OWASP ZAP
OWASP ZAP (Zed Attack Proxy) is an open source web application security scanner for finding vulnerabilities in APIs and web applications during development and testing. ZAP exposes a comprehensive HTTP API for controlling and automating scans, spidering, authentication, alerts, reporting, and more.
1 APIs
0 Features
Security TestingApplication SecurityVulnerability ScanningTestingOpen Source
APIs
OWASP ZAP API
The HTTP API for controlling and accessing ZAP. Supports automation of access control scans, active and passive scanning, spidering, authentication, alerts, contexts, reports, s...
Collections
ZAP API
OPENPricing Plans
Rate Limits
FinOps
Owasp Zap Finops
FINOPSResources
🔗
VulnerabilityDisclosure
VulnerabilityDisclosure
🔗
DomainSecurity
DomainSecurity
🔑
Authentication
Authentication
📰
Blog
Blog
🔗
Website
Website
🔗
Documentation
Documentation
🔗
API Documentation
API Documentation
👥
GitHubOrganization
GitHubOrganization
🔗
Download
Download
🔗
Community
Community
Sources
opencollection: 1.0.0
info:
name: ZAP API
version: 2.16.1
items:
- info:
name: accessControl
type: folder
items:
- info:
name: accessControlActionScan
type: http
http:
method: GET
url: http://zap/JSON/accessControl/action/scan/
params:
- name: contextId
value: ''
type: query
- name: userId
value: ''
type: query
- name: scanAsUnAuthUser
value: ''
type: query
- name: raiseAlert
value: ''
type: query
- name: alertRiskLevel
value: ''
type: query
docs: 'Starts an Access Control scan with the given context ID and user ID. (Optional parameters: user ID for Unauthenticated
user, boolean identifying whether or not Alerts are raised, and the Risk level for the Alerts.) [This assumes the Access
Control rules were previously established via ZAP gui and the necessary Context exported/imported.]'
- info:
name: accessControlActionWriteHTMLreport
type: http
http:
method: GET
url: http://zap/JSON/accessControl/action/writeHTMLreport/
params:
- name: contextId
value: ''
type: query
- name: fileName
value: ''
type: query
docs: 'Generates an Access Control report for the given context ID and saves it based on the provided filename (path). '
- info:
name: accessControlViewGetScanProgress
type: http
http:
method: GET
url: http://zap/JSON/accessControl/view/getScanProgress/
params:
- name: contextId
value: ''
type: query
docs: Gets the Access Control scan progress (percentage integer) for the given context ID.
- info:
name: accessControlViewGetScanStatus
type: http
http:
method: GET
url: http://zap/JSON/accessControl/view/getScanStatus/
params:
- name: contextId
value: ''
type: query
docs: Gets the Access Control scan status (description string) for the given context ID.
- info:
name: acsrf
type: folder
items:
- info:
name: acsrfActionAddOptionToken
type: http
http:
method: GET
url: http://zap/JSON/acsrf/action/addOptionToken/
params:
- name: String
value: ''
type: query
docs: Adds an anti-CSRF token with the given name, enabled by default
- info:
name: acsrfActionRemoveOptionToken
type: http
http:
method: GET
url: http://zap/JSON/acsrf/action/removeOptionToken/
params:
- name: String
value: ''
type: query
docs: Removes the anti-CSRF token with the given name
- info:
name: acsrfActionSetOptionPartialMatchingEnabled
type: http
http:
method: GET
url: http://zap/JSON/acsrf/action/setOptionPartialMatchingEnabled/
params:
- name: Boolean
value: ''
type: query
docs: Define if ZAP should detect CSRF tokens by searching for partial matches.
