Package: Invicti API Security Standalone or Bundle Access requirements: access to API Security in Invicti Platform requires either an Administrator, Owner, Security Analyst, Security Manager role, or a custom role with the API Security permission.
Exclude API operations from scans
In the API catalog, you can exclude individual API operations from security scans. This lets you control scan coverage by skipping operations that are not relevant, not yet ready for testing, or intentionally out of scope.
Excluded operations are permanently marked and remain excluded from all future scans until you explicitly re-include them.
Exclude an operation from scanning
- Select Inventory > API catalog from the left-side menu.
- Locate the API and expand its endpoint list using the down arrow.
- Open the three-dot menu (⋮) next to the operation you want to exclude.
- Select Exclude from scan.
The operation is immediately marked with an Excluded from scan badge. It won't be tested in any subsequent scans.
Re-include an excluded operation
- Select Inventory > API catalog from the left-side menu.
- Locate the API and expand its endpoint list.
- Open the three-dot menu (�⋮) next to the excluded operation.
- Select Include in scan.
The Excluded from scan badge is removed and the operation is included in future scans.
Excluding or re-including an operation does not affect scans that are already in progress. The change applies to subsequent scans only.
Need help?
The Support team is ready to provide you with technical help. Go to Help Center