OWASP ZAP · Authentication Profile

Owasp Zap Authentication

Authentication

OWASP ZAP secures its APIs with apiKey across 2 declared security schemes, as derived from its OpenAPI definitions.

Security TestingApplication SecurityVulnerability ScanningTestingOpen Source
Methods: apiKey Schemes: 2 OAuth flows: API key in: header, query

Security Schemes

apiKeyHeader apiKey
· in: header (X-ZAP-API-Key)
apiKeyQuery apiKey
· in: query (apikey)

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/owasp-zap-openapi.yml
summary:
  types:
  - apiKey
  api_key_in:
  - header
  - query
schemes:
- name: apiKeyHeader
  type: apiKey
  in: header
  parameter: X-ZAP-API-Key
  sources:
  - openapi/owasp-zap-openapi.yml
- name: apiKeyQuery
  type: apiKey
  in: query
  parameter: apikey
  sources:
  - openapi/owasp-zap-openapi.yml