- info:
name: acsrfOtherGenForm
type: http
http:
method: GET
url: http://zap/OTHER/acsrf/other/genForm/
params:
- name: hrefId
value: ''
type: query
description: Define which request will be used
- name: actionUrl
value: ''
type: query
description: Define the action URL to be used in the generated form
docs: Generate a form for testing lack of anti-CSRF tokens - typically invoked via ZAP
- info:
name: acsrfViewOptionPartialMatchingEnabled
type: http
http:
method: GET
url: http://zap/JSON/acsrf/view/optionPartialMatchingEnabled/
docs: Define if ZAP should detect CSRF tokens by searching for partial matches
- info:
name: acsrfViewOptionTokensNames
type: http
http:
method: GET
url: http://zap/JSON/acsrf/view/optionTokensNames/
docs: Lists the names of all anti-CSRF tokens
- info:
name: ajaxSpider
type: folder
items:
- info:
name: ajaxSpiderActionAddAllowedResource
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/action/addAllowedResource/
params:
- name: regex
value: ''
type: query
description: The regular expression of the allowed resource.
- name: enabled
value: ''
type: query
description: If the allowed resource should be enabled or not.
docs: Adds an allowed resource.
- info:
name: ajaxSpiderActionAddExcludedElement
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/action/addExcludedElement/
params:
- name: contextName
value: ''
type: query
description: The name of the context.
- name: description
value: ''
type: query
description: The description of the excluded element.
- name: element
value: ''
type: query
description: The element to exclude.
- name: xpath
value: ''
type: query
description: The XPath of the element.
- name: text
value: ''
type: query
description: The text of the element.
- name: attributeName
value: ''
type: query
description: The attribute name of the element.
- name: attributeValue
value: ''
type: query
description: The attribute value of the element.
- name: enabled
value: ''
type: query
description: The enabled state, true or false.
docs: Adds an excluded element to a context.
- info:
name: ajaxSpiderActionModifyExcludedElement
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/action/modifyExcludedElement/
params:
- name: contextName
value: ''
type: query
description: The name of the context.
- name: description
value: ''
type: query
description: The description of the excluded element.
- name: element
value: ''
type: query
description: The element to exclude.
- name: descriptionNew
value: ''
type: query
description: The new description.
- name: xpath
value: ''
type: query
description: The XPath of the element.
- name: text
value: ''
type: query
description: The text of the element.
- name: attributeName
value: ''
type: query
description: The attribute name of the element.
- name: attributeValue
value: ''
type: query
description: The attribute value of the element.
- name: enabled
value: ''
type: query
description: The enabled state, true or false.
docs: Modifies an excluded element of a context.
- info:
name: ajaxSpiderActionRemoveAllowedResource
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/action/removeAllowedResource/
params:
- name: regex
value: ''
type: query
description: The regular expression of the allowed resource.
docs: Removes an allowed resource.
- info:
name: ajaxSpiderActionRemoveExcludedElement
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/action/removeExcludedElement/
params:
- name: contextName
value: ''
type: query
description: The name of the context.
- name: description
value: ''
type: query
description: The description of the excluded element.
docs: Removes an excluded element from a context.
- info:
name: ajaxSpiderActionScan
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/action/scan/
params:
- name: url
value: ''
type: query
description: The starting URL (needs to include the 'scheme').
- name: inScope
value: ''
type: query
description: A boolean (true/false) indicating whether or not the scan should be restricted to 'inScope' only resources
(default value is false).
- name: contextName
value: ''
type: query
description: The name for any defined context. If the value does not match a defined context then an error will occur.
- name: subtreeOnly
value: ''
type: query
description: A boolean (true/false) indicating whether or not the crawl should be constrained to a specific path (default
value is false).
docs: Runs the AJAX Spider against a given target.
- info:
name: ajaxSpiderActionScanAsUser
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/action/scanAsUser/
params:
- name: contextName
value: ''
type: query
description: The name for any defined context. If the value does not match a defined context then an error will occur.
- name: userName
value: ''
type: query
description: The name of the user to be used when crawling. The "userName" should be previously defined on the context
configuration.
- name: url
value: ''
type: query
description: The starting URL (needs to include the 'scheme').
- name: subtreeOnly
value: ''
type: query
description: A boolean (true/false) indicating whether or not the crawl should be constrained to a specific path (default
value is false).
docs: Runs the AJAX Spider from the perspective of a User of the web application.
- info:
name: ajaxSpiderActionSetEnabledAllowedResource
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/action/setEnabledAllowedResource/
params:
- name: regex
value: ''
type: query
description: The regular expression of the allowed resource.
