Can I perform scans on different API formats?

You can only perform scans on RESTful Web services, which accept application/JSON as the data format. Support for other API formats will be available in our future version.

How many APIs can I scan parallelly?

You can scan up to 4 APIs in parallel.

Can I scan my internal APIs with this scanner?

No, you cannot perform scans on your internal APIs.

Can I scan my public-facing APIs?

Yes, you can scan your public-facing APIs, but we strictly recommend scanning only the APIs hosted on your Staging/Dev/QA/Test environment.

Can I integrate this scanner in our DevOps?

It is not currently supported. However, our team is working to make this feature available soon.

What type of report formats are generated by this scanner?

Reports are available in PDF, HTML, XML and JSON formats.

How many roles does the product support?

We support only the Client Admin role who could use this product to scan the APIs and download the reports. We will add more roles in the upcoming updates.

What should I do if the scan fails?

• Check if your APIs are accessible
• Do they have any firewall restrictions set, which are preventing our scanners?
• You can also create a ticket using the in-app feature of API Critique. We will get back to you within 48Hrs.

What should I do if I notice a false positive raised by your scanner?

You should reach out to our technical support team with the relevant details at support@apicritique.com.

What should I do if I think there is an issue not identified by the API Critique?

Drop us an email with the technical details where the scanner has failed to identify the vulnerability to address that issue in our back-end systems.

Can I get a refund if the scan fails?

Kindly, reach out to our support team to understand why the scan has failed, we will revert in 48Hrs.

Can I schedule my scans?

You can schedule your scans on multiple API projects in a specific time, day, month, and year.

Can I see the scan results activity in Slack?

Yes, you can integrate your channel with API Critique to see the activity.

Can I integrate Jira to this API Critique?

Yes, you can integrate with Jira.

Does this scanner support Web Service/API scans from the Web/Mobile/Thick client applications?

Your only option is to scan the web services by either uploading the web service documentation or manually adding the API endpoints. The service discovery feature will be available in the future version.

Does this scan APIs which have an authentication proxy in between?

The current version of the product only scans your APIs, which have a straightforward authentication, i.e., a login endpoint with credentials.

Any authentication proxy like OAuth, Active Directory, OpenID Connect flow is not supported.