NAV
python java shell

Introduction

Overview

Welcome to ZAP API Documentation! The Zed Attack Proxy (ZAP) is one of the world's most popular free security tools which lets you automatically find security vulnerabilities in your applications. ZAP also has an extremely powerful API that allows you to do nearly everything that is possible via the desktop interface. This allows the developers to automate pentesting and security regression testing of the application in the CI/CD pipeline.

This document provides example guides & API definitions for ZAP APIs. You can view code examples in the dark area to the right; switch the programming language of the examples with the tabs on the top right. If anything is missing or seems incorrect, please check the FAQs or the GitHub issues for existing known issues. Also, if you are new to ZAP, then check out the getting started guide to learn the basic concepts behind ZAP.

The following are some of the features provided by ZAP:

Have a look at the examples below to learn how to use each of these features via ZAP API.

Documentation Structure

The API documentation is divided into nine main sections.

Basics on the API Request

ZAP APIs provide access to most of the core features of ZAP such as the active scanner and spider. ZAP API is enabled by default in the daemon mode and the desktop mode. If you are using ZAP desktop, then the API can be configured by visiting the following screen:

Tools -> Options -> API.

zap_desktop_api

Please note that not all the operations which are available in the desktop interface are available via the APIs. Future versions of ZAP will increase the functionality/scope available via the APIs.

API URL Format

The API is available via GET and POST endpoints and the response is available in JSON, XML, HTML, and OTHER (custom formats, e.g. HAR) formats. All the response formats return the same information, just in a different format. Based on the use case, choose the appropriate format. For example, to generate easily readable reports use the HTML format and use XML/JSON based response to parse the results quickly.

The following example shows the API URL format of ZAP:

http://zap/<format>/<component>/<operation>/<operation name>[/?<parameters>]

The format can be either JSON, XML or HTML. The operation can be either view or action or other. The view operation is used to return information and the action is used to control ZAP. For example, views can be used to generated reports or retrieve results and action can be used to start or stop the Spider. The components, operation names and parameters can all be discovered by browsing the API Catalogue.

Access the API

The REST API can be accessed directly or via one of the client implementations detailed below.
A simple web UI is also available to explore and use the APIs via the browser. This web UI can be accessed via http://zap/ when you are proxying through ZAP, or via the host and port ZAP is listening on, e.g. http://localhost:8080/.

zap_api_ui

By default only the machine ZAP is running on is able to access the APIs. You can allow other machines, that are able to use ZAP as a proxy, access to the API.

Client SDKs

API clients are available for the following languages:

Language Download links Notes
.NET NuGet Official API
Java GitHub Maven Central Official API
Node.js NPM Official API
PHP GitHub Packagist In process of becoming an official API
Python PyPI Official API
Ruby GitHub

Quick Setup Guide

The quick setup guide focuses on setting up ZAP and a testing application. If you have already setup ZAP then Jump to specific example to experiment with specific features.

Start ZAP

# For Linux, Option: 1, using "headless/daemon" mode
<ZAP_HOME>./zap.sh -daemon -config api.key=change-me-9203935709
# For Linux, Option: 2, using ZAP desktop App
<ZAP_HOME>./zap.sh

# For Windows, Run the exe file or zap.bat script to start ZAP
// For Linux, Option: 1, using "headless/daemon" mode
<ZAP_HOME>./zap.sh -daemon -config api.key=change-me-9203935709
// For Linux, Option: 2, using ZAP desktop App
<ZAP_HOME>./zap.sh

// For Windows, Run the exe file or zap.bat script to start ZAP
# For Linux, Option: 1, using "headless/daemon" mode
$ <ZAP_HOME>./zap.sh -daemon -config api.key=change-me-9203935709
# For Linux, Option: 2, using ZAP desktop App
$ <ZAP_HOME>./zap.sh 

# For Windows, Run the exe file or zap.bat script to start ZAP

To install ZAP, go to ZAP's home page and download the installer specific to the operating system. After extracting the bundle you can start ZAP by issuing the following command shown in the right column.

The API key must be specified on all API actions and some other operations. The API key is used to prevent malicious sites from accessing ZAP API.

Setup a Testing Application

If you already have a website to scan or to perform security testing, then obtain the URL/IP of the application to begin the scanning. The example guide uses Google's Firing Range and OWASP Juice Shop to perform the security testing. The Spidering and Attacking examples use the public instance of the Firing Range, and OWASP Juice Shop are used to showcase the Authentication examples of ZAP.

The following is a list of publicly available vulnerable applications that you can also used in conjunction with ZAP.

Getting Help

All available APIs are documented in the API Catalogue. If you are new to ZAP, then it's highly recommended that you experiment with the desktop UI before trying out the APIs. Because ZAP's APIs strongly resemble the desktop UI. Therefore by working with the UI, you will get a good understanding on how to orchestrate ZAP's APIs. Also, use the export config functionality from the desktop UI to export complex configurations such as contexts, scan policies, etc. Then use the exported configurations when creating the automation scripts.

ZAP has a very friendly and active developer community. Always feel free to raise a question in the ZAP users forum or Stack Overflow for issues related to ZAP. Also, use the ZAP's GitHub repository to raise a bug report or to make any feature requests.

Stay tuned on twitter @zaproxy.

Exploring the App

In order to expose content and functionality for ZAP to test the target the application should be explored before performing any scan or attack. The more you explore your App the more accurate the results will be. If the application is not explored very well then it will impact or reduce the vulnerabilities ZAP can find.

The following are some of the options to explore the site by using ZAP. You can use multiple approaches in a combination to get more complete coverage of the application.

Using Spider

#!/usr/bin/env python
import time
from zapv2 import ZAPv2

# The URL of the application to be tested
target = 'https://public-firing-range.appspot.com'
# Change to match the API key set in ZAP, or use None if the API key is disabled
apiKey = 'changeMe'

# By default ZAP API client will connect to port 8080
zap = ZAPv2(apikey=apiKey)
# Use the line below if ZAP is not listening on port 8080, for example, if listening on port 8090
# zap = ZAPv2(apikey=apiKey, proxies={'http': 'http://127.0.0.1:8090', 'https': 'http://127.0.0.1:8090'})

print('Spidering target {}'.format(target))
# The scan returns a scan id to support concurrent scanning
scanID = zap.spider.scan(target)
while int(zap.spider.status(scanID)) < 100:
    # Poll the status until it completes
    print('Spider progress %: {}'.format(zap.spider.status(scanID)))
    time.sleep(1)

print('Spider has completed!')
# Prints the URLs the spider has crawled
print('\n'.join(map(str, zap.spider.results(scanID))))
# If required post process the spider results

# TODO: Explore the Application more with Ajax Spider or Start scanning the application for vulnerabilities
public class Spider {

    private static final String ZAP_ADDRESS = "localhost";
    private static final int ZAP_PORT = 8080;
    // Change to match the API key set in ZAP, or use NULL if the API key is disabled
    private static final String ZAP_API_KEY = "change me";
    // The URL of the application to be tested
    private static final String TARGET = "https://public-firing-range.appspot.com";

    public static void main(String[] args) {
        ClientApi api = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY);

        try {
            // Start spidering the target
            System.out.println("Spidering target : " + TARGET);
            ApiResponse resp = api.spider.scan(TARGET, null, null, null, null);
            String scanID;
            int progress;

            // The scan returns a scan id to support concurrent scanning
            scanID = ((ApiResponseElement) resp).getValue();
            // Poll the status until it completes
            while (true) {
                Thread.sleep(1000);
                progress = Integer.parseInt(((ApiResponseElement) api.spider.status(scanID)).getValue());
                System.out.println("Spider progress : " + progress + "%");
                if (progress >= 100) {
                    break;
                }
            }
            System.out.println("Spider completed");
            // If required post process the spider results
            List<ApiResponse> spiderResults = ((ApiResponseList) api.spider.results(scanID)).getItems();

            // TODO: Explore the Application more with Ajax Spider or Start scanning the application for vulnerabilities

        } catch (Exception e) {
            System.out.println("Exception : " + e.getMessage());
            e.printStackTrace();
        }
    }
}
# To start the Spider scan (Response: Scan ID). Modify the API Key and URL to suite the target
$ curl "http://localhost:8080/JSON/spider/action/scan/?apikey=<ZAP_API_KEY>&url=https://public-firing-range.appspot.com&contextName=&recurse="

# To view the scan status/ percentage of work done
$ curl "http://localhost:8080/JSON/spider/view/status/?apikey=<ZAP_API_KEY>&scanId=<SCAN_ID>"

# To view the scan results
$ curl "http://localhost:8080/JSON/spider/view/results/?apikey=<ZAP_API_KEY>&scanId=<SCAN_ID>"

# To stop the scanning
$ curl "http://localhost:8080/JSON/spider/action/stop/?apikey=<ZAP_API_KEY>&scanId=<SCAN_ID>"
# To pause the scanning
$ curl "http://localhost:8080/JSON/spider/action/pause/?apikey=<ZAP_API_KEY>&scanId=<SCAN_ID>"
# To resume the scanning
$ curl "http://localhost:8080/JSON/spider/action/resume/?apikey=<ZAP_API_KEY>&scanId=<SCAN_ID>"

The Spider is a tool that is used to automatically discover new resources (URLs) on a particular site. It begins with a list of URLs to visit, called the seeds, which depends on how the Spider is started. The Spider then visits these URLs, it identifies all the hyperlinks in the page and adds them to the list of URLs to visit, and the process continues recursively as long as new resources are found. Each response type is processed differently in ZAP. All the available endpoints for the spider can be found in spider section.

Start the Spider

The Spiders explore the site and they don't actually do any scanning. The resources crawled by the Spider(s) are passively scanned in the background via the Passive Scanner. The scan API runs the spider against the given URL. Optionally, the 'maxChildren' parameter can be set to limit the number of children scanned and the 'recurse' parameter can be used to prevent the spider from seeding recursively. The parameter 'subtreeOnly' allows to restrict the spider under a site's subtree (using the specified 'URL'). The parameter 'contextName' can be used to constrain the scan to a Context. View the context example to understand how to create a context with ZAP API.

The code sample on the right recursively scans the application with the provided URL. The scan ID is returned as a response when starting the Spider. Use this scan ID to perform any additional actions or to retrieve any views from the Spider API.

View Status

The spider scan is a async request and the time to complete the task will vary depending on the complexity of the web application. The scan ID returned via starting the spider should be used to obtain the results of the crawling. Execute the status API to get the status/percentage of work done by the Spider.

View Spider Results

The results of the crawling can be obtained via the results API. The following image shows the JSON sample response provided by the results API, listing all the resources crawled by Spider.

spider results

Stop or Pause the Spider

If the scanning takes more time than expected you can stop or pause the scanning via using the stop or pause APIs. Additional APIs are available in the API Catalogue to pause or resume or to stop All the scanning processes.

The advanced section on Spider contains more examples on how to tweak/improve the Spider results.

Using Ajax Spider

#!/usr/bin/env python
import time
from zapv2 import ZAPv2

# The URL of the application to be tested
target = 'https://public-firing-range.appspot.com'
# Change to match the API key set in ZAP, or use None if the API key is disabled
apiKey = 'changeme'

# By default ZAP API client will connect to port 8080
zap = ZAPv2(apikey=apiKey)
# Use the line below if ZAP is not listening on port 8080, for example, if listening on port 8090
# zap = ZAPv2(apikey=apiKey, proxies={'http': 'http://127.0.0.1:8090', 'https': 'http://127.0.0.1:8090'})

print('Ajax Spider target {}'.format(target))
scanID = zap.ajaxSpider.scan(target)

timeout = time.time() + 60*2   # 2 minutes from now
# Loop until the ajax spider has finished or the timeout has exceeded
while zap.ajaxSpider.status == 'running':
    if time.time() > timeout:
        break
    print('Ajax Spider status' + zap.ajaxSpider.status)
    time.sleep(2)

print('Ajax Spider completed')
ajaxResults = zap.ajaxSpider.results(start=0, count=10)
# If required perform additional operations with the Ajax Spider results

# TODO: Start scanning the application to find vulnerabilities
public class AjaxSpider {

    private static final int ZAP_PORT = 8080;
    private static final String ZAP_API_KEY = null;
    private static final String ZAP_ADDRESS = "localhost";
    private static final String TARGET = "https://public-firing-range.appspot.com";

    public static void main(String[] args) {
        // Create the ZAP Client
        ClientApi api = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY);

        try {
            // Start spidering the target
            System.out.println("Ajax Spider target : " + TARGET);
            ApiResponse resp = api.ajaxSpider.scan(TARGET, null, null, null);
            String status;

            long startTime = System.currentTimeMillis();
            long timeout = TimeUnit.MINUTES.toMillis(2); // Two minutes in milli seconds
            // Loop until the ajax spider has finished or the timeout has exceeded
            while (true) {
                Thread.sleep(2000);
                status = (((ApiResponseElement) api.ajaxSpider.status()).getValue());
                System.out.println("Spider status : " + status);
                if (!("stopped".equals(status)) || (System.currentTimeMillis() - startTime) < timeout) {
                    break;
                }
            }
            System.out.println("Ajax Spider completed");
            // Perform additional operations with the Ajax Spider results
            List<ApiResponse> ajaxSpiderResponse = ((ApiResponseList) api.ajaxSpider.results("0", "10")).getItems();

            // TODO: Start scanning(passive/active scan) the application to find vulnerabilities

        } catch (Exception e) {
            System.out.println("Exception : " + e.getMessage());
            e.printStackTrace();
        }
    }
}
# To start the Ajax Spider
$ curl "http://localhost:8080/JSON/ajaxSpider/action/scan/?apikey=<ZAP_API_KEY>&url=<URL>&inScope=&contextName=&subtreeOnly="

# To view the status
$ curl "http://localhost:8080/JSON/ajaxSpider/view/status/?apikey=<ZAP_API_KEY>"

# To view the number of results
$ curl "http://localhost:8080/JSON/ajaxSpider/view/numberOfResults/?apikey=<ZAP_API_KEY>"

# To view the results
$ curl "http://localhost:8080/JSON/ajaxSpider/view/fullResults/?apikey=<ZAP_API_KEY>"

# To stop the Ajax Spider
$ curl "http://localhost:8080/JSON/ajaxSpider/action/stop/?apikey=<ZAP_API_KEY>"

Use the Ajax Spider if you have applications which heavily depend on Ajax or JavaScript. The Ajax Spider allows you to crawl web applications written in Ajax in far more depth than the traditional Spider.You should also use the traditional Spider as well for complete coverage of a application (e.g. to cover HTML comments).