- name: enabled
value: ''
type: query
description: If the allowed resource should be enabled or not.
docs: Sets whether or not an allowed resource is enabled.
- info:
name: ajaxSpiderActionSetOptionBrowserId
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/action/setOptionBrowserId/
params:
- name: String
value: ''
type: query
description: The name of the browser to be used by the AJAX Spider. (See the Selenium add-on help for a list of supported
browsers.)
docs: Sets the configuration of the AJAX Spider to use one of the supported browsers.
- info:
name: ajaxSpiderActionSetOptionClickDefaultElems
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/action/setOptionClickDefaultElems/
params:
- name: Boolean
value: ''
type: query
description: A boolean (true/false) indicating if only default elements such as 'a' 'button' 'input' should be clicked
(default is true).
docs: Sets whether or not the AJAX Spider will only click on the default HTML elements.
- info:
name: ajaxSpiderActionSetOptionClickElemsOnce
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/action/setOptionClickElemsOnce/
params:
- name: Boolean
value: ''
type: query
description: A boolean (true/false) indicating whether or not the AJAX Spider should only click on elements once.
If this is set to false, the crawler will attempt to click multiple times; which is more rigorous but may take considerably
more time (default is true).
docs: When enabled, the crawler attempts to interact with each element (e.g., by clicking) only once.
- info:
name: ajaxSpiderActionSetOptionEnableExtensions
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/action/setOptionEnableExtensions/
params:
- name: Boolean
value: ''
type: query
- info:
name: ajaxSpiderActionSetOptionEventWait
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/action/setOptionEventWait/
params:
- name: Integer
value: ''
type: query
description: The time that the AJAX Spider should wait for each event (default is 1000 milliseconds).
docs: 'Sets the time to wait after an event (in milliseconds). For example: the wait delay after the cursor hovers over
an element, in order for a menu to display, etc.'
- info:
name: ajaxSpiderActionSetOptionLogoutAvoidance
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/action/setOptionLogoutAvoidance/
params:
- name: Boolean
value: ''
type: query
description: A boolean (true/false) indicating if logout elements should be avoided (default is false).
docs: Sets whether or not the AJAX Spider should avoid clicking logout elements.
- info:
name: ajaxSpiderActionSetOptionMaxCrawlDepth
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/action/setOptionMaxCrawlDepth/
params:
- name: Integer
value: ''
type: query
description: The maximum depth that the crawler should explore (zero means unlimited depth, default is 10).
docs: Sets the maximum depth that the crawler can reach.
- info:
name: ajaxSpiderActionSetOptionMaxCrawlStates
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/action/setOptionMaxCrawlStates/
params:
- name: Integer
value: ''
type: query
description: The maximum number of states that the AJAX Spider should explore (zero means unlimited crawl states,
default is 0)
docs: Sets the maximum number of states that the crawler should crawl.
- info:
name: ajaxSpiderActionSetOptionMaxDuration
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/action/setOptionMaxDuration/
params:
- name: Integer
value: ''
type: query
description: The maximum amount of time that the AJAX Spider is allowed to run (zero means unlimited running time,
default is 60 minutes).
docs: The maximum time that the crawler is allowed to run.
- info:
name: ajaxSpiderActionSetOptionNumberOfBrowsers
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/action/setOptionNumberOfBrowsers/
params:
- name: Integer
value: ''
type: query
description: The number of windows that the AJAX Spider can use. The more windows, the faster the process will be.
However, more windows also means greater resource usage (CPU, Memory, etc), and could lead to concurrency issues
depending on the app being explored (default is 1).
docs: Sets the number of windows to be used by AJAX Spider.
- info:
name: ajaxSpiderActionSetOptionRandomInputs
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/action/setOptionRandomInputs/
params:
- name: Boolean
value: ''
type: query
description: A boolean (true/false) indicating whether or not random values should be use in form fields. Otherwise,
empty values are submitted (default is true).
docs: When enabled, inserts random values into form fields.
- info:
name: ajaxSpiderActionSetOptionReloadWait
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/action/setOptionReloadWait/
params:
- name: Integer
value: ''
type: query
description: The number of milliseconds the AJAX Spider should wait after a page is loaded (default is 1000).
docs: Sets the time to wait after the page is loaded before interacting with it.
