changes.

Delete authorization credentials

To remove credentials for a single user, simply toggle off that user's entry. To delete the entire authorization, follow the steps following.

  1. Select Inventory > API catalog from the left-side menu.
  2. Locate your target and use the three-dot menu (⋮) to select Edit authorization.
API catalog showing the three-dot menu with Edit authorization option
  1. In the dialog that opens, click Delete all credentials. The credentials are deleted without a warning message.
Authorization dialog showing Delete all credentials button

Need help?

The Support team is ready to provide you with technical help. Go to Help Center

Was this page useful?