Web App Scanning: OpenAPI Specification by URL

A new setting has been added to the Tenable-provided API Scan template that enables users to provide a URL for the OpenAPI specification for the RESTful API they want to scan. This new functionality adds a layer of convenience over the file upload option, and the URL is checked before every scan to ensure that the API specification is up to date.

A new parameter called openapi_file_url has been added to the settings.scope object to support this new feature. The new parameter is described in the following table:

Body ParameterData TypeDescription
settings.scope.openapi_file_urlstringThe URL for the OpenAPI specification describing the RESTful API that you want to scan. The URL must start with http:// or https:// and end with .json, .yaml, or .yml.

This change affects the following endpoints:

POST /was/v2/configsCreate scan configurationCreates a new scan configuration.
PUT /was/v2/configs/{config_id}Upsert scan configurationUpdates an existing scan configuration or creates a new scan configuration.