Start Ajax Spider

The scan API starts the Ajax Spider based on a given URL. Similar to the Traditional Spider, Ajax Spider can be also limited to a context or scope. The parameter 'contextName' can be used to constrain the scan to a Context, the option 'inScope' is ignored if a context was also specified. The parameter 'subtreeOnly' allows to restrict the spider under a site's subtree (using the specified 'URL').

View Status

Unlike the traditional Spider, Ajax Spider does not provide a percentage for the work to be done. Use the status endpoint to identify whether the Ajax Spider is still active or finished.

View Results

Similar to the Traditional Spider, the Ajax Spider's results API can be used to view the resources which are crawled by the Ajax Spider. The following image shows a sample response given by the API.

ajax_spider_results

Stop the Ajax Spider

Ajax spider does not have an indication on how much resources are left to be crawled. Therefore if the Ajax spider takes too much time than expected, then it can be stopped by using the stop API.

View the advanced section on Ajax Spider to learn more about how to further fine-tune the results of the Ajax Spider.

Attacking the App

The application should be explored before starting to scan for security vulnerabilities. If you haven't done that look at the explore section on how to explore the web application. The following section provides examples on how to use the Passive and Active Scanner to find security vulnerabilities in the application.

Using Passive Scan

public class PassiveScan {

    private static final int ZAP_PORT = 8080;
    private static final String ZAP_API_KEY = null;
    private static final String ZAP_ADDRESS = "localhost";

    public static void main(String[] args) {
        ClientApi api = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY);
        int numberOfRecords;

        try {
            // TODO : explore the app (Spider, etc) before using the Passive Scan API, Refer the explore section for details
            // Loop until the passive scan has finished
            while (true) {
                Thread.sleep(2000);
                api.pscan.recordsToScan();
                numberOfRecords = Integer.parseInt(((ApiResponseElement) api.pscan.recordsToScan()).getValue());
                System.out.println("Number of records left for scanning : " + numberOfRecords);
                if (numberOfRecords == 0) {
                    break;
                }
            }
            System.out.println("Passive Scan completed");

            // Print Passive scan results/alerts
            System.out.println("Alerts:");
            System.out.println(new String(api.core.xmlreport(), StandardCharsets.UTF_8));

        } catch (Exception e) {
            System.out.println("Exception : " + e.getMessage());
            e.printStackTrace();
        }
    }
}
#!/usr/bin/env python
import time
from pprint import pprint
from zapv2 import ZAPv2

apiKey = 'changeme'
target = 'https://public-firing-range.appspot.com'
zap = ZAPv2(apikey=apiKey, proxies={'http': 'http://127.0.0.1:8080', 'https': 'http://127.0.0.1:8080'})

# TODO : explore the app (Spider, etc) before using the Passive Scan API, Refer the explore section for details
while int(zap.pscan.records_to_scan) > 0:
    # Loop until the passive scan has finished
    print('Records to passive scan : ' + zap.pscan.records_to_scan)
    time.sleep(2)

print('Passive Scan completed')

# Print Passive scan results/alerts
print('Hosts: {}'.format(', '.join(zap.core.hosts)))
print('Alerts: ')
pprint(zap.core.alerts())
# To view the number of records left to be scanned
$ curl "http://localhost:8080/JSON/pscan/view/recordsToScan/?apikey=<ZAP_API_KEY>"

# To view the alerts of passive scan
$ curl "http://localhost:8080/JSON/core/view/alerts/?apikey=<ZAP_API_KEY>&baseurl=<TARGET_URL>&start=0&count=10"

All requests that are proxied through ZAP or initialised by tools like the Spider are passively scanned. You do not have to manually start the passive scan process, ZAP by default passively scans all HTTP and WebSocket messages (requests and responses)
which are sent to the application.

Passive scanning does not change the requests nor the responses in any way and is therefore safe to use. This is good for finding problems like missing security headers or missing anti CSRF tokens but is no good for finding vulnerabilities like XSS which require malicious requests to be sent - that's the job of the active scanner.

View the Status

As the records are passively scanned it will take additional time to complete the full scan. After the crawling is completed use the recordsToScan API to obtain the number of records left to be scanned. After the scanning has completed the alerts can be obtained via the alerts endpoint(s).

View the advanced section to know how to configure additional parameters of Passive Scan.

Using Active Scan

Active scanning attempts to find potential vulnerabilities by using known attacks against the selected targets. Active scanning is an attack on those targets. You should NOT use it on applications that you do not have permission to.

Start Active Scanner

public class ActiveScan {

    private static final int ZAP_PORT = 8080;
    private static final String ZAP_API_KEY = null;
    private static final String ZAP_ADDRESS = "localhost";
    private static final String TARGET = "https://public-firing-range.appspot.com";

    public static void main(String[] args) {

        ClientApi api = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY);

        try {
            // TODO : explore the app (Spider, etc) before using the Active Scan API, Refer the explore section
            System.out.println("Active Scanning target : " + TARGET);
            ApiResponse resp = api.ascan.scan(TARGET, "True", "False", null, null, null);
            String scanid;
            int progress;

            // The scan now returns a scan id to support concurrent scanning
            scanid = ((ApiResponseElement) resp).getValue();
            // Poll the status until it completes
            while (true) {
                Thread.sleep(5000);
                progress =
                        Integer.parseInt(
                                ((ApiResponseElement) api.ascan.status(scanid)).getValue());
                System.out.println("Active Scan progress : " + progress + "%");
                if (progress >= 100) {
                    break;
                }
            }

            System.out.println("Active Scan complete");
            // Print vulnerabilities found by the scanning
            System.out.println("Alerts:");
            System.out.println(new String(api.core.xmlreport(), StandardCharsets.UTF_8));

        } catch (Exception e) {
            System.out.println("Exception : " + e.getMessage());
            e.printStackTrace();
        }
    }
}
#!/usr/bin/env python
import time
from pprint import pprint
from zapv2 import ZAPv2

apiKey = 'changeme'
target = 'https://public-firing-range.appspot.com'
zap = ZAPv2(apikey=apiKey, proxies={'http': 'http://127.0.0.1:8080', 'https': 'http://127.0.0.1:8080'})

# TODO : explore the app (Spider, etc) before using the Active Scan API, Refer the explore section
print('Active Scanning target {}'.format(target))
scanID = zap.ascan.scan(target)
while int(zap.ascan.status(scanID)) < 100:
    # Loop until the scanner has finished
    print('Scan progress %: {}'.format(zap.ascan.status(scanID)))
    time.sleep(5)

print('Active Scan completed')
# Print vulnerabilities found by the scanning
print('Hosts: {}'.format(', '.join(zap.core.hosts)))
print('Alerts: ')
pprint(zap.core.alerts(baseurl=target))
# To start the the active scan
$ curl "http://localhost:8080/JSON/ascan/action/scan/?apikey=<ZAP_API_KEY>&url=<TARGET_URL>&recurse=true&inScopeOnly=&scanPolicyName=&method=&postData=&contextId="

# To view the the status of active scan
$ curl "http://localhost:8080/JSON/ascan/view/status/?apikey=<ZAP_API_KEY>&scanId=<SCAN_ID>"

# To view the alerts of active scan
$ curl "http://localhost:8080/JSON/core/view/alerts/?apikey=<ZAP_API_KEY>&baseurl=<TARGET_URL>&start=0&count=10"

# To stop the active scan
$ curl "http://localhost:8080/JSON/ascan/action/stop/?apikey=<ZAP_API_KEY>&scanId=<SCAN_ID>"

The scan endpoint runs the active scanner against the given URL or Context. Optionally, the 'recurse' parameter can be used to scan URLs under the given URL, the parameter 'inScopeOnly' can be used to constrain the scan to URLs that are in scope (ignored if a Context is specified). The parameter 'scanPolicyName' allows to specify the scan policy (if none is given it uses the default scan policy). The parameters 'method' and 'postData' allow to select a given request in conjunction with the given URL.

View advanced settings to learn, how to configure the context, scope, and scan policy with ZAP APIs.

View Status

The status API provides the percentage of scanning done by the active scanner. The scan ID returned via starting the Active Scan should be used to query the status of the scanner.

View Results

Similar to the passive scan results, the active scan results can be viewed using the same alerts endpoint(s). The alerts endpoint(s) will show the consolidated results of Passive and Active Scan.

Stop Active Scanning

Use the stop API to stop a long running active scan. Optionally you can use the stopAllScans endpoints or pause endpoint to stop and pause the active scanning.

It should be noted that active scanning can only find certain types of vulnerabilities. Logical vulnerabilities, such as broken access control, will not be found by any active or automated vulnerability scanning. Manual penetration testing should always be performed in addition to active scanning to find all types of vulnerabilities.

Getting the Results

#!/usr/bin/env python
from zapv2 import ZAPv2

# The URL of the application to be tested
target = 'https://public-firing-range.appspot.com'
# Change to match the API key set in ZAP, or use None if the API key is disabled
apiKey = 'changeMe'

# By default ZAP API client will connect to port 8080
zap = ZAPv2(apikey=apiKey)
# Use the line below if ZAP is not listening on port 8080, for example, if listening on port 8090
# zap = ZAPv2(apikey=apiKey, proxies={'http': 'http://127.0.0.1:8090', 'https': 'http://127.0.0.1:8090'})

# TODO: Check if the scanning has completed

# Retrieve the alerts using paging in case there are lots of them
st = 0
pg = 5000
alert_dict = {}
alert_count = 0
alerts = zap.alert.alerts(baseurl=target, start=st, count=pg)
blacklist = [1,2]
while len(alerts) > 0:
    print('Reading ' + str(pg) + ' alerts from ' + str(st))
    alert_count += len(alerts)
    for alert in alerts:
        plugin_id = alert.get('pluginId')
        if plugin_id in blacklist:
            continue
        if alert.get('risk') == 'High':
            # Trigger any relevant postprocessing
            continue
        if alert.get('risk') == 'Informational':
            # Ignore all info alerts - some of them may have been downgraded by security annotations
            continue
    st += pg
    alerts = zap.alert.alerts(start=st, count=pg)
print('Total number of alerts: ' + str(alert_count))
public class Alerts {

    private static final String ZAP_ADDRESS = "localhost";
    private static final int ZAP_PORT = 8080;
    // Change to match the API key set in ZAP, or use NULL if the API key is disabled
    private static final String ZAP_API_KEY = "change me";
    // The URL of the application to be tested
    private static final String TARGET = "https://public-firing-range.appspot.com";

    private static List<String> blackListPlugins = Arrays.asList("1000", "1025");


    public static void main(String[] args) {
        ClientApi api = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY);

        try {
            // TODO: Check if the scanning has completed

            // Retrieve the alerts using paging in case there are lots of them
            int start = 0;
            int count = 5000;
            int alertCount = 0;
            ApiResponse resp = api.alert.alerts(TARGET, String.valueOf(start), String.valueOf(count), null);

            while (((ApiResponseList) resp).getItems().size() != 0) {
                System.out.println("Reading " + count + " alerts from " + start);
                alertCount += ((ApiResponseList) resp).getItems().size();

                for (ApiResponse l : (((ApiResponseList) resp).getItems())) {

                    Map<String, ApiResponse> element = ((ApiResponseSet) l).getValuesMap();
                    if (blackListPlugins.contains(element.get("pluginId").toString())) {
                        // TODO: Trigger any relevant postprocessing
                    } else if ("High".equals(element.get("risk").toString())) {
                        // TODO: Trigger any relevant postprocessing
                    } else if ("Informational".equals(element.get("risk").toString())) {
                        // TODO: Ignore all info alerts - some of them may have been downgraded by security annotations
                    }
                }
                start += count;
                resp = api.alert.alerts(TARGET, String.valueOf(start), String.valueOf(count), null);
            }
            System.out.println("Total number of Alerts: " + alertCount);

        } catch (Exception e) {
            System.out.println("Exception : " + e.getMessage());
            e.printStackTrace();
        }
    }
}
# To view the alerts
$ curl "http://localhost:8080/JSON/alert/view/alerts/?apikey=<ZAP_API_KEY>&baseurl=<BASE_URL>&start=0&count=5000&riskId="

# To view the summary of the alerts
$ curl "http://localhost:8080/JSON/alert/view/alertsSummary/?apikey=<ZAP_API_KEY>baseurl=<BASE_URL>"

# To view alerts by risk category
$ curl "http://localhost:8080/JSON/alert/view/alertsByRisk/?apikey=<ZAP_API_KEY>&url=<BASE_URL>&recurse="

After the scanning (Active/Passive) completes, ZAP provides the security vulnerabilities in the form of alerts. The alerts are categorized into high-priority, medium-priority, low-priority and informational priority risks. The priority indicates the degree of risk associated with each alert. For example, a high priority risk means that the issues listed in that category has more threat or risk potential than a medium-priority alert.

The alerts endpoint provides all the alerts which are identified by ZAP. View the sample code on the right to retrieve the alerts from the alerts endpoint. The results can be used to raise security alerts in the CI/CD pipeline or to trigger any custom workflows.

alert_sample

The alerts summary gets the number of alerts grouped by each risk level and optionally filtering by URL. A Summary report can be also generated using the core module. Use the htmlreport or jsonreport or xmlreport endpoint to generate this summary report. The following image shows the report generated via the HTML report API. The report categories the alerts to risk level and provides a brief description about each alert.

html report

Getting Authenticated

The target application for testing might have a portion of the functionality that is only available for a logged-in user. In order to get full test coverage of the application you need to test the application with a logged-in user as well. Therefore it's very important to understand how to perform authenticated scans with ZAP. ZAP has several means to authenticate your application and keep track of the authentication state. The following are some of the options available for authentication with ZAP.

The examples below show three authentication workflows. A simple form-based authentication is showcased with the use of the Bodgeit application. The second example shows the script-based authentication using the Damn Vulnerable Web Application(DVWA). The third example shows a more complicated authentication workflow using the JSON and script-based authentication using the OWASP Juice Shop.

General Steps

The following are the general steps when configuring the application authentication with ZAP.

