API

Application Programming Interfaces.

APIs enable software systems and applications to communicate and share data.

Types:

RESTful
JSON

API Documentation

/api
/swagger/index.html
/openapi.json

You can use Burp Scanner to crawl and audit OpenAPI documentation, or any other documentation in JSON or YAML format. You can also parse OpenAPI documentation using the OpenAPI Parser BApp. You may also be able to use a specialized tool to test the documented endpoints, such as Postman or SoapUI.

Attacks

Potentially all web attacks
Try with parameter pollution (#, &, and =)
Some parameters can be used to call url API server side, try with Path Traversal.

Last updated 12 days ago

Was this helpful?