SUPPORT

Contact Support

OPEN A TICKET

API Overview

Netsparker Enterprise API lets client applications view and manipulate scan tasks, view issues, create scan agents, and many more.

To understand how the APIs work, it is highly recommended that you familiarize yourself with the Netsparker workflow for scanning web applications. For further information, see Web Application Security Scanning Flow.

The API documentation is built with the OpenAPI (formerly Swagger) specification. To see all endpoints and parameters, see Netsparker Enterprise API Documentation.

Base URL

The base URL is https://www.netsparkercloud.com/api/1.0

The path and query parameters depend on the endpoint of your request. For example, the scan list is reachable with the following API call https://www.netsparkercloud.com/api/1.0/scans/list.

Authentication

When you make any calls to the API, you need to provide your User ID and API Token. You can find your user ID and authentication token on your account page. Authentication to the API occurs via HTTP Basic Access Authentication.

The following is an example using the authentication token through cURL:

curl -u "USERID:API-TOKEN" https://www.netsparkercloud.com/api/1.0/scans/list

You can access your user ID and API token in your account details.

How to access Your API credentials
  1. Log in to Netsparker Enterprise.

  1. Select [Your Name] (top right of the window) > API Settings
  2. In the Current Password field, enter your current password.
Using the Single Sign-On? If so, Netsparker displays the API Settings page without asking any password.
  1. Select Submit to view your User ID and Token.
How to reset the API token
  1. Log in to Netsparker Enterprise.
  2. Select [Your Name] (top right of window) > API Settings
  3. In the Current Password field, enter your password and select Submit.
Using the Single Sign-On? If so, Netsparker displays the API Settings page without asking any password.
  1. Select Reset API Token.

  1. From the Reset API Token dialog, select Reset API Token to confirm.

Methods

Netsparker supports the following methods in API calls:

GET This method is for retrieving information.

POST This method is for creating new resources, updating the status, or deleting.

Rate Limits

There is a throttling limit for API endpoints. All endpoints share the same rate limit, except for the allissues endpoint.

The following table shows the rate limits:

Throttle Limits

Minute Limit

Hourly Limit

Daily Limit

All endpoints

200

7000

18000

allissues

50

7000

18000

Tips and Troubleshooting

Netsparker does not support the partial API calls. To update any object, for example, a scan profile object, do the following:

  1. Make a GET request for the scan profile you want to update.
  2. Update parameters.
  3. Make a POST request to update the scan profile with new parameters.

Status Codes and Errors

Code

Description

Explanation

200

OK

Success.

201

Created

The request succeeded, and a new resource was created.

400

BadRequest

The server could not understand the request because of the invalid syntax.

401

Unauthorized

The access is denied.

403

Forbidden

The client does not have access rights to the content; that is, it is unauthorized.

404

NotFound

The server cannot find the requested resource.

429

Too Many Requests

The user has sent too many requests in a given amount of time ("rate limiting").

500

Internal Server Error

The server has encountered a situation it does not know how to handle.

Netsparker

Highly accurate, fast & easy-to-use Web Application Security Scanner

Get a demo