Step 1. Define a context

Contexts are a way of relating a set of URLs together. The URLs are defined as a set of regular expressions (regex). You should include the target application inside the context. The unwanted URLs such as the logout page, password change functionality should be added to the exclude in context section.

Step 2. Set the authentication mechanism

Choose the appropriate login mechanism for your application. If your application supports a simple form-based login, then choose the form-based authentication method. For complex login workflows, you can use the script-based login to define custom authentication workflows.

Step 3. Define your auth parameters

In general, you need to provide the settings on how to communicate to the authentication service of your application. In general, the settings would include the login URL and payload format (username & password). The required parameters will be different for different authentication methods.

Step 4. Set relevant logged in/out indicators

ZAP additionally needs hints to identify whether the application is authenticated or not. To verify the authentication status, ZAP supports logged in/out regexes. These are regex patterns that you should configure to match strings in the responses which indicate if the user is logged in or logged out.

Step 5. Add a valid user and password

Add a user account (an existing user in your application) with valid credentials in ZAP. You can create multiple users if your application exposes different functionality based on user roles. Additionally, you should also set valid session management when configuring the authentication for your application. Currently, ZAP supports cookie-based session management and HTTP authentication based session management.

Step 6. Enable forced user mode (Optional)

Now enable the "Forced User Mode disabled - click to enable" button. Pressing this button will cause ZAP to resend the authentication request whenever it detects that the user is no longer logged in, ie by using the 'logged in' or 'logged out' indicator. But the forced user mode is ignored for scans that already have a user set.

Form Based Authentication

#!/usr/bin/env python
import urllib.parse
from zapv2 import ZAPv2

context_id = 1
apikey = 'changeMe'
context_name = 'Default Context'
target_url = 'http://localhost:8090/bodgeit'

# By default ZAP API client will connect to port 8080
zap = ZAPv2(apikey=apikey)


# Use the line below if ZAP is not listening on port 8080, for example, if listening on port 8090
# zap = ZAPv2(apikey=apikey, proxies={'http': 'http://127.0.0.1:8090', 'https': 'http://127.0.0.1:8090'})

def set_include_in_context():
    exclude_url = 'http://localhost:8090/bodgeit/logout.jsp'
    include_url = 'http://localhost:8090/bodgeit.*'
    zap.context.include_in_context(context_name, include_url)
    zap.context.exclude_from_context(context_name, exclude_url)
    print('Configured include and exclude regex(s) in context')


def set_logged_in_indicator():
    logged_in_regex = '\Q<a href="logout.jsp">Logout</a>\E'
    zap.authentication.set_logged_in_indicator(context_id, logged_in_regex)
    print('Configured logged in indicator regex: ')


def set_form_based_auth():
    login_url = 'http://localhost:8090/bodgeit/login.jsp'
    login_request_data = 'username={%username%}&password={%password%}'
    form_based_config = 'loginUrl=' + urllib.parse.quote(login_url) + '&loginRequestData=' + urllib.parse.quote(login_request_data)
    zap.authentication.set_authentication_method(context_id, 'formBasedAuthentication', form_based_config)
    print('Configured form based authentication')


def set_user_auth_config():
    user = 'Test User'
    username = '[email protected]'
    password = 'weakPassword'

    user_id = zap.users.new_user(context_id, user)
    user_auth_config = 'username=' + urllib.parse.quote(username) + '&password=' + urllib.parse.quote(password)
    zap.users.set_authentication_credentials(context_id, user_id, user_auth_config)
    zap.users.set_user_enabled(context_id, user_id, 'true')
    zap.forcedUser.set_forced_user(context_id, user_id)
    zap.forcedUser.set_forced_user_mode_enabled('true')
    print('User Auth Configured')
    return user_id


def start_spider(user_id):
    zap.spider.scan_as_user(context_id, user_id, target_url, recurse='true')
    print('Started Scanning with Authentication')


set_include_in_context()
set_form_based_auth()
set_logged_in_indicator()
user_id_response = set_user_auth_config()
start_spider(user_id_response)

public class FormAuth {

    private static final String ZAP_ADDRESS = "localhost";
    private static final int ZAP_PORT = 8080;
    private static final String ZAP_API_KEY = null;
    private static final String contextId = "1";
    private static final String contextName = "Default Context";
    private static final String target = "http://localhost:8090/bodgeit";

    private static void setIncludeAndExcludeInContext(ClientApi clientApi) throws UnsupportedEncodingException, ClientApiException {
        String includeInContext = "http://localhost:8090/bodgeit.*";
        String excludeInContext = "http://localhost:8090/bodgeit/logout.jsp";

        clientApi.context.includeInContext(contextName, includeInContext);
        clientApi.context.excludeFromContext(contextName, excludeInContext);
    }


    private static void setLoggedInIndicator(ClientApi clientApi) throws UnsupportedEncodingException, ClientApiException {
        // Prepare values to set, with the logged in indicator as a regex matching the logout link
        String loggedInIndicator = "<a href=\"logout.jsp\">Logout</a>";

        // Actually set the logged in indicator
        clientApi.authentication.setLoggedInIndicator(contextId, java.util.regex.Pattern.quote(loggedInIndicator));

        // Check out the logged in indicator that is set
        System.out.println("Configured logged in indicator regex: "
                + ((ApiResponseElement) clientApi.authentication.getLoggedInIndicator(contextId)).getValue());
    }

    private static void setFormBasedAuthenticationForBodgeit(ClientApi clientApi) throws ClientApiException,
            UnsupportedEncodingException {
        // Setup the authentication method

        String loginUrl = "http://localhost:8090/bodgeit/login.jsp";
        String loginRequestData = "username={%username%}&password={%password%}";

        // Prepare the configuration in a format similar to how URL parameters are formed. This
        // means that any value we add for the configuration values has to be URL encoded.
        StringBuilder formBasedConfig = new StringBuilder();
        formBasedConfig.append("loginUrl=").append(URLEncoder.encode(loginUrl, "UTF-8"));
        formBasedConfig.append("&loginRequestData=").append(URLEncoder.encode(loginRequestData, "UTF-8"));

        System.out.println("Setting form based authentication configuration as: "
                + formBasedConfig.toString());
        clientApi.authentication.setAuthenticationMethod(contextId, "formBasedAuthentication",
                formBasedConfig.toString());

        // Check if everything is set up ok
        System.out
                .println("Authentication config: " + clientApi.authentication.getAuthenticationMethod(contextId).toString(0));
    }

    private static String setUserAuthConfigForBodgeit(ClientApi clientApi) throws ClientApiException, UnsupportedEncodingException {
        // Prepare info
        String user = "Test User";
        String username = "[email protected]";
        String password = "weakPassword";

        // Make sure we have at least one user
        String userId = extractUserId(clientApi.users.newUser(contextId, user));

        // Prepare the configuration in a format similar to how URL parameters are formed. This
        // means that any value we add for the configuration values has to be URL encoded.
        StringBuilder userAuthConfig = new StringBuilder();
        userAuthConfig.append("username=").append(URLEncoder.encode(username, "UTF-8"));
        userAuthConfig.append("&password=").append(URLEncoder.encode(password, "UTF-8"));

        System.out.println("Setting user authentication configuration as: " + userAuthConfig.toString());
        clientApi.users.setAuthenticationCredentials(contextId, userId, userAuthConfig.toString());
        clientApi.users.setUserEnabled(contextId, userId, "true");
        clientApi.forcedUser.setForcedUser(contextId, userId);
        clientApi.forcedUser.setForcedUserModeEnabled(true);

        // Check if everything is set up ok
        System.out.println("Authentication config: " + clientApi.users.getUserById(contextId, userId).toString(0));
        return userId;
    }

    private static String extractUserId(ApiResponse response) {
        return ((ApiResponseElement) response).getValue();
    }

    private static void scanAsUser(ClientApi clientApi, String userId) throws ClientApiException {
        clientApi.spider.scanAsUser(contextId, userId, target, null, "true", null);
    }

    /**
     * The main method.
     *
     * @param args the arguments
     * @throws ClientApiException
     * @throws UnsupportedEncodingException
     */
    public static void main(String[] args) throws ClientApiException, UnsupportedEncodingException {
        ClientApi clientApi = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY);

        setIncludeAndExcludeInContext(clientApi);
        setFormBasedAuthenticationForBodgeit(clientApi);
        setLoggedInIndicator(clientApi);
        String userId = setUserAuthConfigForBodgeit(clientApi);
        scanAsUser(clientApi, userId);
    }
}
# To include in default context
curl 'http://localhost:8080/JSON/context/action/includeInContext/?contextName=Default+Context&regex=http%3A%2F%2Flocalhost%3A8090%2Fbodgeit.*'

# Set login details (URL Encoded)
curl 'http://localhost:8080/JSON/authentication/action/setAuthenticationMethod/?contextId=1&authMethodName=formBasedAuthentication&authMethodConfigParams=loginUrl%3Dhttp%3A%2F%2Flocalhost%3A8090%2Fbodgeit%2Flogin.jsp%26loginRequestData%3Dusername%253D%257B%2525username%2525%257D%2526password%253D%257B%2525password%2525%257D'

# To set the login indicator
curl 'http://localhost:8080/JSON/authentication/action/setLoggedInIndicator/?contextId=1&loggedInIndicatorRegex=%5CQ%3Ca+href%3D%22logout.jsp%22%3ELogout%3C%2Fa%3E%5CE'

# To create a user (The first user id is: 0)
curl 'http://localhost:8080/JSON/users/action/newUser/?contextId=1&name=Test+User'

# To add the credentials for the user
curl 'http://localhost:8080/JSON/users/action/setAuthenticationCredentials/?contextId=1&userId=0&authCredentialsConfigParams=username%3Dtest%40example.com%26password%3DweakPassword'

# To enable the user
curl 'http://localhost:8080/JSON/users/action/setUserEnabled/?contextId=1&userId=0&enabled=true'

# To set forced user
curl 'http://localhost:8080/JSON/forcedUser/action/setForcedUser/?contextId=1&userId=0'

# To enable forced user mode
curl 'http://localhost:8080/JSON/forcedUser/action/setForcedUserModeEnabled/?boolean=true'

The following example performs a simple form-based authentication using the Bodgeit vulnerable application. It's recommended that you configure the authentication via the desktop UI before attempting the APIs.

Setup Target Application

Bodgeit uses a simple form-based authentication to authenticate the users to the application. Use the following command to start a docker instance of the Bodgeit application: docker run --rm -p 8090:8080 -i -t psiinon/bodgeit

Register a User

Register a user in the application by navigating to the following URL: http://localhost:8090/bodgeit/register.jsp. For the purpose of this example, use the following credentials.

Login

After registering the user, browse (proxied via ZAP) to the following URL (http://localhost:8090/bodgeit/login.jsp), and log in to the application. When you log in to the application, the request will be added to the History tab in ZAP. Search for the POST request to the following URL: http://localhost:8090/bodgeit/login.jsp. Right-click on the post request, and select Flag as Context -> Default Context : Form based Login Request option. This will open the context authentication editor. You can notice it has auto-selected the form-based authentication, auto-filled the login URL, and the post data. Select the correct form parameter as the username and password in the dropdown and click Ok.

Now you need to inform ZAP whether the application is logged in or out. The Bodgeit application includes the logout URL <a href="logout.jsp">Logout</a> as the successful response. You can view this by navigating to the response tab of the login request. Highlight the text and right click and select the Flag as Context -> Default Context, Loggedin Indicator option. This will autofill the regex needed for the login indicator. The following image shows the completed set up for the authentication tab of the context menu.

auth

Now let's add the user credentials by going to the context -> users -> Add section. After adding the credentials, enable the "Forced User" mode in the desktop UI to forcefully authenticate the user prior to the testing of the application.

Now let's test the authentication by performing an authenticated Spidering with ZAP. To accomplish this, go to the Spider and select the default context and the test user to perform the authentication. After this, you should see the Spider crawling all the protected resources.

Steps to Reproduce via API

If you have configured the authentication via the desktop UI, then export the context and import it using the importContext API. Otherwise follow the steps below to configure the authentication setting for the context.

Include in Context

In order to proceed with authentication, the URL of the application should be added to the context. As Bodgeit is available via http://localhost:8090/bodgeit use the includeInContext API to add the URL to a context.

Set Authentication Method

Use the setAuthenticationMethod to set up the authentication method and the configuration parameters. The setAuthenticationMethod takes contextId, authMethodName, and authMethodConfigParams as parameters. As Bodgeit uses the form-based authentication, use formBasedAuthentication for the authMethodName and use the contextID from Step 1 as the contextId parameter.

The authMethodConfigParams requires the loginUrl and loginRequestData. Therefore you should set the values to authMethodConfigParams in the following format:

authMethodConfigParams : loginUrl=http://localhost:8090/bodgeit/login.jsp&loginRequestData=username%3D%7B%25username%25%7D%26password%3D%7B%25password%25%7D

The values for authMethodConfigParams parameters must be URL encoded, in this case loginRequestData is username={%username%}&password={%password%}.

Set Login and Logout Indicators

Use the setLoggedOutIndicator to set the logout indicators of the application. The Following is the regex command to match the successful response with the Bodgeit application. \Q<a href=\"logout.jsp\"></a>\E

Create User and Enable Forced User Mode

Now add the user credentials via the setAuthenticationCredentials API and use the SetForcedUserModeEnabled to enable the forced user mode in ZAP.

