Skip to main content

Retrieve the target ID

Invicti Platform uses two different target identifiers depending on the context:

  • Asset ID: The Inventory layer identifier. Use this for CI/CD pipeline integrations (as INVICTI_TARGET_ID) and for Inventory API calls such as querying vulnerabilities.
  • DAST target ID: The DAST layer identifier. Use this when making direct calls to the DAST API to launch scans.

Through the Invicti Platform UI

Asset ID in the browser URL (1) and DAST target ID in the Details drawer (2).
  1. Asset ID — visible in the browser URL as the assetId parameter
  2. DAST target ID — listed in the Details section of the target drawer

Asset ID

The Asset ID is the assetId value visible in the browser URL when you open a target in Invicti Platform.

  1. Select Inventory >Targets from the left-side menu.

  2. Find and click the target for which you want to obtain the ID.

  3. The Asset ID appears in the browser URL as the assetId parameter:

    https://platform.invicti.com/app/inventory/targets?assetId=7809d1b4-871a-4fc2-af0f-5d36c9f4b86d

  4. Copy the GUID value of assetId. This is the Asset ID to use in your integrations and scripts (for example, as INVICTI_TARGET_ID in CI/CD pipelines).

DAST target ID

The DAST target ID is listed in the target's Details drawer in Invicti Platform. Use this ID when making direct DAST API calls to launch scans.

  1. Select Inventory >Targets from the left-side menu.
  2. Find the target for which you want to obtain the DAST target ID.
  3. Click on the target to open its drawer.
  4. The DAST target ID is listed in the Details section.

You can also retrieve the DAST target ID programmatically by sending a GET request to the Invicti API.

Retrieve the DAST target ID via API

Use the provided command to make a GET request to the Invicti Platform API and retrieve a list of targets with a filter applied.

Here is a breakdown of the command:

  • https://platform.invicti.com/api/v1/targets?q=localhost: is the URL to which the GET request is sent. It includes the endpoint /api/v1/targets for retrieving targets and a filter q=localhost to filter the results based on target names or descriptions containing "localhost".
  • -H "Accept: application/json": specifies that the client expects JSON-formatted responses from the server.
  • -H "X-Auth: [API-Key]": provides authentication to the Invicti Platform API using an API key. Replace the [API‑Key] with the actual API key.
curl -i -k -X GET https://platform.invicti.com/api/v1/targets?q=localhost -H "Accept: application/json" -H "X-Auth: [API-Key]"

The provided response includes information about a target, including its DAST target_id. Here is the response with the target_id highlighted:

Target ID in the API response.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Last updated on
Was this page useful?