Getting Started
Unauthenticated API Scan
API security is a critical part of modern applications attack surface. With ZeroThreat, you can easily run API scans to test API endpoints for vulnerabilities.
Unauthenticated API scans are ideal for checking open endpoints—those that do not require any cookies, Headers or token to reach them. This makes them perfect for testing public APIs for vulnerabilities on such unauthenticated traffic.
Once your API collection is set up, you’re ready to launch your first Unauthenticated API Scan in ZeroThreat.
Unauthenticated API Scan
- Navigate to the ZeroThreat Dashboard and select your previously created API Target.
.png)
- Ensure that an API Collection already exists for this target or create a new one. ZeroThreat will use this collection as the source for endpoints to scan.
Need help creating a target and collection?
Follow our Creating a Collection guide to make sure your API target and collection are ready.
- After selecting the API Target, go to the Unauthenticated API Scan section.
.png)
- From the Collection dropdown, select the API collection you want to scan.
.png)
- Click “Start Scan.”
ZeroThreat will now launch the scan, testing all the APIs endpoints from the Collection.
This scan will only cover publicly accessible API endpoints. Any endpoint that requires authentication will likely return errors like 401 Unauthorized or 403 Forbidden during this scan.
After starting the scan, you can track its status from the Recent Scans in dashboard and the Scans sections.
Want to review findings in your Scan Report? Head over to Scan Report guide.
Need to Test Authenticated API Endpoints? Check out our Authenticated API Scan guide.