Script Based Authentication

#!/usr/bin/env python
import urllib.parse
from zapv2 import ZAPv2

context_id = 1
apikey = 'changeMe'
context_name = 'Default Context'
target_url = 'http://localhost:3000'

# By default ZAP API client will connect to port 8080
zap = ZAPv2(apikey=apikey)

# Use the line below if ZAP is not listening on port 8080, for example, if listening on port 8090
# zap = ZAPv2(apikey=apikey, proxies={'http': 'http://127.0.0.1:8090', 'https': 'http://127.0.0.1:8090'})


def set_include_in_context():
    include_url = 'http://localhost:3000.*'

    zap.context.include_in_context(context_name, include_url)

    zap.context.exclude_from_context(context_name, '\\Qhttp://localhost:3000/login.php\\E')
    zap.context.exclude_from_context(context_name, '\\Qhttp://localhost:3000/logout.php\\E')
    zap.context.exclude_from_context(context_name, '\\Qhttp://localhost:3000/setup.php\\E')
    zap.context.exclude_from_context(context_name, '\\Qhttp://localhost:3000/security.php\\E')
    print('Configured include and exclude regex(s) in context')


def set_logged_in_indicator():

    logged_in_regex = "\\Q<a href=\"logout.php\">Logout</a>\\E"
    logged_out_regex = "(?:Location: [./]*login\\.php)|(?:\\Q<form action=\"login.php\" method=\"post\">\\E)"

    zap.authentication.set_logged_in_indicator(context_id, logged_in_regex)
    zap.authentication.set_logged_out_indicator(context_id, logged_out_regex)
    print('Configured logged in indicator regex ')


def set_script_based_auth():
    post_data = "username={%username%}&password={%password%}" + "&Login=Login&user_token={%user_token%}"
    post_data_encoded = urllib.parse.quote(post_data)
    login_request_data = "scriptName=auth-dvwa.js&Login_URL=http://localhost:3000/login.php&CSRF_Field=user_token" \
                         "&POST_Data=" + post_data_encoded

    zap.authentication.set_authentication_method(context_id, 'scriptBasedAuthentication', login_request_data)
    print('Configured script based authentication')


def set_user_auth_config():
    user = 'Administrator'
    username = 'admin'
    password = 'password'

    user_id = zap.users.new_user(context_id, user)
    user_auth_config = 'Username=' + urllib.parse.quote(username) + '&Password=' + urllib.parse.quote(password)
    zap.users.set_authentication_credentials(context_id, user_id, user_auth_config)
    zap.users.set_user_enabled(context_id, user_id, 'true')
    zap.forcedUser.set_forced_user(context_id, user_id)
    zap.forcedUser.set_forced_user_mode_enabled('true')
    print('User Auth Configured')
    return user_id


def upload_script():
    script_name = 'auth-dvwa.js'
    script_type = 'authentication'
    script_engine = 'Oracle Nashorn'
    file_name = '/tmp/auth-dvwa.js'
    charset = 'UTF-8'
    zap.script.load(script_name, script_type, script_engine, file_name, charset=charset)


def start_spider(user_id):
    zap.spider.scan_as_user(context_id, user_id, target_url, recurse='true')
    print('Started Scanning with Authentication')


set_include_in_context()
upload_script()
set_script_based_auth()
set_logged_in_indicator()
user_id_response = set_user_auth_config()
start_spider(user_id_response)
public class ScriptAuth {

    private static final String ZAP_ADDRESS = "localhost";
    private static final int ZAP_PORT = 8080;
    private static final String ZAP_API_KEY = null;
    private static final String contextId = "1";
    private static final String contextName = "Default Context";
    private static final String target = "http://localhost:3000";
    private static void setIncludeAndExcludeInContext(ClientApi clientApi) throws UnsupportedEncodingException, ClientApiException {
        String includeInContext = "http://localhost:3000.*";
        clientApi.context.includeInContext(contextName, includeInContext);
        clientApi.context.excludeFromContext(contextName, "\\Qhttp://localhost:3000/login.php\\E");
        clientApi.context.excludeFromContext(contextName, "\\Qhttp://localhost:3000/logout.php\\E");
        clientApi.context.excludeFromContext(contextName, "\\Qhttp://localhost:3000/setup.php\\E");
        clientApi.context.excludeFromContext(contextName, "\\Qhttp://localhost:3000/security.php\\E");
    }
    private static void setLoggedInIndicator(ClientApi clientApi) throws UnsupportedEncodingException, ClientApiException {
        // Prepare values to set, with the logged in indicator as a regex matching the logout link
        String loggedInIndicator = "\\Q<a href=\"logout.php\">Logout</a>\\E";
        String loggedOutIndicator = "(?:Location: [./]*login\\.php)|(?:\\Q<form action=\"login.php\" method=\"post\">\\E)";
        // Actually set the logged in indicator
        clientApi.authentication.setLoggedInIndicator( contextId, loggedInIndicator);
        clientApi.authentication.setLoggedOutIndicator( contextId, loggedOutIndicator);
        // Check out the logged in indicator that is set
        System.out.println("Configured logged in indicator regex: "
                + ((ApiResponseElement) clientApi.authentication.getLoggedInIndicator(contextId)).getValue());
    }
    private static void setScriptBasedAuthenticationForDVWA(ClientApi clientApi) throws ClientApiException,
            UnsupportedEncodingException {
        String postData = "username={%username%}&password={%password%}" + "&Login=Login&user_token={%user_token%}";
        String postDataEncode = URLEncoder.encode(postData, "UTF-8");
        String sb = ("scriptName=auth-dvwa.js&Login_URL=http://localhost:3000/login.php&CSRF_Field=user_token&")
                .concat("POST_Data=").concat(postDataEncode);

        clientApi.authentication.setAuthenticationMethod(contextId, "scriptBasedAuthentication", sb.toString());
        System.out.println("Authentication config: " + clientApi.authentication.getAuthenticationMethod(contextId).toString(0));
    }
    private static String setUserAuthConfigForDVWA(ClientApi clientApi) throws ClientApiException, UnsupportedEncodingException {
        // Prepare info
        String user = "Admin";
        String username = "admin";
        String password = "password";

        // Make sure we have at least one user
        String userId = extractUserId(clientApi.users.newUser(contextId, user));

        // Prepare the configuration in a format similar to how URL parameters are formed. This
        // means that any value we add for the configuration values has to be URL encoded.
        StringBuilder userAuthConfig = new StringBuilder();
        userAuthConfig.append("Username=").append(URLEncoder.encode(username, "UTF-8"));
        userAuthConfig.append("&Password=").append(URLEncoder.encode(password, "UTF-8"));

        System.out.println("Setting user authentication configuration as: " + userAuthConfig.toString());
        clientApi.users.setAuthenticationCredentials(contextId, userId, userAuthConfig.toString());
        clientApi.users.setUserEnabled(contextId, userId, "true");
        clientApi.forcedUser.setForcedUser(contextId, userId);
        clientApi.forcedUser.setForcedUserModeEnabled(true);

        // Check if everything is set up ok
        System.out.println("Authentication config: " + clientApi.users.getUserById(contextId, userId).toString(0));
        return userId;
    }
    private static void uploadScript(ClientApi clientApi) throws ClientApiException {
        String script_name = "auth-dvwa.js";
        String script_type = "authentication";
        String script_engine = "Oracle Nashorn";
        String file_name = "/tmp/auth-dvwa.js";
        clientApi.script.load(script_name, script_type, script_engine, file_name, null);
    }
    private static String extractUserId(ApiResponse response) {
        return ((ApiResponseElement) response).getValue();
    }
    private static void scanAsUser(ClientApi clientApi, String userId) throws ClientApiException {
        clientApi.spider.scanAsUser(contextId, userId, target, null, "true", null);
    }
    /**
     * The main method.
     *
     * @param args the arguments
     * @throws ClientApiException
     * @throws UnsupportedEncodingException
     */
    public static void main(String[] args) throws ClientApiException, UnsupportedEncodingException {
        ClientApi clientApi = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY);
        uploadScript(clientApi);
        setIncludeAndExcludeInContext(clientApi);
        setScriptBasedAuthenticationForDVWA(clientApi);
        setLoggedInIndicator(clientApi);
        String userId = setUserAuthConfigForDVWA(clientApi);
        scanAsUser(clientApi, userId);
    }
}

# To add in default context
curl 'http://localhost:8080/JSON/context/action/includeInContext/?contextName=Default+Context&regex=http%3A%2F%2Flocalhost%3A3000.*'

# To add exclude in context
curl 'http://localhost:8080/JSON/context/action/excludeFromContext/?contextName=Default+Context&regex=%5CQhttp%3A%2F%2Flocalhost%3A3000%2Flogout.php%5CE'

# To upload the script
curl 'http://localhost:8080/JSON/script/action/load/?scriptName=auth-dvwa.js&scriptType=authentication&scriptEngine=Oracle+Nashorn&fileName=%2Ftmp%2Fauth-dvwa.js&scriptDescription=&charset='

# To set up authentication information
curl 'http://localhost:8080/JSON/authentication/action/setAuthenticationMethod/?contextId=1&authMethodName=scriptBasedAuthentication&authMethodConfigParams=scriptName%3Dauth-dvwa.js%26Login_URL%3Dhttp%3A%2F%2Flocalhost%3A3000%2Flogin.php%26CSRF_Field%3Duser_token%26POST_Data%3Dusername%253D%257B%2525username%2525%257D%2526password%253D%257B%2525password%2525%257D%2526Login%253DLogin%2526user_token%253D%257B%2525user_token%2525%257D'

# To set the login indicator
curl 'http://localhost:8080/JSON/authentication/action/setLoggedInIndicator/?contextId=1&loggedInIndicatorRegex=%5CQ%3Ca+href%3D%5C%22logout.php%5C%22%3ELogout%3C%2Fa%3E%5CE'

# To set logged out indicator
curl 'http://localhost:8080/JSON/authentication/action/setLoggedOutIndicator/?contextId=1&loggedOutIndicatorRegex=%28%3F%3ALocation%3A+%5B.%2F%5D*login%5C.php%29%7C%28%3F%3A%5CQ%3Cform+action%3D%22login.php%22+method%3D%22post%22%3E%5CE%29'

# To create a user (The first user id is: 0)
curl 'http://localhost:8080/JSON/users/action/newUser/?contextId=1&name=Test+User'

# To add the credentials for the user
curl 'http://localhost:8080/JSON/users/action/setAuthenticationCredentials/?contextId=1&userId=0&authCredentialsConfigParams=Username%3Dadmin%26Password%3Dpassword'

# To enable the user
curl 'http://localhost:8080/JSON/users/action/setUserEnabled/?contextId=1&userId=0&enabled=true'

# To set forced user
curl 'http://localhost:8080/JSON/forcedUser/action/setForcedUser/?contextId=1&userId=0'

# To enable forced user mode
curl 'http://localhost:8080/JSON/forcedUser/action/setForcedUserModeEnabled/?boolean=true'

ZAP has scripting support for most of the popular languages. The following are some of the scripting languages supported by ZAP.

ZAP has an Add-on Marketplace where you can get add-ons for additional scripting engines. Click the red, blue, & green box stacked icon in ZAP to bring up the marketplace modal. After it pops up, switch to the Marketplace and install the appropriate scripting engine.

The following example performs a script based authentication for the Damn Vulnerable Web Application. Similar to the Bodgeit example DVWA also uses POST request to authenticate the users. But apart from username and password DVWA sends an additional token to protect against the Cross-Site request forgery attacks. This token is obtained from the landing page. The following image shows the embedded token in the login page.

csrf_token

If the token is not included with the login script as a POST parameter, the request will be rejected. In order to send this token, lets use the script based authentication technique. The authentication script will parse the HTML content and extract the token and append it in the POST request.

Setup Target Application

Use the following docker command to start the DVWA. In order to fully complete the setup you need to login (http://localhost:3000) to the application and press the configure button. Use the default credentials of the application to login and finish the setup (Username: admin, Password: password).

docker run --rm -it -p 3000:80 vulnerables/web-dvwa

Create the Script

Go to the Scripts tab and create a new Authentication script. Provide a name to the script and select JavaScript/Nashorn as the engine and replace the script contents with the following script.

script_tab

Configure Context Authentication

Now navigate to http://localhost:3000 and add the URL to the default context. Then double click on the default context and select the script-based authentication as the authentication method. Now load the script from the drop down provided and the following parameter values.

context_auth

Now add the default admin user to the users tab and enable the user.

As the login operation is performed by the script lets add the login URL as out of context. Additionally you should add pages which will disrupt the login process to out of context. For example, by not excluding the logout URL, the Spider will trigger unwanted logouts (ex.: logoff/password change, etc.). Therefore, add the following regex(s) to the "Exclude from Context" tab.

Now you can enable the forced user mode and start the Spider or manually select the admin user for the Spider scan. If you have selected the forced user mode and also manually selected a user; then the manually selected user/context will supersede the forced user mode. After this you should see the Spider crawling all the protected resources. The authentication results will be available through the Output panel and you can also select the login POST request in the History tab to verify the token has been sent to the application.

Steps to Reproduce via API

Use the scripts endpoint to upload the script file. Thereafter the configurations are very similar to the form based authentication with the Bodgeit application. Use the includeInContext API to add the URL to the default context and use the setAuthenticationMethod to setup the authentication method and the configuration parameters. Finally use the users API to create the admin user. Refer the script in the right column on how to use the above APIs.

