API Scanning
AppTrana allows users self-onboard their APIs and start automated security scans directly from the portal, simplifying API security and enabling faster vulnerability detection across the API lifecycle.
How to Onboard Your APIs for Automated Scanning
From the left-side menu, click API Security.
Use the All Domains filter to choose the site where your APIs are hosted.
To upload Your API Collection, Click Upload APIs.
Click Choose File and select the .json Postman collection containing your API endpoints.
Select the .json Postman file containing your API endpoints. Click Open to proceed.
Verify endpoints: only those matching the site’s base URL are selectable.
After a successful upload, the scan configuration screen displays all extracted endpoints, ready for scanning.
Configure APIs
This section allows administrators to manage the security scanning settings of various API endpoints.
Key Sections
License Usage
The License Usage section displays the number of API scan capacities or endpoints available for the current plan, including how many have been used and how many remain, across all API sites
Import History -This dropdown shows previous import actions if users uploaded an API spec (OpenAPI/Swagger) to compare or validate.
Search Bar - Quickly find specific APIs by searching for the API name, method (GET, POST, etc.), or URI.
Methods - Filters the list of APIs based on Methods like GET, POST, PUT, DELETE, etc.
Upload APIs: Allows you to upload a file containing a list of APIs, making it easier to bulk configure endpoints.
API Endpoint Table
Each API is listed with its respective method, URI, and scan status.
| Parameters | Description |
| Endpoint | Describes the API action or functionality (e.g., login, account transactions). |
| Method | The HTTP method used for the request (e.g., POST, GET). |
| Enable Scan | A toggle that enables or disables scanning for the respective API. If enabled, the API will undergo security testing to identify vulnerabilities. |
| URI | The full Uniform Resource Identifier (URI) for the API endpoint. |
| Found On | Displays the date and time when the API was last registered or discovered within the system. |
How to Configure API Scans
Locate the API: Use the search bar or scroll through the table to find the API endpoint you want to configure.
Enable or Disable Scan:
- Toggle the "Enable Scan" button to the "ON" position to allow security scanning.
- Toggle to the "OFF" position to disable scanning for the endpoint.
- Use the bulk selection option at the top to enable or disable scanning for complete endpoints at once.
- Review and Save: Once you have configured the necessary APIs, click the Save Changes button to apply your settings.
- A confirmation popup will appear, click Yes to proceed or Cancel to go back.
- Upon confirmation, you’ll see the message:
“API definition updated successfully”
Start API Scan
- Click the Manage Scans.
- This will take you to the Vulnerabilities → Previous Scans section.
- Click API Scan to initiate scanning for the selected APIs.
- In the confirmation popup, click Confirm.
- A message will appear: “Scan has been scheduled successfully.”
- The button label will change to Stop Scan, allowing you to stop the scan before completion if needed
Once the scan is completed, results can be viewed under the Previous Scans tab in the Selected API Scan section.
| Parameter | Description |
| Scan Started | Date and time the API scan was initiated. |
| Scan Finished | Date and time the scan was completed. |
| Total Vulnerabilities Found | Total number of issues discovered in selected API endpoints. |
| Exploits Blocked (last 30 days) | Number of exploitation attempts blocked in the last 30 days for those APIs |
Available Actions Post-Scan
- Download API Scan Report: Generate a detailed scan report in PDF format.
- API Scan: Trigger a new scan using the previously selected endpoints.
- Click Manage Scan in Previous Scans tab to manage your