edit

API Documentation

This document serves as the API Reference Guide for webGuard.

Authentication

Login and Registration

All APIs are authenticated and need a session token to perform tasks. Following is the endpoint to login or register in webGuard.

Key	Description
Method	POST
Endpoint	/api/login
Required Parameters	username, password, action

The parameter action can be either one of register or login.

Sample Request

POST /api/login HTTP/1.1

username=wUser&password=wPassword&action=login

Sample Response

HTTP/1.1 200 OK
Content-Type: application/json
Set-Cookie:  sessionid=tjnsv3q1shc35kryz5ea3alzz0x54wl8;

{
    "status": true, 
    "message": "Login Success"
}

Logout

To destroy the session and stop all running ZAP Instances linked to the session, a logout call needs to be made.

Key	Description
Method	GET
Endpoint	/api/logout

Sample Request

GET /api/logout HTTP/1.1
Cookie: sessionid=tjnsv3q1shc35kryz5ea3alzz0x54wl8;

Sample Response

HTTP/1.1 200 OK
Content-Type: application/json

{
    "message": "Logged Out"
}

ZAP Instances

Following set of APIs provide access to starting, stopping and listing running ZAP Instances for the current session.

Start ZAP Instance