JSON Based Authentication


#!/usr/bin/env python
import urllib.parse
from zapv2 import ZAPv2

context_id = 1
apiKey = 'changeMe'
context_name = 'Default Context'
target_url = 'http://localhost:3000'

# By default ZAP API client will connect to port 8080
zap = ZAPv2(apikey=apiKey)

# Use the line below if ZAP is not listening on port 8080, for example, if listening on port 8090
# zap = ZAPv2(apikey=apiKey, proxies={'http': 'http://127.0.0.1:8090', 'https': 'http://127.0.0.1:8090'})


def set_include_in_context():
    include_url = 'http://localhost:3000.*'
    zap.context.include_in_context(context_name, include_url)
    print('Configured include and exclude regex(s) in context')


def set_logged_in_indicator():
    logged_in_regex = '\Q<a href="logout.php">Logout</a>\E'
    logged_out_regex = '(?:Location: [./]*login\.php)|(?:\Q<form action="login.php" method="post">\E)'

    zap.authentication.set_logged_in_indicator(context_id, logged_in_regex)
    zap.authentication.set_logged_out_indicator(context_id, logged_out_regex)
    print('Configured logged in indicator regex: ')


def set_json_based_auth():
    login_url = "http://localhost:3000/rest/user/login"
    login_request_data = 'email={%username%}&password={%password%}'

    json_based_config = 'loginUrl=' + urllib.parse.quote(login_url) + '&loginRequestData=' + urllib.parse.quote(login_request_data)
    zap.authentication.set_authentication_method(context_id, 'jsonBasedAuthentication', json_based_config)
    print('Configured form based authentication')


def set_user_auth_config():
    user = 'Test User'
    username = '[email protected]'
    password = 'testtest'

    user_id = zap.users.new_user(context_id, user)
    user_auth_config = 'username=' + urllib.parse.quote(username) + '&password=' + urllib.parse.quote(password)
    zap.users.set_authentication_credentials(context_id, user_id, user_auth_config)


def add_script():
    script_name = 'jwtScript.js'
    script_type = 'httpsender'
    script_engine = 'Oracle Nashorn'
    file_name = '/tmp/jwtScript.js'
    zap.script.load(script_name, script_type, script_engine, file_name)


set_include_in_context()
add_script()
set_json_based_auth()
set_logged_in_indicator()
set_user_auth_config()
public class JSONAuth {

    private static final String ZAP_ADDRESS = "localhost";
    private static final int ZAP_PORT = 8090;
    private static final String ZAP_API_KEY = null;
    private static final String contextId = "1";
    private static final String target = "http://localhost:3000";

    private static void setJSONBasedAuthentication(ClientApi clientApi) throws ClientApiException, UnsupportedEncodingException {
        String loginUrl = "http://localhost:3000/rest/user/login";
        String loginRequestData = "username={%username%}&password={%password%}";

        // Prepare the configuration in a format similar to how URL parameters are formed. This
        // means that any value we add for the configuration values has to be URL encoded.
        StringBuilder jsonBasedConfig = new StringBuilder();
        jsonBasedConfig.append("loginUrl=").append(URLEncoder.encode(loginUrl, "UTF-8"));
        jsonBasedConfig.append("&loginRequestData=").append(URLEncoder.encode(loginRequestData, "UTF-8"));

        System.out.println("Setting JSON based authentication configuration as: " + jsonBasedConfig.toString());
        clientApi.authentication.setAuthenticationMethod(contextId, "jsonBasedAuthentication", jsonBasedConfig.toString());

        // Check if everything is set up ok
        System.out.println("Authentication config: " + clientApi.authentication.getAuthenticationMethod(contextId).toString(0));
    }

    private static String setUserAuthConfig(ClientApi clientApi) throws ClientApiException, UnsupportedEncodingException {
        // Prepare info
        String user = "Test User";
        String username = "[email protected]";
        String password = "testtest";

        // Make sure we have at least one user
        String userId = extractUserId(clientApi.users.newUser(contextId, user));

        // Prepare the configuration in a format similar to how URL parameters are formed. This
        // means that any value we add for the configuration values has to be URL encoded.
        StringBuilder userAuthConfig = new StringBuilder();
        userAuthConfig.append("username=").append(URLEncoder.encode(username, "UTF-8"));
        userAuthConfig.append("&password=").append(URLEncoder.encode(password, "UTF-8"));

        System.out.println("Setting user authentication configuration as: " + userAuthConfig.toString());
        clientApi.users.setAuthenticationCredentials(contextId, userId, userAuthConfig.toString());
        clientApi.users.setUserEnabled(contextId, userId, "true");
        clientApi.forcedUser.setForcedUser(contextId, userId);
        clientApi.forcedUser.setForcedUserModeEnabled(true);

        // Check if everything is set up ok
        System.out.println("Authentication config: " + clientApi.users.getUserById(contextId, userId).toString(0));
        return userId;
    }

    private static void addScript(ClientApi clientApi) throws ClientApiException {

        String script_name = "jwtScript.js";
        String script_type = "httpsender";
        String script_engine = "Oracle Nashorn";
        String file_name = "/tmp/authscript.js";

        clientApi.script.load(script_name, script_type, script_engine, file_name, null);
    }

    private static void scanAsUser(ClientApi clientApi, String userId) throws ClientApiException {
        clientApi.spider.scanAsUser(contextId, userId, target, null, "true", null);
    }

    private static String extractUserId(ApiResponse response) {
        return ((ApiResponseElement) response).getValue();
    }

    /**
     * The main method.
     *
     * @param args the arguments
     * @throws ClientApiException
     * @throws UnsupportedEncodingException
     */
    public static void main(String[] args) throws ClientApiException, UnsupportedEncodingException {
        ClientApi clientApi = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY);

        addScript(clientApi);
        setJSONBasedAuthentication(clientApi);
        String userId = setUserAuthConfig(clientApi);
        scanAsUser(clientApi, userId);
    }
}

# To add the script
curl 'http://localhost:8080/JSON/script/action/load/?scriptName=authscript.js&scriptType=authentication&scriptEngine=Oracle+Nashorn&fileName=%2Ftmp%2Fauthscript.js&scriptDescription=&charset=UTF-8'

# To set up authentication information
curl 'http://localhost:8080/JSON/authentication/action/setAuthenticationMethod/?contextId=1&authMethodName=scriptBasedAuthentication&authMethodConfigParams=scriptName%3Dauthscript.js%26Login+URL%3Dhttp%3A%2F%2Flocalhost%3A3000%2Flogin.php%26CSRF+Field%3Duser_token%26POST+Data%3Dusername%3D%7B%25username%25%7D%26password%3D%7B%25password%25%7D%26Login%3DLogin%26user_token%3D%7B%25user_token%25%7D'

# To set the login indicator
curl 'http://localhost:8080/JSON/authentication/action/setLoggedInIndicator/?contextId=1&loggedInIndicatorRegex=%5CQ%3Ca+href%3D%22logout.jsp%22%3ELogout%3C%2Fa%3E%5CE'

# To create a user (The first user id is: 0)
curl 'http://localhost:8080/JSON/users/action/newUser/?contextId=1&name=Test+User'

# To add the credentials for the user
curl 'http://localhost:8080/JSON/users/action/setAuthenticationCredentials/?contextId=1&userId=0&authCredentialsConfigParams=username%3Dtest%40example.com%26password%3DweakPassword'

# To enable the user
curl 'http://localhost:8080/JSON/users/action/setUserEnabled/?contextId=1&userId=0&enabled=true'

# To set forced user
curl 'http://localhost:8080/JSON/forcedUser/action/setForcedUser/?contextId=1&userId=0'

# To enable forced user mode
curl 'http://localhost:8080/JSON/forcedUser/action/setForcedUserModeEnabled/?boolean=true'

The following example performs a script based authentication for the OWASP Juice Shop. Juice Shop is a modern application and it contrary to the previous examples the protected resources are accessed by sending an authorization header(JSON web token).

Setup Target Application

Use the following docker command to start the OWASP Juice Shop.

docker run -d -p 3000:3000 bkimminich/juice-shop

Register User

Register a user in the application by navigating to the following URL: http://localhost:3000/#/register. For the purpose of this example, use the following information.

Login

After registering the user, browse (proxied via ZAP) to the following URL (http://localhost:3000/#/login) and login to the application. When you login to the application the request will be added to the History tab in ZAP. Search for the POST request to the following URL: http://localhost:3000/rest/user/login. Right-click on the POST request, and select Flag as Context -> Default Context : JSON-based Auth Login Request option. This will open the context authentication editor. You can notice it has auto selected the JSON-based authentication, auto-filled the login URL and the post data. Select the correct JSON attribute as the username and password in the dropdown and click Ok. The following image shows the completed setup for the authentication tab of the context menu.

json based authentication

Exit the context editor and go back to the login request. You will notice in the login response headers there is no set cookie. In the response body you will find the response data.

The request that follows is GET http://localhost:3000/rest/user/whoami which you will notice has a header called Authorization which uses the token from the response body of the login request. In body of the response, you should see some info about your user: {"user":{"id":1,"email":"[email protected]"}}. If you visit that url directly, with your browser, the content of the page is {"user":{}} - the Authorization header is not added to request and it is not authenticated.

This request is initiated as a client side AJAX request using a spec called JWT. Currently ZAP doesn't have a notion of the Authorization header for sessions so this is where ZAPs scripting engine will come into play! With ZAP's scripting engine, we can easily add to or augment it's functionality.

Add the Script

Now in the left sidebar next to the Sites click + to add Scripts. This will bring into focus in the sidebar. Drill into Scripting > Scripts > HTTP Sender. Then right click on the HTTP Sender and with that context menu click New Script. Name the script jwtScript.js and set the Script Engine to ECMAScript (do not check the box that says enable).

json authentication script

Now that we have that script setup, let's test it out! Go ahead and visit the login page http://localhost:3000/#/login with the browser launched with ZAP and use your test account to login. After you login, back in ZAP in the Script Console tab you should see a message that says Capturing token for JWT.

Now visit http://localhost:3000/rest/user/whoami directly in the browser and you will see you get JSON data with the user {"user":{"id":9,"email":"[email protected]"}}! Back in the Script Console you will see the script went ahead and added the header!

Now that we have a script ensuring we have the right headers & cookies for authentication, let's go ahead and try spidering the application again! So let's use the same settings we used earlier from the AJAX Spider Settings. Once the scan starts, check out the browser running the scan - you'll notice the user is logged in! (Logout & Your Basket links visible). Now the AJAX Spider will pick up some new paths that it couldn't find before!

Steps to Reproduce via API

Use the scripts endpoint to add the script file. Thereafter the configurations are very similar to the form based authentication with the Bodgeit application. Use the includeInContext API to add the URL to the default context
and use the setAuthenticationMethod to setup the authentication method and the configuration parameters. Finally use the users API to create the admin user. Refer the script in the right column on how to use the above APIs.

Advanced Settings

The following section shows advanced configurations of the APIs.

Spider Settings

The following image shows the advanced configurations tab of Spider in the desktop UI.

spider_advanced

Use the setOptionMaxDepth API to set the maximum depth the spider can crawl, where 0 refers to unlimited depth. The setOptionMaxChildren API sets the maximum number of child nodes (per node) that can be crawled, where 0 means no limit. The setOptionMaxDuration API can be used to set the maximum duration the Spider will run. Use the setOptionMaxParseSizeBytes API to limit the amount of data parsed by the spider. This allows the spider to skip big responses/files.

View the Spider section in the API Catalogue for additional APIs.

Ajax Spider Settings

The following image shows the advanced configurations tab of Ajax Spider in the desktop UI.

ajax_spider_advanced

Similar to the Spider API, the Ajax spider also provides APIs to set the maximum depth, crawl state, and maximum duration.

Passive Scan Settings

The scanning rules can be enabled/disabled using the enableScanners and disableScanners APIs. Also use the setScanOnlyInScope API to limit the passive scanning to a scope. View the advanced section to learn how to configure a context or scope using ZAP APIs.

Passive scanning can also be used to automatically add tags and raise alerts for potential issues. A set of rules for automatic tagging are provided by default. These can be changed, deleted or added to via the Options Passive Scan Tags Screen.

Active Scan Settings

General Options

The general options for Active Scan can be configured using the options tab in the desktop UI shown below.

options

Use the setOptionMaxScanDurationInMins API to limit the duration of scan and setOptionMaxRuleDurationInMins API to limit the time of individual active scan rules. This can be used to prevent rules from running for an excessive amount of time.

Use the setOptionHostPerScan API to set the maximum number of hosts that will be scanned at the same time. Furthermore, use the setOptionThreadPerHost API to set the number of threads the scanner will use per host. Increasing both of these values will reduce the active scanning time but this may put extra strain on the server ZAP is running on.

Use the setOptionDelayInMs API to delay each request from ZAP in milliseconds. Setting this to a non zero value will increase the time an active scan takes, but will put less of a strain on the target host. View the Active Scan section in the API Catalogue for additional information regarding the APIs.

Input Vectors

Input vectors refers to the elements that Active Scan will target. Specifying the exact elements to target will improve the scanning time and accuracy of the results. For example, for the following configuration the optionTargetParamsInjectable and optionTargetParamsEnabledRPC will yield the results of 11 and 39. The numbers can be deconstructed in the following manner:

input_vectors_code

Thus, to change the values of Injectable targets and Input Vector Handlers calculate the exact values and use the setoptiontargetparamsinjectable and setoptiontargetparamsenabledrpc APIs accordingly.

The Add URL query parameter option under the Injectable Tragets sets whether or not the active scanner should add a query param to GET requests which do not have parameters to start with. This option can be enabled using the setoptionaddqueryparam API.

Technology

technology

The Technology tab allows you to specify which types of technologies to scan. Un-selecting technologies that you know are not present in the target application may speed up the scan, as rules which target that technology can skip those tests. For an example, if the target web application does not have a database then removing it will increase the performance of the Active Scan.

Use the includeContextTechnologies and excludeContextTechnologies API endpoints to include and exclude the technology list from the context.

Policy

A scan policy defines exactly which rules are run as part of an active scan. It also defines how these rules run influencing how many requests are made and how likely potential issues are to be flagged. You can define as many scan policies as you like and select the most appropriate one when you start the scan via the Active Scan.

policy

The Policy tab shown in the above image allows you to override any of the settings specified in the selected scan policy.

Contributions Welcome!

Contributions are welcome! There are many ways you can contribute to ZAP, both as a user and as a developer.

1. Creating High-level API/Automation Docs

Create high level docs or example guides on how to use the APIs to perform any action/view with ZAP. The source files for the ZAP API documentation is hosted on GitHub. The repository is available at Github. The source files are in Markdown (md) format.

2. REST API Documentation

ZAP's rest API is documented using the OpenAPI specification. The specification could be improved by enhancing the description of parameters/ results/ data types etc. The open API specification is available via GitHub.

3. Feature Documentation

Feature documentation related to ZAP is available on ZAP wiki, ZAP user guide, and ZAP extensions repositories.

How to Contribute

The ZAP API documentation is developed according to the docs as code philosophy. The most direct and effective way to contribute to the docs is to submit a pull request(PR) or raise an issue in the GitHub repository containing the docs content that you want to change.

There are 2 different workflows which you can use to make changes or PRs. Use what you are most comfortable with!

1. "Edit this File on GitHub"

You can edit the documentation in the browser via navigating to the relevant source file and clicking the edit this file button. This workflow is recommended for minor changes. For example correcting typos/spellings/grammar etc. For extensive changes, please use the local setup and editing option.

2. Local Setup and Editing

You can fork the repository on GitHub and submit the changes via pull requests. Please see the local setup for API docs section to setup and render the docs locally.

Local Setup for API Docs

ZAP uses git for its code repository. To submit a documentation update, use the following steps:

1. Clone the ZAP Docs repository: git clone https://github.com/zaproxy/zap-api-docs

2. Navigate to the cloned repository: cd zap-api-docs

3. Use the following guide to install Ruby

4. To install the dependencies: $ bundle install

5. To start the server: $ bundle exec middleman server

Documentation Style

This style guide provides a set of editorial guidelines for anyone writing documentation for ZAP.

