Skip to content

Getting Started

It's easy to test your applicationg using Aptori. You only need the following to get started:

  • A description of your API. Aptori can take as input an OpenAPI definition, a Swagger file, a Postman Collection, or an HTTP Archive (HAR).
  • A target URL where the application is running. The target URL may be public or private.
  • User credentials to use the API. You should provide credentials for at least one user for effective testing. We support a variety of authorization plugins by which the authorization can be configured.

Follow these steps to run your first API analysis.

We estimate the effort the be about 1 minute.

1. Add An API

To test an API, you must first create a Project and API in the Aptori UI.

Create API

2. Create A Platform Key

Sift requires a platform key to post analysis results to the Aptori platform. Create a key and save it, as it will only be shown once. You will need to provide the key to Sift to run an analysis.

Create Platform Key

3. Create a Configuration for your Analysis

Create a configuration using the wizard in the Aptori UI. After you have created a configuration, copy the configuration ID by clicking on the ID in the configurations list.

Create Configuration

4. Download the Sift executable

Sift is a versatile command-line interface tool designed for dynamic API testing. It is capable of semantically comprehending your application's API and independently generating and running tests to uncover both security and functional flaws.

Download Sift from the Downloads page in the Aptori UI. Unzip the file to get the Sift executable.

Download Sift

5. Run the Analysis

Run Sift to analyze your application by providing the platform key and the configuration ID as command-line arguments:

$ ./sift run --key <platform-key> --config-id <configuration-id>

Additional Information

Platform Key Environment Variable

You can store the platform key in an environment variable, rather than providing each time as a command-line argument. Set environment variable SIFT_PLATFORM_KEY to the value of the platform key. For example:

$ export SIFT_PLATFORM_KEY="platform-key"
Configuration file

You may also provide configuration as a YAML or JSON file by passing flag --config to Sift. A configuration may be created in the Platform and downloaded as a file, e.g., to store in a source code repository.