PortSwigger website screenshot

PortSwigger

PortSwigger is the UK-based security research company behind Burp Suite, the industry-standard web and API security testing platform used by penetration testers and enterprise AppSec teams worldwide. The platform is available as Burp Suite Community Edition (free), Burp Suite Professional (manual testing toolkit), and Burp Suite DAST (enterprise dynamic application security testing). Developers can automate and integrate with Burp Suite DAST via a GraphQL API and a REST API, both secured with API key authentication. PortSwigger also provides the Montoya extension API for building custom Burp Suite extensions and an official MCP Server extension that bridges Burp Suite with AI clients such as Claude Desktop.

5 APIs 0 Features
SecurityWeb SecurityPenetration TestingDASTAPI SecurityDeveloper Tools

APIs

Burp Suite DAST GraphQL API

The primary API for integrating with Burp Suite DAST, recommended for all new integrations. Exposes the broadest range of functionality including managing sites, initiating and ...

Burp Suite DAST REST API

A REST API for Burp Suite DAST that offers compatibility for users familiar with the Burp Suite Professional API. Supports initiating scans from CI/CD systems and failing builds...

Burp Suite Professional REST API

A local REST API built into Burp Suite Professional that allows external tools to interact with the running Burp Suite instance. Accessible at a configurable local service URL a...

Burp Suite Montoya Extension API

The Java-based extension API for building custom Burp Suite extensions (BApps). The Montoya API is the current standard for extension development, superseding the legacy Wiener ...

Burp Suite MCP Server

An official Model Context Protocol (MCP) server extension for Burp Suite that bridges Burp Suite capabilities to AI clients such as Claude Desktop. Runs as an SSE server on loca...

GraphQL

PortSwigger GraphQL

PortSwigger exposes a native GraphQL API for Burp Suite DAST (Dynamic Application Security Testing). This is the recommended integration path for all new Burp Suite DAST integra...

GRAPHQL

Pricing Plans

Rate Limits

Portswigger Rate Limits

3 limits

RATE LIMITS

FinOps

Semantic Vocabularies

Portswigger Context

39 classes · 4 properties

JSON-LD

Resources

🔗
Website
Website
🔗
Documentation
Documentation
👥
GitHubOrganization
GitHubOrganization
🔗
LinkedIn
LinkedIn
📰
Blog
Blog
💰
Pricing
Pricing
🔗
X
X
📄
ReleaseNotes
ReleaseNotes
🔗
Plans
Plans
🔗
RateLimits
RateLimits
🔗
FinOps
FinOps