- info:
name: ajaxSpiderActionSetOptionScopeCheck
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/action/setOptionScopeCheck/
params:
- name: String
value: ''
type: query
description: The scope check, either Strict or Flexible. Any other value will result in setting the default (Strict).
docs: Sets the scope check.
- info:
name: ajaxSpiderActionStop
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/action/stop/
docs: Stops the AJAX Spider.
- info:
name: ajaxSpiderViewAllowedResources
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/view/allowedResources/
docs: Gets the allowed resources. The allowed resources are always fetched even if out of scope, allowing to include necessary
resources (e.g. scripts) from 3rd-parties.
- info:
name: ajaxSpiderViewExcludedElements
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/view/excludedElements/
params:
- name: contextName
value: ''
type: query
description: The name of the context.
docs: Gets the excluded elements. The excluded elements are not clicked during crawling, for example, to prevent logging
out.
- info:
name: ajaxSpiderViewFullResults
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/view/fullResults/
docs: Gets the full crawled content detected by the AJAX Spider. Returns a set of values based on 'inScope' URLs, 'outOfScope'
URLs, and 'errors' encountered during the last/current run of the AJAX Spider.
- info:
name: ajaxSpiderViewNumberOfResults
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/view/numberOfResults/
docs: Gets the number of resources found.
- info:
name: ajaxSpiderViewOptionBrowserId
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/view/optionBrowserId/
docs: Gets the configured browser to use for crawling.
- info:
name: ajaxSpiderViewOptionClickDefaultElems
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/view/optionClickDefaultElems/
docs: Gets the configured value for 'Click Default Elements Only', HTML elements such as 'a', 'button', 'input', all associated
with some action or links on the page.
- info:
name: ajaxSpiderViewOptionClickElemsOnce
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/view/optionClickElemsOnce/
docs: Gets the value configured for the AJAX Spider to know if it should click on the elements only once.
- info:
name: ajaxSpiderViewOptionEnableExtensions
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/view/optionEnableExtensions/
- info:
name: ajaxSpiderViewOptionEventWait
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/view/optionEventWait/
docs: 'Gets the time to wait after an event (in milliseconds). For example: the wait delay after the cursor hovers over
an element, in order for a menu to display, etc.'
- info:
name: ajaxSpiderViewOptionLogoutAvoidance
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/view/optionLogoutAvoidance/
docs: Gets the value of the Logout Avoidance option.
- info:
name: ajaxSpiderViewOptionMaxCrawlDepth
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/view/optionMaxCrawlDepth/
docs: Gets the configured value for the max crawl depth.
- info:
name: ajaxSpiderViewOptionMaxCrawlStates
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/view/optionMaxCrawlStates/
docs: Gets the configured value for the maximum crawl states allowed.
- info:
name: ajaxSpiderViewOptionMaxDuration
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/view/optionMaxDuration/
docs: Gets the configured max duration of the crawl, the value is in minutes.
- info:
name: ajaxSpiderViewOptionNumberOfBrowsers
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/view/optionNumberOfBrowsers/
docs: Gets the configured number of browsers to be used.
- info:
name: ajaxSpiderViewOptionRandomInputs
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/view/optionRandomInputs/
docs: Gets if the AJAX Spider will use random values in form fields when crawling, if set to true.
- info:
name: ajaxSpiderViewOptionReloadWait
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/view/optionReloadWait/
docs: Gets the configured time to wait after reloading the page, this value is in milliseconds.
- info:
name: ajaxSpiderViewOptionScopeCheck
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/view/optionScopeCheck/
docs: Gets the configured scope check.
- info:
name: ajaxSpiderViewResults
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/view/results/
params:
- name: start
value: ''
type: query
description: The position (or offset) within the results to use as a starting position for the information returned.
- name: count
value: ''
type: query
description: The number of results to return.
docs: Gets the current results of the crawler.
- info:
name: ajaxSpiderViewStatus
type: http
http:
method: GET
url: http://zap/JSON/ajaxSpider/view/status/
docs: Gets the current status of the crawler. Actual values are Stopped and Running.
