Get started

availability

Deployment: Invicti Platform on-demand, Invicti Platform on-premises

Part of API scanning workflows series

This is part 1 of 4 in the API scanning workflows series.
Next: Configure

This document is part 1 of the API scanning workflows series, the hands-on implementation companion to the API fundamentals series. It covers the full workflow from setting up your environment through to reviewing results and generating reports.

Prerequisites

Before starting, make sure you have the following ready:

API key - if you still need one, refer to Get your API key from the API fundamentals series
Access to the API documentation - available from the same place as your API key
A testing tool - this series uses Postman in its examples, but any API client works

API specifications needed

To follow the workflows in this series you need the Inventory API and the DAST API specification files:

Inventory API: For target and asset management
DAST API: For scan configuration, execution, and results

Both specifications are available through the Swagger UI at <your-platform-url>/swagger/, for example https://platform.invicti.com/swagger/. Download these and import into your API tool.

Quick reference

Platform URLs

All API requests use a base URL that depends on your deployment:

United States: https://platform.invicti.com
Europe: https://platform-eu.invicti.com
Canada: https://platform-ca.invicti.com
On-premises or private tenant: use the URL you normally use to access your Invicti Platform environment.

Authentication header

All requests must include the X-Auth HTTP header. The value is your API key:

X-Auth: a1b2c3d4-e5f6-7890-abcd-ef1234567890

Required and optional fields

Each request in this series includes a placeholder table listing the fields you need to fill in. You can omit fields marked as No in the Required column from the request body.

Next steps

With your prerequisites in place and the preceding information, you're ready to start managing targets:

→ Continue to Configure

Complete workflow series

Overview
Part 1: Get started ← You are here
Part 2: Configure
Part 3: Launch
Part 4: Review and report

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Was this page useful?

Prerequisites​

API specifications needed​

Platform URLs​

Authentication header​

Required and optional fields​

Next steps​

Complete workflow series​

Need help?​