Dynamic Scanning (DAST)

Use the REST API to query dynamic application security testing (DAST) metrics

Table of Contents

Introduction

The DAST API provides a RESTful interface for managing dynamic application security testing scans and querying their results. It offers endpoints to start scans, retrieve findings, manage asset inventory, and perform attack surface scanning.

Base URL

All API endpoints are accessed through the base URL: https://api.<YOUR-TENANT-NAME>.nullify.ai

Replace <YOUR-TENANT-NAME> with your organization's tenant name. For example, if your tenant name is "acme", the base URL would be https://api.acme.nullify.ai.

Get DAST Scans

This endpoint returns the list of all DAST scans that have been run.

Get DAST Scans

get

Returns the list of all the DAST scans that have been run

Query parameters
azureOrganizationIdstringOptional

The Azure organization ID

githubOwnerIdintegerOptional

The Github owner ID

gitlabGroupIdintegerOptional

The GitLab group ID

installationIdstringOptional

The Nullify installation ID

azureRepositoryIdstring[]Optional
githubRepositoryIdinteger[]Optional
githubTeamIdintegerOptional
Responses
200
OK
application/json
get
GET /dast/scans HTTP/1.1
Host: api.<YOUR-TENANT>.nullify.com
Accept: */*
{
  "scans": [
    {
      "appName": "text",
      "endTime": "2025-07-03T05:49:47.875Z",
      "host": "text",
      "id": "text",
      "isExternal": true,
      "progress": 1,
      "startTime": "2025-07-03T05:49:47.875Z",
      "status": "text",
      "taskId": "text",
      "tenantId": "text"
    }
  ]
}
curl -L \
   -H "Accept: application/json" \
   -H "Authorization: Bearer <YOUR-TOKEN>" \
   https://api.<YOUR-TENANT-NAME>.nullify.ai/dast/scans?githubOwnerId=1234

Start DAST Scan

This endpoint starts a new DAST scan against a given API.

Start New DAST Scan

post

Starts are new DAST scan against a given API

Query parameters
azureOrganizationIdstringOptional

The Azure organization ID

githubOwnerIdintegerOptional

The Github owner ID

gitlabGroupIdintegerOptional

The GitLab group ID

installationIdstringOptional

The Nullify installation ID

azureRepositoryIdstring[]Optional
githubRepositoryIdinteger[]Optional
githubTeamIdintegerOptional
azureRepositorystringOptional
githubRepositorystringOptional
Body
appNamestringRequired
azureRepositorystringRequired
githubRepositorystringRequired
hoststringRequired
Responses
200
OK
application/json
post
POST /dast/scans HTTP/1.1
Host: api.<YOUR-TENANT>.nullify.com
Content-Type: application/json
Accept: */*
Content-Length: 196

{
  "appName": "text",
  "authConfig": {
    "headers": {
      "ANY_ADDITIONAL_PROPERTY": "text"
    }
  },
  "azureRepository": "text",
  "githubRepository": "text",
  "host": "text",
  "openAPISpec": {
    "ANY_ADDITIONAL_PROPERTY": "anything"
  }
}
{
  "scanId": "text"
}
curl -X POST \
   -H "Accept: application/json" \
   -H "Authorization: Bearer <YOUR-TOKEN>" \
   -H "Content-Type: application/json" \
   -d '{"appName": "test-app", "host": "api.example.com", "authConfig": {"headers": {}}}' \
   https://api.<YOUR-TENANT-NAME>.nullify.ai/dast/scans?githubOwnerId=1234

Get DAST Scan

This endpoint returns details of a specific DAST scan.

Get DAST Scans

get

Returns the list of all the DAST scans that have been run

Path parameters
scanIdstringRequired
Query parameters
azureOrganizationIdstringOptional

