Skip to main content
POST
Initiate Scan

Authorizations

api-key
string
header
required

A unique API Key.

Headers

X-Org-Id
string

Organization ID to associate the scan with

Path Parameters

target
string
required

Target to scan (domain, IP, or URL)

Query Parameters

org_id
string

Organization ID to associate the scan with

Body

application/json

Optional advanced configuration for the scan

Advanced configuration options for initiating a scan. Useful for authenticated testing, api scanning, and fine-tuning crawler limits.

web
boolean

Enable web application scanning mode

fuzzing
boolean

Enable fuzzing for deeper discovery

Follow links during crawling

exclude_paths
string[]

Paths to exclude from scanning (e.g., ['/logout', '/delete'])

cookies
string

Custom cookies to include in requests

proxy_usage
string

Proxy URL to route scan traffic through

Authorization
string

Authorization header value (e.g., Bearer token)

openapi_spec
string

Raw JSON or YAML OpenAPI 2.x/3.x specification for API DAST scanning

openai_spec
string

Alias for openapi_spec (handles common typos)

custom_headers
object[]

Custom HTTP headers to include in requests

Response

Scan successfully initiated

reqid
string<uuid>

Unique ID for this scan request

message
string
Example:

"Scan initiated for target: example.com"