General Guidelines

Language and Grammar

Formatting

Punctuation

Markdown Syntax

The API docs are created using standard markdown files. This section contains information regarding the syntax and linting of the Markdown files. Refer to the Slate documentation. Also refer to this document to properly lint the Markdown files.

Writing Code

Inline Code

Put `backticks` around the following symbols when used in text:

Code Block

Use three back ticks to open and close a code block. Specify the programming language after the first backtick group. The documentation currently supports python, java, and shell languages.

code_example

Troubleshooting

This section explains how to troubleshoot issues that might occur when interacting with the ZAP API.

Enable Useful Dev Options

While developing scripts/programs that interact with ZAP API it's recommended that the following ZAP API options are enabled, to have more information about possible errors:

The API response will then contain the details about why the API request was rejected or was not successful.

Common Errors

Wrong API Key or Address Not Allowed

//org.zaproxy.clientapi.core.ClientApiException: java.net.SocketException: Unexpected end of file from server
//  at org.zaproxy.clientapi.core.ClientApi.callApiDom(ClientApi.java:366)
//  at org.zaproxy.clientapi.core.ClientApi.callApi(ClientApi.java:350)
//  at org.zaproxy.clientapi.gen.Spider.scan(Spider.java:242)
requests.exceptions.ProxyError: HTTPConnectionPool(host='127.0.0.1', port=8080): Max retries exceeded with 
url: http://zap/JSON/spider/action/scan/?apikey=changeMe&url=https%3A%2F%2Fexample.com 
(Caused by ProxyError('Cannot connect to proxy.', RemoteDisconnected('Remote end closed connection without response')))

By default, ZAP will close the connection without a response if an API request is not from an allowed address or the API key is wrong. If you get exceptions similar to the following ensure that the API client is using the correct API key and that the address is allowed.

No Connection to ZAP

//org.zaproxy.clientapi.core.ClientApiException: java.net.ConnectException: Connection refused: connect
//  at org.zaproxy.clientapi.core.ClientApi.callApiDom(ClientApi.java:366)
//  at org.zaproxy.clientapi.core.ClientApi.callApi(ClientApi.java:350)
//  at org.zaproxy.clientapi.gen.Spider.scan(Spider.java:242)
//  at ZAP_tests.Spider.main(Spider.java:25)
requests.exceptions.ProxyError: HTTPConnectionPool(host='127.0.0.1', port=8080): Max retries exceeded with 
url: http://zap/JSON/spider/action/scan/?apikey=changeMe&url=https%3A%2F%2Fexample.com 
(Caused by ProxyError('Cannot connect to proxy.', NewConnectionError('<urllib3.connection.HTTPConnection object at 
0x101be78e0>: Failed to establish a new connection: [Errno 61] Connection refused')))

There are several reasons that the API client might not be able to connect to ZAP:

Error: No Implementor

If you come across the No Implementor Error while invoking the APIs: Check the necessary add-on or component is installed and enabled. (For example if you receive "no_implementor" in relation to Ajax Spider calls, perhaps the Ajax Spider add-on isn't installed.)

API Catalogue

Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.

The HTTP API for controlling and accessing ZAP.

Base URLs:

Email: ZAP User Group Web: ZAP User Group License: Apache 2.0

Authentication

alert

alertViewAlert

Code samples

# You can also use wget
curl -X GET http://zap/JSON/alert/view/alert/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/alert/view/alert/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/alert/view/alert/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/alert/view/alert/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/alert/view/alert/

Gets the alert with the given ID, the corresponding HTTP message can be obtained with the 'messageId' field and 'message' API method

Parameters

Name In Type Required Description
id query integer false none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

alertViewAlerts

Code samples

# You can also use wget
curl -X GET http://zap/JSON/alert/view/alerts/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/alert/view/alerts/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/alert/view/alerts/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/alert/view/alerts/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/alert/view/alerts/

Gets the alerts raised by ZAP, optionally filtering by URL or riskId, and paginating with 'start' position and 'count' of alerts

Parameters

Name In Type Required Description
baseurl query string false none
start query integer false none
count query integer false none
riskId query string false none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

alertViewAlertsSummary

Code samples

# You can also use wget
curl -X GET http://zap/JSON/alert/view/alertsSummary/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/alert/view/alertsSummary/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/alert/view/alertsSummary/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/alert/view/alertsSummary/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/alert/view/alertsSummary/

Gets number of alerts grouped by each risk level, optionally filtering by URL

Parameters

Name In Type Required Description
baseurl query string false none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

alertViewNumberOfAlerts

Code samples

# You can also use wget
curl -X GET http://zap/JSON/alert/view/numberOfAlerts/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/alert/view/numberOfAlerts/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/alert/view/numberOfAlerts/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/alert/view/numberOfAlerts/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/alert/view/numberOfAlerts/

Gets the number of alerts, optionally filtering by URL or riskId

Parameters

Name In Type Required Description
baseurl query string false none
riskId query string false none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

alertViewAlertsByRisk

Code samples

# You can also use wget
curl -X GET http://zap/JSON/alert/view/alertsByRisk/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/alert/view/alertsByRisk/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/alert/view/alertsByRisk/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/alert/view/alertsByRisk/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/alert/view/alertsByRisk/

Gets a summary of the alerts, optionally filtered by a 'url'. If 'recurse' is true then all alerts that apply to urls that start with the specified 'url' will be returned, otherwise only those on exactly the same 'url' (ignoring url parameters)

Parameters

Name In Type Required Description
url query string false none
recurse query boolean false none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

alertViewAlertCountsByRisk

Code samples

# You can also use wget
curl -X GET http://zap/JSON/alert/view/alertCountsByRisk/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/alert/view/alertCountsByRisk/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/alert/view/alertCountsByRisk/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/alert/view/alertCountsByRisk/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/alert/view/alertCountsByRisk/

Gets a count of the alerts, optionally filtered as per alertsPerRisk

Parameters

Name In Type Required Description
url query string false none
recurse query boolean false none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

alertActionDeleteAllAlerts

Code samples

# You can also use wget
curl -X GET http://zap/JSON/alert/action/deleteAllAlerts/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/alert/action/deleteAllAlerts/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/alert/action/deleteAllAlerts/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/alert/action/deleteAllAlerts/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/alert/action/deleteAllAlerts/

Deletes all alerts of the current session.

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

alertActionDeleteAlert

Code samples

# You can also use wget
curl -X GET http://zap/JSON/alert/action/deleteAlert/?id=0 \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/alert/action/deleteAlert/?id=0");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/alert/action/deleteAlert/', params={
  'id': '0'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/alert/action/deleteAlert/',
  params: {
  'id' => 'integer'
}, headers: headers

p JSON.parse(result)

GET /JSON/alert/action/deleteAlert/

Deletes the alert with the given ID.

Parameters

Name In Type Required Description
id query integer true none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

acsrf

acsrfViewOptionTokensNames

Code samples

# You can also use wget
curl -X GET http://zap/JSON/acsrf/view/optionTokensNames/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/acsrf/view/optionTokensNames/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/acsrf/view/optionTokensNames/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/acsrf/view/optionTokensNames/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/acsrf/view/optionTokensNames/

Lists the names of all anti-CSRF tokens

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

acsrfActionAddOptionToken

Code samples

# You can also use wget
curl -X GET http://zap/JSON/acsrf/action/addOptionToken/?String=string \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/acsrf/action/addOptionToken/?String=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/acsrf/action/addOptionToken/', params={
  'String': 'string'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/acsrf/action/addOptionToken/',
  params: {
  'String' => 'string'
}, headers: headers

p JSON.parse(result)

GET /JSON/acsrf/action/addOptionToken/

Adds an anti-CSRF token with the given name, enabled by default

Parameters

Name In Type Required Description
String query string true none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

acsrfActionRemoveOptionToken

Code samples

# You can also use wget
curl -X GET http://zap/JSON/acsrf/action/removeOptionToken/?String=string \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/acsrf/action/removeOptionToken/?String=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/acsrf/action/removeOptionToken/', params={
  'String': 'string'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/acsrf/action/removeOptionToken/',
  params: {
  'String' => 'string'
}, headers: headers

p JSON.parse(result)

GET /JSON/acsrf/action/removeOptionToken/

Removes the anti-CSRF token with the given name

Parameters

Name In Type Required Description
String query string true none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

acsrfOtherGenForm

Code samples

# You can also use wget
curl -X GET http://zap/OTHER/acsrf/other/genForm/?hrefId=0 \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/OTHER/acsrf/other/genForm/?hrefId=0");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/OTHER/acsrf/other/genForm/', params={
  'hrefId': '0'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/OTHER/acsrf/other/genForm/',
  params: {
  'hrefId' => 'integer'
}, headers: headers

p JSON.parse(result)

GET /OTHER/acsrf/other/genForm/

Generate a form for testing lack of anti-CSRF tokens - typically invoked via ZAP

Parameters

Name In Type Required Description
hrefId query integer true none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

pscan

pscanViewScanOnlyInScope

Code samples

# You can also use wget
curl -X GET http://zap/JSON/pscan/view/scanOnlyInScope/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/pscan/view/scanOnlyInScope/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/pscan/view/scanOnlyInScope/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/pscan/view/scanOnlyInScope/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/pscan/view/scanOnlyInScope/

Tells whether or not the passive scan should be performed only on messages that are in scope.

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

pscanViewRecordsToScan

Code samples

# You can also use wget
curl -X GET http://zap/JSON/pscan/view/recordsToScan/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/pscan/view/recordsToScan/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/pscan/view/recordsToScan/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/pscan/view/recordsToScan/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/pscan/view/recordsToScan/

The number of records the passive scanner still has to scan

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

pscanViewScanners

Code samples

# You can also use wget
curl -X GET http://zap/JSON/pscan/view/scanners/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/pscan/view/scanners/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/pscan/view/scanners/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/pscan/view/scanners/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/pscan/view/scanners/

Lists all passive scanners with its ID, name, enabled state and alert threshold.

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

pscanViewCurrentRule

Code samples

# You can also use wget
curl -X GET http://zap/JSON/pscan/view/currentRule/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/pscan/view/currentRule/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/pscan/view/currentRule/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/pscan/view/currentRule/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/pscan/view/currentRule/

Show information about the passive scan rule currently being run (if any).

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

pscanViewMaxAlertsPerRule

Code samples

# You can also use wget
curl -X GET http://zap/JSON/pscan/view/maxAlertsPerRule/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/pscan/view/maxAlertsPerRule/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/pscan/view/maxAlertsPerRule/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/pscan/view/maxAlertsPerRule/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/pscan/view/maxAlertsPerRule/

Gets the maximum number of alerts a passive scan rule should raise.

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

pscanActionSetEnabled

Code samples

# You can also use wget
curl -X GET http://zap/JSON/pscan/action/setEnabled/?enabled=true \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/pscan/action/setEnabled/?enabled=true");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/pscan/action/setEnabled/', params={
  'enabled': 'true'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/pscan/action/setEnabled/',
  params: {
  'enabled' => 'boolean'
}, headers: headers

p JSON.parse(result)

GET /JSON/pscan/action/setEnabled/

Sets whether or not the passive scanning is enabled (Note: the enabled state is not persisted).

Parameters

Name In Type Required Description
enabled query boolean true none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

pscanActionSetScanOnlyInScope

Code samples

# You can also use wget
curl -X GET http://zap/JSON/pscan/action/setScanOnlyInScope/?onlyInScope=true \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/pscan/action/setScanOnlyInScope/?onlyInScope=true");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/pscan/action/setScanOnlyInScope/', params={
  'onlyInScope': 'true'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/pscan/action/setScanOnlyInScope/',
  params: {
  'onlyInScope' => 'boolean'
}, headers: headers

p JSON.parse(result)

GET /JSON/pscan/action/setScanOnlyInScope/

Sets whether or not the passive scan should be performed only on messages that are in scope.

Parameters

Name In Type Required Description
onlyInScope query boolean true none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

pscanActionEnableAllScanners

Code samples

# You can also use wget
curl -X GET http://zap/JSON/pscan/action/enableAllScanners/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/pscan/action/enableAllScanners/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/pscan/action/enableAllScanners/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/pscan/action/enableAllScanners/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/pscan/action/enableAllScanners/

Enables all passive scanners

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

pscanActionDisableAllScanners

Code samples

# You can also use wget
curl -X GET http://zap/JSON/pscan/action/disableAllScanners/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/pscan/action/disableAllScanners/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/pscan/action/disableAllScanners/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/pscan/action/disableAllScanners/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/pscan/action/disableAllScanners/

Disables all passive scanners

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

pscanActionEnableScanners

Code samples

# You can also use wget
curl -X GET http://zap/JSON/pscan/action/enableScanners/?ids=0 \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/pscan/action/enableScanners/?ids=0");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/pscan/action/enableScanners/', params={
  'ids': '0'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/pscan/action/enableScanners/',
  params: {
  'ids' => 'integer'
}, headers: headers

p JSON.parse(result)

GET /JSON/pscan/action/enableScanners/

Enables all passive scanners with the given IDs (comma separated list of IDs)

Parameters

Name In Type Required Description
ids query integer true none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

pscanActionDisableScanners

Code samples

# You can also use wget
curl -X GET http://zap/JSON/pscan/action/disableScanners/?ids=0 \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/pscan/action/disableScanners/?ids=0");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/pscan/action/disableScanners/', params={
  'ids': '0'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/pscan/action/disableScanners/',
  params: {
  'ids' => 'integer'
}, headers: headers

p JSON.parse(result)

GET /JSON/pscan/action/disableScanners/

Disables all passive scanners with the given IDs (comma separated list of IDs)

Parameters

Name In Type Required Description
ids query integer true none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

pscanActionSetScannerAlertThreshold

Code samples

# You can also use wget
curl -X GET http://zap/JSON/pscan/action/setScannerAlertThreshold/?id=0&alertThreshold=string \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/pscan/action/setScannerAlertThreshold/?id=0&alertThreshold=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/pscan/action/setScannerAlertThreshold/', params={
  'id': '0',  'alertThreshold': 'string'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/pscan/action/setScannerAlertThreshold/',
  params: {
  'id' => 'integer',
'alertThreshold' => 'string'
}, headers: headers

p JSON.parse(result)

GET /JSON/pscan/action/setScannerAlertThreshold/

Sets the alert threshold of the passive scanner with the given ID, accepted values for alert threshold: OFF, DEFAULT, LOW, MEDIUM and HIGH

Parameters

Name In Type Required Description
id query integer true none
alertThreshold query string true none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

pscanActionSetMaxAlertsPerRule

Code samples

# You can also use wget
curl -X GET http://zap/JSON/pscan/action/setMaxAlertsPerRule/?maxAlerts=0 \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/pscan/action/setMaxAlertsPerRule/?maxAlerts=0");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/pscan/action/setMaxAlertsPerRule/', params={
  'maxAlerts': '0'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/pscan/action/setMaxAlertsPerRule/',
  params: {
  'maxAlerts' => 'integer'
}, headers: headers

p JSON.parse(result)

GET /JSON/pscan/action/setMaxAlertsPerRule/

Sets the maximum number of alerts a passive scan rule should raise.

