API Testing
      Back to home
      1. Help Center
      2. Scanning & Testing
      3. API Testing

      How to maximise coverage for APIs and microservices testing in Edgescan?

      Edgescan performs testing on APIs & Microservices. This can be unauthenticated, authenticated or penetration testing.

      Version Number: v1.0.1

      Published Date: 8 Apr 2024

      ____________________________________________________________________________

      In Edgescan to maximise the coverage during API & Microservice testing we require a manifest file such as a Swagger, Postman or Insomnia file that includes the locations available on the API, and the parameters that should be included in testing.

      Swagger, Postman or Insomnia files can be uploaded directly into the Edgescan platform an associated with your asset.

      The documentation allows us to build the ‘crawl’ with all the defined endpoints as accurate as possible. Authentication information and/or credentials, where required, are also to be included during the onboarding processes.

      ’GraphQL’ APIs can also be used only if Introspection is enabled.

      There are rare occasions where API documentation isn’t available and the API has a GUI wrapper, we may be able to crawl the app like a normal application and harvest the API endpoints.