Skip to main content
availability

Package: Invicti API Security Standalone or Bundle
Access requirements: Access to API Security in Invicti Platform requires either an Administrator, Owner, Security Analyst, Security Manager role, or a custom role with the API Security permission.

Link discovered APIs to targets

Associating your discovered APIs with targets enables you to scan those APIs for vulnerabilities. Whenever the target is scanned, the linked API is also scanned automatically. This document explains how to link individual APIs from API Discovery to existing targets.

note

If you need to create targets for discovered APIs instead of linking to existing ones, refer to Create targets from API Discovery which covers both single and bulk target creation.

Once you have APIs in your API Discovery, you can link each API to an existing target if the API base URL is already set up as a target in Invicti Platform.

URL requirements

When linking an API to a target, the API base URL must be a subset of the target URL.

  • For example, if www.example.com is the target URL you are linking to, then the base URL for the API needs to be www.example.com/api/v1.
  • When the API base URL is different from the target URL, a new target needs to be added.
  • For example, if the API base URL is api.example.com and your target URL is www.example.com, then you would need to add a new target for api.example.com.

To link an API from your API Discovery to an existing target, follow these steps:

  1. Select Discovery > API Discovery from the left-side menu.
  2. Locate the API you want to link and select Link.
  3. Click Link to open the Link target dialog.
Link target dialog showing dropdown menus for target and API base URL selection
  1. Using the dropdown menus, select the target and API base URL, then click Link target.
Link target dialog showing API Base URL

The name of the linked target is now displayed in the Target column of the API Discovery. The next time the linked target is scanned, the associated API specification is also scanned automatically.

Vulnerability identification

After scanning a target that is linked to an API, the Vulnerabilities tab on the Scans > All scans > Scan details page indicates which vulnerabilities are from the scanned API by placing an "API" tag next to the vulnerability name.

After linking

Once an API is linked to a target:

  • The API moves from API Discovery to the API Catalog
  • The API will be automatically included in scans of the linked target
  • You can manage the linked API from Inventory > API catalog
  • You can unlink the API from the target if needed using the unlink process

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Last updated on
Was this page useful?