Parameters

Name In Type Required Description
maxAlerts query integer true none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

search

searchViewUrlsByUrlRegex

Code samples

# You can also use wget
curl -X GET http://zap/JSON/search/view/urlsByUrlRegex/?regex=string \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/search/view/urlsByUrlRegex/?regex=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/search/view/urlsByUrlRegex/', params={
  'regex': 'string'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/search/view/urlsByUrlRegex/',
  params: {
  'regex' => 'string'
}, headers: headers

p JSON.parse(result)

GET /JSON/search/view/urlsByUrlRegex/

Returns the URLs of the HTTP messages that match the given regular expression in the URL optionally filtered by URL and paginated with 'start' position and 'count' of messages.

Parameters

Name In Type Required Description
regex query string true none
baseurl query string false none
start query integer false none
count query integer false none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

searchViewUrlsByRequestRegex

Code samples

# You can also use wget
curl -X GET http://zap/JSON/search/view/urlsByRequestRegex/?regex=string \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/search/view/urlsByRequestRegex/?regex=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/search/view/urlsByRequestRegex/', params={
  'regex': 'string'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/search/view/urlsByRequestRegex/',
  params: {
  'regex' => 'string'
}, headers: headers

p JSON.parse(result)

GET /JSON/search/view/urlsByRequestRegex/

Returns the URLs of the HTTP messages that match the given regular expression in the request optionally filtered by URL and paginated with 'start' position and 'count' of messages.

Parameters

Name In Type Required Description
regex query string true none
baseurl query string false none
start query integer false none
count query integer false none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

searchViewUrlsByResponseRegex

Code samples

# You can also use wget
curl -X GET http://zap/JSON/search/view/urlsByResponseRegex/?regex=string \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/search/view/urlsByResponseRegex/?regex=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/search/view/urlsByResponseRegex/', params={
  'regex': 'string'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/search/view/urlsByResponseRegex/',
  params: {
  'regex' => 'string'
}, headers: headers

p JSON.parse(result)

GET /JSON/search/view/urlsByResponseRegex/

Returns the URLs of the HTTP messages that match the given regular expression in the response optionally filtered by URL and paginated with 'start' position and 'count' of messages.

Parameters

Name In Type Required Description
regex query string true none
baseurl query string false none
start query integer false none
count query integer false none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

searchViewUrlsByHeaderRegex

Code samples

# You can also use wget
curl -X GET http://zap/JSON/search/view/urlsByHeaderRegex/?regex=string \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/search/view/urlsByHeaderRegex/?regex=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/search/view/urlsByHeaderRegex/', params={
  'regex': 'string'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/search/view/urlsByHeaderRegex/',
  params: {
  'regex' => 'string'
}, headers: headers

p JSON.parse(result)

GET /JSON/search/view/urlsByHeaderRegex/

Returns the URLs of the HTTP messages that match the given regular expression in the header(s) optionally filtered by URL and paginated with 'start' position and 'count' of messages.

Parameters

Name In Type Required Description
regex query string true none
baseurl query string false none
start query integer false none
count query integer false none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

searchViewMessagesByUrlRegex

Code samples

# You can also use wget
curl -X GET http://zap/JSON/search/view/messagesByUrlRegex/?regex=string \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/search/view/messagesByUrlRegex/?regex=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/search/view/messagesByUrlRegex/', params={
  'regex': 'string'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/search/view/messagesByUrlRegex/',
  params: {
  'regex' => 'string'
}, headers: headers

p JSON.parse(result)

GET /JSON/search/view/messagesByUrlRegex/

Returns the HTTP messages that match the given regular expression in the URL optionally filtered by URL and paginated with 'start' position and 'count' of messages.

Parameters

Name In Type Required Description
regex query string true none
baseurl query string false none
start query integer false none
count query integer false none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

searchViewMessagesByRequestRegex

Code samples

# You can also use wget
curl -X GET http://zap/JSON/search/view/messagesByRequestRegex/?regex=string \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/search/view/messagesByRequestRegex/?regex=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/search/view/messagesByRequestRegex/', params={
  'regex': 'string'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/search/view/messagesByRequestRegex/',
  params: {
  'regex' => 'string'
}, headers: headers

p JSON.parse(result)

GET /JSON/search/view/messagesByRequestRegex/

Returns the HTTP messages that match the given regular expression in the request optionally filtered by URL and paginated with 'start' position and 'count' of messages.

Parameters

Name In Type Required Description
regex query string true none
baseurl query string false none
start query integer false none
count query integer false none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

searchViewMessagesByResponseRegex

Code samples

# You can also use wget
curl -X GET http://zap/JSON/search/view/messagesByResponseRegex/?regex=string \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/search/view/messagesByResponseRegex/?regex=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/search/view/messagesByResponseRegex/', params={
  'regex': 'string'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/search/view/messagesByResponseRegex/',
  params: {
  'regex' => 'string'
}, headers: headers

p JSON.parse(result)

GET /JSON/search/view/messagesByResponseRegex/

Returns the HTTP messages that match the given regular expression in the response optionally filtered by URL and paginated with 'start' position and 'count' of messages.

Parameters

Name In Type Required Description
regex query string true none
baseurl query string false none
start query integer false none
count query integer false none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

searchViewMessagesByHeaderRegex

Code samples

# You can also use wget
curl -X GET http://zap/JSON/search/view/messagesByHeaderRegex/?regex=string \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/search/view/messagesByHeaderRegex/?regex=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/search/view/messagesByHeaderRegex/', params={
  'regex': 'string'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/search/view/messagesByHeaderRegex/',
  params: {
  'regex' => 'string'
}, headers: headers

p JSON.parse(result)

GET /JSON/search/view/messagesByHeaderRegex/

Returns the HTTP messages that match the given regular expression in the header(s) optionally filtered by URL and paginated with 'start' position and 'count' of messages.

Parameters

Name In Type Required Description
regex query string true none
baseurl query string false none
start query integer false none
count query integer false none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

searchOtherHarByUrlRegex

Code samples

# You can also use wget
curl -X GET http://zap/OTHER/search/other/harByUrlRegex/?regex=string \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/OTHER/search/other/harByUrlRegex/?regex=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/OTHER/search/other/harByUrlRegex/', params={
  'regex': 'string'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/OTHER/search/other/harByUrlRegex/',
  params: {
  'regex' => 'string'
}, headers: headers

p JSON.parse(result)

GET /OTHER/search/other/harByUrlRegex/

Returns the HTTP messages, in HAR format, that match the given regular expression in the URL optionally filtered by URL and paginated with 'start' position and 'count' of messages.

Parameters

Name In Type Required Description
regex query string true none
baseurl query string false none
start query integer false none
count query integer false none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

searchOtherHarByRequestRegex

Code samples

# You can also use wget
curl -X GET http://zap/OTHER/search/other/harByRequestRegex/?regex=string \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/OTHER/search/other/harByRequestRegex/?regex=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/OTHER/search/other/harByRequestRegex/', params={
  'regex': 'string'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/OTHER/search/other/harByRequestRegex/',
  params: {
  'regex' => 'string'
}, headers: headers

p JSON.parse(result)

GET /OTHER/search/other/harByRequestRegex/

Returns the HTTP messages, in HAR format, that match the given regular expression in the request optionally filtered by URL and paginated with 'start' position and 'count' of messages.

Parameters

Name In Type Required Description
regex query string true none
baseurl query string false none
start query integer false none
count query integer false none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

searchOtherHarByResponseRegex

Code samples

# You can also use wget
curl -X GET http://zap/OTHER/search/other/harByResponseRegex/?regex=string \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/OTHER/search/other/harByResponseRegex/?regex=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/OTHER/search/other/harByResponseRegex/', params={
  'regex': 'string'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/OTHER/search/other/harByResponseRegex/',
  params: {
  'regex' => 'string'
}, headers: headers

p JSON.parse(result)

GET /OTHER/search/other/harByResponseRegex/

Returns the HTTP messages, in HAR format, that match the given regular expression in the response optionally filtered by URL and paginated with 'start' position and 'count' of messages.

Parameters

Name In Type Required Description
regex query string true none
baseurl query string false none
start query integer false none
count query integer false none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

searchOtherHarByHeaderRegex

Code samples

# You can also use wget
curl -X GET http://zap/OTHER/search/other/harByHeaderRegex/?regex=string \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/OTHER/search/other/harByHeaderRegex/?regex=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/OTHER/search/other/harByHeaderRegex/', params={
  'regex': 'string'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/OTHER/search/other/harByHeaderRegex/',
  params: {
  'regex' => 'string'
}, headers: headers

p JSON.parse(result)

GET /OTHER/search/other/harByHeaderRegex/

Returns the HTTP messages, in HAR format, that match the given regular expression in the header(s) optionally filtered by URL and paginated with 'start' position and 'count' of messages.

Parameters

Name In Type Required Description
regex query string true none
baseurl query string false none
start query integer false none
count query integer false none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdate

autoupdateViewLatestVersionNumber

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/latestVersionNumber/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/view/latestVersionNumber/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/view/latestVersionNumber/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/view/latestVersionNumber/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/view/latestVersionNumber/

Returns the latest version number

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateViewIsLatestVersion

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/isLatestVersion/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/view/isLatestVersion/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/view/isLatestVersion/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/view/isLatestVersion/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/view/isLatestVersion/

Returns 'true' if ZAP is on the latest version

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateViewInstalledAddons

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/installedAddons/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/view/installedAddons/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/view/installedAddons/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/view/installedAddons/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/view/installedAddons/

Return a list of all of the installed add-ons

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateViewLocalAddons

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/localAddons/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/view/localAddons/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/view/localAddons/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/view/localAddons/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/view/localAddons/

Returns a list with all local add-ons, installed or not.

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateViewNewAddons

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/newAddons/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/view/newAddons/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/view/newAddons/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/view/newAddons/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/view/newAddons/

Return a list of any add-ons that have been added to the Marketplace since the last check for updates

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateViewUpdatedAddons

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/updatedAddons/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/view/updatedAddons/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/view/updatedAddons/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/view/updatedAddons/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/view/updatedAddons/

Return a list of any add-ons that have been changed in the Marketplace since the last check for updates

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateViewMarketplaceAddons

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/marketplaceAddons/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/view/marketplaceAddons/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/view/marketplaceAddons/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/view/marketplaceAddons/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/view/marketplaceAddons/

Return a list of all of the add-ons on the ZAP Marketplace (this information is read once and then cached)

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateViewOptionAddonDirectories

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/optionAddonDirectories/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/view/optionAddonDirectories/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/view/optionAddonDirectories/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/view/optionAddonDirectories/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/view/optionAddonDirectories/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateViewOptionDayLastChecked

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/optionDayLastChecked/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/view/optionDayLastChecked/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/view/optionDayLastChecked/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/view/optionDayLastChecked/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/view/optionDayLastChecked/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateViewOptionDayLastInstallWarned

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/optionDayLastInstallWarned/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/view/optionDayLastInstallWarned/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/view/optionDayLastInstallWarned/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/view/optionDayLastInstallWarned/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/view/optionDayLastInstallWarned/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateViewOptionDayLastUpdateWarned

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/optionDayLastUpdateWarned/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/view/optionDayLastUpdateWarned/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/view/optionDayLastUpdateWarned/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/view/optionDayLastUpdateWarned/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/view/optionDayLastUpdateWarned/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateViewOptionDownloadDirectory

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/optionDownloadDirectory/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/view/optionDownloadDirectory/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/view/optionDownloadDirectory/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/view/optionDownloadDirectory/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/view/optionDownloadDirectory/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateViewOptionCheckAddonUpdates

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/optionCheckAddonUpdates/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/view/optionCheckAddonUpdates/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/view/optionCheckAddonUpdates/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/view/optionCheckAddonUpdates/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/view/optionCheckAddonUpdates/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateViewOptionCheckOnStart

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/optionCheckOnStart/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/view/optionCheckOnStart/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/view/optionCheckOnStart/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/view/optionCheckOnStart/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/view/optionCheckOnStart/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateViewOptionDownloadNewRelease

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/optionDownloadNewRelease/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/view/optionDownloadNewRelease/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/view/optionDownloadNewRelease/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/view/optionDownloadNewRelease/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/view/optionDownloadNewRelease/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateViewOptionInstallAddonUpdates

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/optionInstallAddonUpdates/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/view/optionInstallAddonUpdates/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/view/optionInstallAddonUpdates/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/view/optionInstallAddonUpdates/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/view/optionInstallAddonUpdates/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateViewOptionInstallScannerRules

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/optionInstallScannerRules/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/view/optionInstallScannerRules/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/view/optionInstallScannerRules/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/view/optionInstallScannerRules/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/view/optionInstallScannerRules/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateViewOptionReportAlphaAddons

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/optionReportAlphaAddons/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/view/optionReportAlphaAddons/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/view/optionReportAlphaAddons/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/view/optionReportAlphaAddons/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/view/optionReportAlphaAddons/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateViewOptionReportBetaAddons

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/optionReportBetaAddons/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/view/optionReportBetaAddons/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/view/optionReportBetaAddons/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/view/optionReportBetaAddons/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/view/optionReportBetaAddons/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateViewOptionReportReleaseAddons

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/optionReportReleaseAddons/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/view/optionReportReleaseAddons/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/view/optionReportReleaseAddons/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/view/optionReportReleaseAddons/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/view/optionReportReleaseAddons/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateActionDownloadLatestRelease

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/action/downloadLatestRelease/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/action/downloadLatestRelease/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/action/downloadLatestRelease/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/action/downloadLatestRelease/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/action/downloadLatestRelease/