- info:
name: alert
type: folder
items:
- info:
name: alertActionAddAlert
type: http
http:
method: GET
url: http://zap/JSON/alert/action/addAlert/
params:
- name: messageId
value: ''
type: query
description: The ID of the message to which the alert should be associated.
- name: name
value: ''
type: query
description: The name of the alert.
- name: riskId
value: ''
type: query
description: The numeric risk representation ('0 - Informational' through '3 - High').
- name: confidenceId
value: ''
type: query
description: The numeric confidence representation ('1 - Low' through '3 - High' [user set values '0 - False Positive',
and '4 - User Confirmed' are also available]).
- name: description
value: ''
type: query
description: The description to be set to the alert.
- name: param
value: ''
type: query
description: The name of the parameter applicable to the alert.
- name: attack
value: ''
type: query
description: 'The attack (ex: injected string) used by the scan rule.'
- name: otherInfo
value: ''
type: query
description: Other information about the alert or test.
- name: solution
value: ''
type: query
description: The solution for the alert.
- name: references
value: ''
type: query
description: The reference details for the alert.
- name: evidence
value: ''
type: query
description: The evidence associated with the alert.
- name: cweId
value: ''
type: query
description: The CWE identifier associated with the alert.
- name: wascId
value: ''
type: query
description: The WASC identifier associated with the alert.
docs: Add an alert associated with the given message ID, with the provided details. (The ID of the created alert is returned.)
- info:
name: alertActionDeleteAlert
type: http
http:
method: GET
url: http://zap/JSON/alert/action/deleteAlert/
params:
- name: id
value: ''
type: query
docs: 'Deletes the alert with the given ID. '
- info:
name: alertActionDeleteAlerts
type: http
http:
method: GET
url: http://zap/JSON/alert/action/deleteAlerts/
params:
- name: contextName
value: ''
type: query
description: The name of the Context for which the alerts should be deleted.
- name: baseurl
value: ''
type: query
description: The highest URL in the Sites tree under which alerts should be deleted.
- name: riskId
value: ''
type: query
description: The numeric risk representation ('0 - Informational' through '3 - High').
docs: Deletes all the alerts optionally filtered by URL which fall within the Context with the provided name, risk, or
base URL.
- info:
name: alertActionDeleteAllAlerts
type: http
http:
method: GET
url: http://zap/JSON/alert/action/deleteAllAlerts/
docs: Deletes all alerts of the current session.
- info:
name: alertActionUpdateAlert
type: http
http:
method: GET
url: http://zap/JSON/alert/action/updateAlert/
params:
- name: id
value: ''
type: query
description: The ID of the alert to update.
- name: name
value: ''
type: query
description: The name of the alert.
- name: riskId
value: ''
type: query
description: The numeric risk representation ('0 - Informational' through '3 - High').
- name: confidenceId
value: ''
type: query
description: The numeric confidence representation ('1 - Low' through '3 - High' [user set values '0 - False Positive',
and '4 - User Confirmed' are also available]).
- name: description
value: ''
type: query
description: The description to be set to the alert.
- name: param
value: ''
type: query
description: The name of the parameter applicable to the alert.
- name: attack
value: ''
type: query
description: 'The attack (ex: injected string) used by the scan rule.'
- name: otherInfo
value: ''
type: query
description: Other information about the alert or test.
- name: solution
value: ''
type: query
description: The solution for the alert.
- name: references
value: ''
type: query
description: The reference details for the alert.
- name: evidence
value: ''
type: query
description: The evidence associated with the alert.
- name: cweId
value: ''
type: query
description: The CWE identifier associated with the alert.
- name: wascId
value: ''
type: query
description: The WASC identifier associated with the alert.
docs: Update the alert with the given ID, with the provided details.
- info:
name: alertActionUpdateAlertsConfidence
type: http
http:
method: GET
url: http://zap/JSON/alert/action/updateAlertsConfidence/
params:
- name: ids
value: ''
type: query
description: The IDs of the alerts to update (comma separated values).
