API Overview
Acunetix 360 API lets client applications view and manipulate scan tasks, view issues, create scan agents, and many more.
Tips To understand how the APIs work, it is highly recommended that you familiarize yourself with the Acunetix 360 workflow for scanning web applications. For further information, see Web Application Security Scanning Flow. |
The API documentation is built with the OpenAPI (formerly Swagger) specification. To see all endpoints and parameters, see Acunetix 360 API Documentation.
Base URL
The base URL is https://online.acunetix360.com/api/1.0
The path and query parameters depend on the endpoint of your request. For example, the scan list is reachable with the following API call https://online.acunetix360.com/api/1.0/scans/list.
Authentication
When you make any calls to the API, you need to provide your User ID and API Token. You can find your user ID and authentication token on your account page. Authentication to the API occurs via HTTP Basic Access Authentication.
The following is an example using the authentication token through cURL:
curl -u "USERID:API-TOKEN" https://online.acunetix360.com/api/1.0/scans/list |
You can access your user ID and API token in your account details.
How to access Your API credentials
- Log in to Acunetix 360.
- Select [Your Name] (top right of the page) > API Settings.
- In the Current Password field, enter your current password.
Information Using the Single Sign-On? If so, Acunetix 360 displays the API Settings page without asking for any password. |
- Select Submit to view your User ID and Token.
How to reset the API token
- Log in to Acunetix 360.
- Select [Your Name] (top right of window) > API Settings.
- In the Current Password field, enter your password and select Submit.
Information Using the Single Sign-On? If so, Acunetix 360 displays the API Settings page without asking for any password. |
- Select Reset API Token.
- From the Reset API Token dialog, select Reset API Token to confirm.
Quick Start Guide
For this quick start guide, we make an API call to /api/1.0/account/me to get details about the user.
Before you can start using the API, you need the following:
- An Acunetix 360 account
- Your User ID and Token
- Make sure you have curl installed on your machine.
How to get your information via an API call
Build your API call
Your API call must have the following components:
- The base URL: https://online.acunetix360.com/api/1.0
- An Authentication: User ID and Token.
- A request.
Make the API call
curl -u "User ID:Token" https://online.acunetix360.com/api/1.0/account/me |
- Copy the curl example.
- Open your favorite text editor.
- Paste the curl example into the text editor.
- Get your User ID and Token. For further information, see Authentication.
- In the curl example, replace the User ID and Token with your credentials.
- Copy the API call that has your authentication information.
- Open a command prompt window.
- Into the command prompt, paste the API call.
- Press Enter.
Methods
Acunetix 360 supports the following methods in API calls:
GET - This method is for retrieving information.
POST - This method is for creating new resources, updating the status, or deleting.
Rate Limits
There is a throttling limit for API endpoints. All endpoints share the same rate limit, except for the allissues endpoint.
The following table shows the rate limits:
Throttle Limits | Minute Limit | Hourly Limit | Daily Limit |
All endpoints | 200 | 7000 | 18000 |
allissues | 10 | 600 | 14400 |
Tips and Troubleshooting
Acunetix 360 does not support the partial API calls. To update any object, for example, a scan profile object, do the following:
- Make a GET request for the scan profile you want to update.
- Update parameters.
- Make a POST request to update the scan profile with new parameters.
Status Codes and Errors
Code | Description | Explanation |
200 | OK | Success. |
201 | Created | The request succeeded, and a new resource was created. |
400 | BadRequest | The server could not understand the request because of the invalid syntax. |
401 | Unauthorized | The access is denied. |
403 | Forbidden | The client does not have access rights to the content; that is, it is unauthorized. |
404 | NotFound | The server cannot find the requested resource. |
429 | Too Many Requests | The user has sent too many requests in a given amount of time ("rate limiting"). |
500 | Internal Server Error | The server has encountered a situation it does not know how to handle. |