Downloads the latest release, if any

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateActionInstallAddon

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/action/installAddon/?id=string \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/action/installAddon/?id=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/action/installAddon/', params={
  'id': 'string'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/action/installAddon/',
  params: {
  'id' => 'string'
}, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/action/installAddon/

Installs or updates the specified add-on, returning when complete (ie not asynchronously)

Parameters

Name In Type Required Description
id query string true none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateActionInstallLocalAddon

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/action/installLocalAddon/?file=string \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/action/installLocalAddon/?file=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/action/installLocalAddon/', params={
  'file': 'string'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/action/installLocalAddon/',
  params: {
  'file' => 'string'
}, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/action/installLocalAddon/

Parameters

Name In Type Required Description
file query string true none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateActionUninstallAddon

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/action/uninstallAddon/?id=string \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/action/uninstallAddon/?id=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/action/uninstallAddon/', params={
  'id': 'string'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/action/uninstallAddon/',
  params: {
  'id' => 'string'
}, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/action/uninstallAddon/

Uninstalls the specified add-on

Parameters

Name In Type Required Description
id query string true none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateActionSetOptionCheckAddonUpdates

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/action/setOptionCheckAddonUpdates/?Boolean=string \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/action/setOptionCheckAddonUpdates/?Boolean=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/action/setOptionCheckAddonUpdates/', params={
  'Boolean': 'string'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/action/setOptionCheckAddonUpdates/',
  params: {
  'Boolean' => 'string'
}, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/action/setOptionCheckAddonUpdates/

Parameters

Name In Type Required Description
Boolean query string true none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateActionSetOptionCheckOnStart

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/action/setOptionCheckOnStart/?Boolean=string \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/action/setOptionCheckOnStart/?Boolean=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/action/setOptionCheckOnStart/', params={
  'Boolean': 'string'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/action/setOptionCheckOnStart/',
  params: {
  'Boolean' => 'string'
}, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/action/setOptionCheckOnStart/

Parameters

Name In Type Required Description
Boolean query string true none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateActionSetOptionDownloadNewRelease

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/action/setOptionDownloadNewRelease/?Boolean=string \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/action/setOptionDownloadNewRelease/?Boolean=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/action/setOptionDownloadNewRelease/', params={
  'Boolean': 'string'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/action/setOptionDownloadNewRelease/',
  params: {
  'Boolean' => 'string'
}, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/action/setOptionDownloadNewRelease/

Parameters

Name In Type Required Description
Boolean query string true none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateActionSetOptionInstallAddonUpdates

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/action/setOptionInstallAddonUpdates/?Boolean=string \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/action/setOptionInstallAddonUpdates/?Boolean=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/action/setOptionInstallAddonUpdates/', params={
  'Boolean': 'string'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/action/setOptionInstallAddonUpdates/',
  params: {
  'Boolean' => 'string'
}, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/action/setOptionInstallAddonUpdates/

Parameters

Name In Type Required Description
Boolean query string true none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateActionSetOptionInstallScannerRules

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/action/setOptionInstallScannerRules/?Boolean=string \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/action/setOptionInstallScannerRules/?Boolean=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/action/setOptionInstallScannerRules/', params={
  'Boolean': 'string'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/action/setOptionInstallScannerRules/',
  params: {
  'Boolean' => 'string'
}, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/action/setOptionInstallScannerRules/

Parameters

Name In Type Required Description
Boolean query string true none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateActionSetOptionReportAlphaAddons

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/action/setOptionReportAlphaAddons/?Boolean=string \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/action/setOptionReportAlphaAddons/?Boolean=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/action/setOptionReportAlphaAddons/', params={
  'Boolean': 'string'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/action/setOptionReportAlphaAddons/',
  params: {
  'Boolean' => 'string'
}, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/action/setOptionReportAlphaAddons/

Parameters

Name In Type Required Description
Boolean query string true none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateActionSetOptionReportBetaAddons

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/action/setOptionReportBetaAddons/?Boolean=string \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/action/setOptionReportBetaAddons/?Boolean=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/action/setOptionReportBetaAddons/', params={
  'Boolean': 'string'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/action/setOptionReportBetaAddons/',
  params: {
  'Boolean' => 'string'
}, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/action/setOptionReportBetaAddons/

Parameters

Name In Type Required Description
Boolean query string true none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

autoupdateActionSetOptionReportReleaseAddons

Code samples

# You can also use wget
curl -X GET http://zap/JSON/autoupdate/action/setOptionReportReleaseAddons/?Boolean=string \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/autoupdate/action/setOptionReportReleaseAddons/?Boolean=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/autoupdate/action/setOptionReportReleaseAddons/', params={
  'Boolean': 'string'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/autoupdate/action/setOptionReportReleaseAddons/',
  params: {
  'Boolean' => 'string'
}, headers: headers

p JSON.parse(result)

GET /JSON/autoupdate/action/setOptionReportReleaseAddons/

Parameters

Name In Type Required Description
Boolean query string true none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spider

spiderViewStatus

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/status/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/status/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/status/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/status/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/status/

Parameters

Name In Type Required Description
scanId query integer false none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewResults

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/results/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/results/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/results/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/results/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/results/

Parameters

Name In Type Required Description
scanId query integer false none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewFullResults

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/fullResults/?scanId=0 \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/fullResults/?scanId=0");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/fullResults/', params={
  'scanId': '0'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/fullResults/',
  params: {
  'scanId' => 'integer'
}, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/fullResults/

Parameters

Name In Type Required Description
scanId query integer true none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewScans

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/scans/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/scans/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/scans/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/scans/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/scans/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewExcludedFromScan

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/excludedFromScan/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/excludedFromScan/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/excludedFromScan/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/excludedFromScan/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/excludedFromScan/

Gets the regexes of URLs excluded from the spider scans.

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewAllUrls

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/allUrls/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/allUrls/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/allUrls/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/allUrls/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/allUrls/

Returns a list of unique URLs from the history table based on HTTP messages added by the Spider.

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewAddedNodes

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/addedNodes/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/addedNodes/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/addedNodes/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/addedNodes/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/addedNodes/

Returns a list of the names of the nodes added to the Sites tree by the specified scan.

Parameters

Name In Type Required Description
scanId query integer false none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewDomainsAlwaysInScope

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/domainsAlwaysInScope/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/domainsAlwaysInScope/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/domainsAlwaysInScope/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/domainsAlwaysInScope/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/domainsAlwaysInScope/

Gets all the domains that are always in scope. For each domain the following are shown: the index, the value (domain), if enabled, and if specified as a regex.

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewOptionDomainsAlwaysInScope

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionDomainsAlwaysInScope/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/optionDomainsAlwaysInScope/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/optionDomainsAlwaysInScope/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/optionDomainsAlwaysInScope/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/optionDomainsAlwaysInScope/

Use view domainsAlwaysInScope instead.

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewOptionDomainsAlwaysInScopeEnabled

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionDomainsAlwaysInScopeEnabled/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/optionDomainsAlwaysInScopeEnabled/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/optionDomainsAlwaysInScopeEnabled/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/optionDomainsAlwaysInScopeEnabled/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/optionDomainsAlwaysInScopeEnabled/

Use view domainsAlwaysInScope instead.

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewOptionHandleParameters

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionHandleParameters/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/optionHandleParameters/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/optionHandleParameters/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/optionHandleParameters/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/optionHandleParameters/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewOptionMaxChildren

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionMaxChildren/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/optionMaxChildren/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/optionMaxChildren/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/optionMaxChildren/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/optionMaxChildren/

Gets the maximum number of child nodes (per node) that can be crawled, 0 means no limit.

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewOptionMaxDepth

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionMaxDepth/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/optionMaxDepth/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/optionMaxDepth/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/optionMaxDepth/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/optionMaxDepth/

Gets the maximum depth the spider can crawl, 0 if unlimited.

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewOptionMaxDuration

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionMaxDuration/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/optionMaxDuration/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/optionMaxDuration/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/optionMaxDuration/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/optionMaxDuration/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewOptionMaxParseSizeBytes

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionMaxParseSizeBytes/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/optionMaxParseSizeBytes/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/optionMaxParseSizeBytes/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/optionMaxParseSizeBytes/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/optionMaxParseSizeBytes/

Gets the maximum size, in bytes, that a response might have to be parsed.

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewOptionMaxScansInUI

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionMaxScansInUI/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/optionMaxScansInUI/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/optionMaxScansInUI/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/optionMaxScansInUI/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/optionMaxScansInUI/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewOptionRequestWaitTime

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionRequestWaitTime/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/optionRequestWaitTime/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/optionRequestWaitTime/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/optionRequestWaitTime/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/optionRequestWaitTime/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewOptionScope

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionScope/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/optionScope/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/optionScope/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/optionScope/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/optionScope/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewOptionScopeText

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionScopeText/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/optionScopeText/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/optionScopeText/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/optionScopeText/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/optionScopeText/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewOptionSkipURLString

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionSkipURLString/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/optionSkipURLString/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/optionSkipURLString/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/optionSkipURLString/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/optionSkipURLString/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewOptionThreadCount

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionThreadCount/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/optionThreadCount/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/optionThreadCount/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/optionThreadCount/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/optionThreadCount/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewOptionUserAgent

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionUserAgent/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/optionUserAgent/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/optionUserAgent/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/optionUserAgent/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/optionUserAgent/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewOptionAcceptCookies

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionAcceptCookies/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/optionAcceptCookies/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/optionAcceptCookies/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/optionAcceptCookies/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/optionAcceptCookies/

Gets whether or not a spider process should accept cookies while spidering.

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewOptionHandleODataParametersVisited

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionHandleODataParametersVisited/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/optionHandleODataParametersVisited/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/optionHandleODataParametersVisited/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/optionHandleODataParametersVisited/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/optionHandleODataParametersVisited/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewOptionParseComments

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionParseComments/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/optionParseComments/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/optionParseComments/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/optionParseComments/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/optionParseComments/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewOptionParseGit

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionParseGit/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/optionParseGit/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/optionParseGit/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/optionParseGit/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/optionParseGit/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewOptionParseRobotsTxt

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionParseRobotsTxt/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/optionParseRobotsTxt/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/optionParseRobotsTxt/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/optionParseRobotsTxt/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/optionParseRobotsTxt/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewOptionParseSVNEntries

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionParseSVNEntries/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/optionParseSVNEntries/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/optionParseSVNEntries/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/optionParseSVNEntries/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/optionParseSVNEntries/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewOptionParseSitemapXml

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionParseSitemapXml/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/optionParseSitemapXml/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/optionParseSitemapXml/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/optionParseSitemapXml/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/optionParseSitemapXml/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewOptionPostForm

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionPostForm/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/optionPostForm/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/optionPostForm/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/optionPostForm/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/optionPostForm/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewOptionProcessForm

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionProcessForm/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/optionProcessForm/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/optionProcessForm/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/optionProcessForm/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/optionProcessForm/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewOptionSendRefererHeader

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionSendRefererHeader/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/optionSendRefererHeader/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/optionSendRefererHeader/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/optionSendRefererHeader/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/optionSendRefererHeader/

Gets whether or not the 'Referer' header should be sent while spidering.

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderViewOptionShowAdvancedDialog

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionShowAdvancedDialog/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/view/optionShowAdvancedDialog/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/view/optionShowAdvancedDialog/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/view/optionShowAdvancedDialog/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/view/optionShowAdvancedDialog/

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderActionScan

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/action/scan/ \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/action/scan/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/action/scan/', params={

}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/action/scan/',
  params: {
  }, headers: headers

p JSON.parse(result)

GET /JSON/spider/action/scan/

Runs the spider against the given URL (or context). Optionally, the 'maxChildren' parameter can be set to limit the number of children scanned, the 'recurse' parameter can be used to prevent the spider from seeding recursively, the parameter 'contextName' can be used to constrain the scan to a Context and the parameter 'subtreeOnly' allows to restrict the spider under a site's subtree (using the specified 'url').

Parameters

Name In Type Required Description
url query string false none
maxChildren query integer false none
recurse query boolean false none
contextName query string false none
subtreeOnly query boolean false none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderActionScanAsUser

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/action/scanAsUser/?contextId=0&userId=0 \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/action/scanAsUser/?contextId=0&userId=0");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/action/scanAsUser/', params={
  'contextId': '0',  'userId': '0'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/action/scanAsUser/',
  params: {
  'contextId' => 'integer',
'userId' => 'integer'
}, headers: headers

p JSON.parse(result)

GET /JSON/spider/action/scanAsUser/

Runs the spider from the perspective of a User, obtained using the given Context ID and User ID. See 'scan' action for more details.

Parameters

Name In Type Required Description
contextId query integer true none
userId query integer true none
url query string false none
maxChildren query integer false none
recurse query boolean false none
subtreeOnly query boolean false none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderActionPause

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/action/pause/?scanId=0 \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/action/pause/?scanId=0");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/action/pause/', params={
  'scanId': '0'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/action/pause/',
  params: {
  'scanId' => 'integer'
}, headers: headers

p JSON.parse(result)

GET /JSON/spider/action/pause/

Parameters

Name In Type Required Description
scanId query integer true none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema
default Default unexpected error Error

spiderActionResume

Code samples

# You can also use wget
curl -X GET http://zap/JSON/spider/action/resume/?scanId=0 \
  -H 'Accept: application/json' \
  -H 'X-ZAP-API-Key: API_KEY'

URL obj = new URL("http://zap/JSON/spider/action/resume/?scanId=0");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

import requests
headers = {
  'Accept': 'application/json',
  'X-ZAP-API-Key': 'API_KEY'
}

r = requests.get('http://zap/JSON/spider/action/resume/', params={
  'scanId': '0'
}, headers = headers)

print r.json()

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ZAP-API-Key' => 'API_KEY'
}

result = RestClient.get 'http://zap/JSON/spider/action/resume/',
  params: {
  'scanId' => 'integer'
}, headers: headers

p JSON.parse(result)

GET /JSON/spider/action/resume/

Parameters

Name In Type Required Description
scanId query integer true none

Example responses

default Response

{
  "message": "string",
  "code": 100
}

Responses

Status Meaning Description Schema