Sources

apis.yml Raw ↑
aid: portswigger
name: PortSwigger
description: PortSwigger is the UK-based security research company behind Burp Suite, the industry-standard web and API security
  testing platform used by penetration testers and enterprise AppSec teams worldwide. The platform is available as Burp Suite
  Community Edition (free), Burp Suite Professional (manual testing toolkit), and Burp Suite DAST (enterprise dynamic application
  security testing). Developers can automate and integrate with Burp Suite DAST via a GraphQL API and a REST API, both secured
  with API key authentication. PortSwigger also provides the Montoya extension API for building custom Burp Suite extensions
  and an official MCP Server extension that bridges Burp Suite with AI clients such as Claude Desktop.
type: Index
image: https://kinlane-images.s3.amazonaws.com/shared/apis-json/apis-json-logo.jpg
tags:
- Security
- Web Security
- Penetration Testing
- DAST
- API Security
- Developer Tools
url: https://raw.githubusercontent.com/api-evangelist/portswigger/refs/heads/main/apis.yml
created: '2026-06-12'
modified: '2026-06-12'
specificationVersion: '0.19'
apis:
- aid: portswigger:dast-graphql-api
  name: Burp Suite DAST GraphQL API
  description: The primary API for integrating with Burp Suite DAST, recommended for all new integrations. Exposes the broadest
    range of functionality including managing sites, initiating and monitoring scans, retrieving vulnerability issues, configuring
    agents, and generating reports. Authenticated via API key in the Authorization header at the endpoint your-server/graphql/v1.
  humanURL: https://portswigger.net/burp/documentation/dast/user-guide/api-documentation/graphql-api
  baseURL: https://your-server/graphql/v1
  tags:
  - GraphQL
  - DAST
  - Security Scanning
  - Automation
  properties:
  - type: Documentation
    url: https://portswigger.net/burp/documentation/dast/user-guide/api-documentation/graphql-api
  - type: GraphQLSchema
    url: https://portswigger.net/burp/extensibility/enterprise/graphql-api/index.html
  - url: graphql/portswigger-graphql.md
    type: GraphQL
- aid: portswigger:dast-rest-api
  name: Burp Suite DAST REST API
  description: A REST API for Burp Suite DAST that offers compatibility for users familiar with the Burp Suite Professional
    API. Supports initiating scans from CI/CD systems and failing builds on issue detection. The API is self-documenting via
    interactive docs served at the server URL; API key authentication is required. GraphQL is recommended for new integrations
    as REST exposes a more limited feature set.
  humanURL: https://portswigger.net/burp/documentation/dast/user-guide/api-documentation/rest
  tags:
  - REST
  - DAST
  - CI/CD
  - Security Scanning
  properties:
  - type: Documentation
    url: https://portswigger.net/burp/documentation/dast/user-guide/api-documentation/rest
- aid: portswigger:professional-rest-api
  name: Burp Suite Professional REST API
  description: A local REST API built into Burp Suite Professional that allows external tools to interact with the running
    Burp Suite instance. Accessible at a configurable local service URL and API key combination. Supports API-key-based authentication
    and exposes interactive documentation via the running service endpoint. Intended for local automation and tool integration
    during manual penetration testing workflows.
  humanURL: https://portswigger.net/burp/documentation/desktop/settings/suite/rest-api
  tags:
  - REST
  - Professional
  - Penetration Testing
  - Local API
  properties:
  - type: Documentation
    url: https://portswigger.net/burp/documentation/desktop/settings/suite/rest-api
- aid: portswigger:montoya-extension-api
  name: Burp Suite Montoya Extension API
  description: The Java-based extension API for building custom Burp Suite extensions (BApps). The Montoya API is the current
    standard for extension development, superseding the legacy Wiener API. Extensions can be published to the BApp Store.
    The API is distributed via Maven and documented with full Javadoc reference; example implementations are available on
    GitHub.
  humanURL: https://portswigger.github.io/burp-extensions-montoya-api/javadoc/burp/api/montoya/MontoyaApi.html
  tags:
  - Java
  - Extension API
  - SDK
  - BApp Store
  properties:
  - type: Documentation
    url: https://portswigger.github.io/burp-extensions-montoya-api/javadoc/burp/api/montoya/MontoyaApi.html
  - type: GitHubRepository
    url: https://github.com/PortSwigger/burp-extensions-montoya-api
- aid: portswigger:mcp-server
  name: Burp Suite MCP Server
  description: An official Model Context Protocol (MCP) server extension for Burp Suite that bridges Burp Suite capabilities
    to AI clients such as Claude Desktop. Runs as an SSE server on localhost port 9876, exposing Burp Suite tools including
    proxy history access, HTTP request sending, Collaborator payload generation, Repeater tab creation, and configuration
    management. Includes an installer that automatically configures compatible AI clients.
  humanURL: https://portswigger.net/bappstore/9952290f04ed4f628e624d0aa9dccebc
  tags:
  - MCP
  - AI
  - Claude
  - Security Testing
  properties:
  - type: Documentation
    url: https://portswigger.net/bappstore/9952290f04ed4f628e624d0aa9dccebc
  - type: GitHubRepository
    url: https://github.com/PortSwigger/mcp-server
common:
- type: Website
  url: https://portswigger.net
- type: Documentation
  url: https://portswigger.net/burp/documentation
- type: GitHubOrganization
  url: https://github.com/portswigger
- type: LinkedIn
  url: https://www.linkedin.com/company/portswigger
- type: Blog
  url: https://portswigger.net/blog
- type: Pricing
  url: https://portswigger.net/pricing
- type: X
  url: https://twitter.com/PortSwigger
- type: ReleaseNotes
  url: https://portswigger.net/burp/releases
- type: Plans
  url: plans/portswigger-plans-pricing.yml
- type: RateLimits
  url: rate-limits/portswigger-rate-limits.yml
- type: FinOps
  url: finops/portswigger-finops.yml
maintainers:
- FN: Kin Lane
  email: kin@apievangelist.com