The Azure organization ID

githubOwnerIdintegerOptional

The Github owner ID

gitlabGroupIdintegerOptional

The GitLab group ID

installationIdstringOptional

The Nullify installation ID

azureRepositoryIdstring[]Optional
githubRepositoryIdinteger[]Optional
githubTeamIdintegerOptional
Responses
200
OK
application/json
get
GET /dast/scans/{scanId} HTTP/1.1
Host: api.<YOUR-TENANT>.nullify.com
Accept: */*
{
  "scan": {
    "appName": "text",
    "endTime": "2025-07-03T05:49:47.875Z",
    "host": "text",
    "id": "text",
    "isExternal": true,
    "progress": 1,
    "startTime": "2025-07-03T05:49:47.875Z",
    "status": "text",
    "taskId": "text",
    "tenantId": "text"
  }
}
curl -L \
   -H "Accept: application/json" \
   -H "Authorization: Bearer <YOUR-TOKEN>" \
   https://api.<YOUR-TENANT-NAME>.nullify.ai/dast/scans/01J6EEXK3NKYKWW9XTPQYAF41N?githubOwnerId=1234

Get DAST Findings

This endpoint returns the list of all DAST findings from a specific scan.

Get DAST Findings

get

Returns the list of all the DAST findings from a scan

Path parameters
scanIdstringRequired
Query parameters
azureOrganizationIdstringOptional

The Azure organization ID

githubOwnerIdintegerOptional

The Github owner ID

gitlabGroupIdintegerOptional

The GitLab group ID

installationIdstringOptional

The Nullify installation ID

azureRepositoryIdstring[]Optional
githubRepositoryIdinteger[]Optional
githubTeamIdintegerOptional
Responses
200
OK
application/json
get
GET /dast/scans/{scanId}/findings HTTP/1.1
Host: api.<YOUR-TENANT>.nullify.com
Accept: */*
{
  "findings": [
    {
      "appType": "text",
      "cwe": "text",
      "id": "text",
      "rest": {
        "appName": "text",
        "errorDescription": "text",
        "errorType": "text",
        "host": "text",
        "httpVersion": "text",
        "method": "text",
        "path": "text",
        "previousResponse": "text",
        "queryParameters": {
          "ANY_ADDITIONAL_PROPERTY": "text"
        },
        "requestBody": "text",
        "requestHeader": {
          "ANY_ADDITIONAL_PROPERTY": "text"
        },
        "responseBody": "text",
        "responseHeader": {
          "ANY_ADDITIONAL_PROPERTY": "text"
        },
        "uri": "text",
        "vulnerableParameterName": "text",
        "vulnerableParameterValue": "text"
      },
      "scanner": "text",
      "severity": "text",
      "solution": "text",
      "title": "text"
    }
  ]
}
curl -L \
   -H "Accept: application/json" \
   -H "Authorization: Bearer <YOUR-TOKEN>" \
   https://api.<YOUR-TENANT-NAME>.nullify.ai/dast/scans/01J6EEXK3NKYKWW9XTPQYAF41N/findings?githubOwnerId=1234

Stop DAST Scan

This endpoint requests to stop a running DAST scan.

Stop DAST Scan

post

Request to stop a dast scan

Path parameters
scanIdstringRequired
Query parameters
azureOrganizationIdstringOptional

The Azure organization ID

githubOwnerIdintegerOptional

The Github owner ID

gitlabGroupIdintegerOptional

The GitLab group ID

installationIdstringOptional

The Nullify installation ID

azureRepositoryIdstring[]Optional
githubRepositoryIdinteger[]Optional
githubTeamIdintegerOptional
Responses
200
OK
application/json
post
POST /dast/scans/{scanId}/stop HTTP/1.1
Host: api.<YOUR-TENANT>.nullify.com
Accept: */*
{
  "scan": {
    "appName": "text",
    "endTime": "2025-07-03T05:49:47.875Z",
    "host": "text",
    "id": "text",
    "isExternal": true,
    "progress": 1,
    "startTime": "2025-07-03T05:49:47.875Z",
    "status": "text",
    "taskId": "text",
    "tenantId": "text"
  }
}
curl -X POST \
   -H "Accept: application/json" \
   -H "Authorization: Bearer <YOUR-TOKEN>" \
   https://api.<YOUR-TENANT-NAME>.nullify.ai/dast/scans/01J6EEXK3NKYKWW9XTPQYAF41N/stop?githubOwnerId=1234

Asset Inventory Endpoints

The API provides endpoints to manage your asset inventory:

  • GET /dast/inventory/endpoints - List all HTTP endpoints

  • POST /dast/inventory/endpoints - Register new API endpoints

  • GET /dast/inventory/hosts - List all hosts

  • POST /dast/inventory/hosts - Register new hosts

Last updated

Was this helpful?