- name: confidenceId
value: ''
type: query
description: The numeric confidence representation ('1 - Low' through '3 - High' [user set values '0 - False Positive',
and '4 - User Confirmed' are also available]).
docs: Update the confidence of the alerts.
- info:
name: alertActionUpdateAlertsRisk
type: http
http:
method: GET
url: http://zap/JSON/alert/action/updateAlertsRisk/
params:
- name: ids
value: ''
type: query
description: The IDs of the alerts to update (comma separated values).
- name: riskId
value: ''
type: query
description: The numeric risk representation ('0 - Informational' through '3 - High').
docs: Update the risk of the alerts.
- info:
name: alertViewAlert
type: http
http:
method: GET
url: http://zap/JSON/alert/view/alert/
params:
- name: id
value: ''
type: query
docs: Gets the alert with the given ID, the corresponding HTTP message can be obtained with the 'messageId' field and
'message' API method
- info:
name: alertViewAlertCountsByRisk
type: http
http:
method: GET
url: http://zap/JSON/alert/view/alertCountsByRisk/
params:
- name: url
value: ''
type: query
- name: recurse
value: ''
type: query
docs: Gets a count of the alerts, optionally filtered as per alertsPerRisk
- info:
name: alertViewAlerts
type: http
http:
method: GET
url: http://zap/JSON/alert/view/alerts/
params:
- name: baseurl
value: ''
type: query
description: The highest URL in the Sites tree under which alerts should be included.
- name: start
value: ''
type: query
- name: count
value: ''
type: query
- name: riskId
value: ''
type: query
- name: contextName
value: ''
type: query
description: Optionally, the Context name which the Alerts' URLs are associated with.
docs: Gets the alerts raised by ZAP, optionally filtering by URL or riskId, and paginating with 'start' position and 'count'
of alerts
- info:
name: alertViewAlertsByRisk
type: http
http:
method: GET
url: http://zap/JSON/alert/view/alertsByRisk/
params:
- name: url
value: ''
type: query
- name: recurse
value: ''
type: query
docs: Gets a summary of the alerts, optionally filtered by a 'url'. If 'recurse' is true then all alerts that apply to
urls that start with the specified 'url' will be returned, otherwise only those on exactly the same 'url' (ignoring
url parameters)
- info:
name: alertViewAlertsSummary
type: http
http:
method: GET
url: http://zap/JSON/alert/view/alertsSummary/
params:
- name: baseurl
value: ''
type: query
description: The highest URL in the Sites tree under which alerts should be included.
docs: Gets number of alerts grouped by each risk level, optionally filtering by URL
- info:
name: alertViewNumberOfAlerts
type: http
http:
method: GET
url: http://zap/JSON/alert/view/numberOfAlerts/
params:
- name: baseurl
value: ''
type: query
description: The highest URL in the Sites tree under which alerts should be included.
- name: riskId
value: ''
type: query
docs: Gets the number of alerts, optionally filtering by URL or riskId
- info:
name: alertFilter
type: folder
items:
- info:
name: alertFilterActionAddAlertFilter
type: http
http:
method: GET
url: http://zap/JSON/alertFilter/action/addAlertFilter/
params:
- name: contextId
value: ''
type: query
description: The numeric ID of the context for which the filter should be added.
- name: ruleId
value: ''
type: query
description: The numeric ID of the rule for which the filter should apply.
- name: newLevel
value: ''
type: query
description: The numeric risk representation ('0 - Informational' through '3 - High') ['-1 - False Positive'].
- name: url
value: ''
type: query
description: The URL for which the filter should apply (can be regex).
- name: urlIsRegex
value: ''
type: query
description: A boolean indicating whether or not the URL is a regex.
- name: parameter
value: ''
type: query
description: The parameter name for which the filter should apply (can be regex).
- name: enabled
value: ''
type: query
description: A boolean indicating whether or not the filter should be enabled.
- name: parameterIsRegex
value: ''
type: query
description: A boolean indicating whether or not the parameter name is a regex.
- name: attack
value: ''
type: query
description: The attack value for which the filter should apply (can be regex).
- name: at
# --- truncated at 32 KB (249 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/owasp-zap/refs/heads/main/apis.yml