API

Application Programming Interfaces.

APIs enable software systems and applications to communicate and share data.

Types:

• RESTful

• JSON

API Documentation

• /api

• /swagger/index.html

• /openapi.json

You can use Burp Scanner to crawl and audit OpenAPI documentation, or any other documentation in JSON or YAML format. You can also parse OpenAPI documentation using the OpenAPI Parser BApp. You may also be able to use a specialized tool to test the documented endpoints, such as Postman or SoapUI.

Attacks

• Potentially all web attacks

• Try with parameter pollution (#, &, and =)

• Some parameters can be used to call url API server side, try with Path Traversal.