Fix APIs in IntelliJ

In Jetbrains IntelliJ IDEA, the OpenAPI (Swagger) Editor extension makes creating and navigating OpenAPI definitions quicker and easier, and you can run Security Audit directly from the editor. You can fix the issues that Security Audit found and then upload the updated API definition to 42Crunch Platform.

The issues represent real concerns in your OpenAPI definition, and they may either prevent API Protection completely, or severely impact its quality. We highly recommend that you fix all found issues.

  1. Install OpenAPI (Swagger) Editor extension to your IntelliJ editor.
  2. Open the API you want in IntelliJ in .json or .yaml format.
  3. To run Security Audit from IntelliJ, click the 42C button at the top edge of the editor. Security Audit checks your API definition and provides audit score and report on the found issues in the editor just like in the platform. The elements containing issues are also marked in your code. For more details, see Audit report in IntelliJ.

    An example screenshot of an audited API definition in IntelliJ.

    The extension uses a token to authenticate to Security Audit. On the first time, you must provide your email address so that we can send you the token, just follow the instructions on the UI. Configuring the token is done only once, on subsequent audits you just click the button.

  4. In the Problems panel, scroll through the issue titles, and click on an issue to jump to view it inline in your API definition. The issues are ordered from most to least severe, so it is easy for fix the worst offenders first. Recommendations are not listed in the Problems panel.
  5. Hover on an element marked in your code to see the list of issues in that spot, and click on the list to filter the text panel to show only these issues.
  6. Edit your API definition to fix found issues, save your changes, and click the 42C button to re-run the audit.

Load audit report from a file

You can open an audit report that has been exported from 42Crunch Platform to view it in your IntelliJ editor without auditing the API again. This way, you can work on fixing audit issues from an audit report that, for example, someone in a different team shared with you.

  1. Obtain the audit report (either from someone else, or download it yourself) from 42Crunch Platform as a JSON file. See Export audit report.
  2. Open the API definition that the audit report was for in IntelliJ, either as .json or .yaml.
  3. Right-click on the API definition, and click Load Security Audit Report from File.

IntelliJ loads the exported report from the file and you can now navigate it just as if the audit had been run in IntelliJ.

If you fix an issue and run Security Audit in IntelliJ to verify your fix, the audit report your loaded from the file is replaced by the report that the IntelliJ extension generated.

The exported audit report is a static file: if you reload the exported report file again after fixing an issue in your API, the report still contains the details of that issue and the place you already fixed is highlighted in the editor.

Upload updated APIs to the platform

After you have edited the OpenAPI definition of your API in IntelliJ, you can upload the updated API definition to 42Crunch Platform without reimporting the API.

Uploading a new API definition for an imported API overwrites the API definition currently stored in 42Crunch Platform. If you have also edited the OpenAPI definition in Security Editor, these changes are lost if you have not included them in the file you are uploading.

  1. Go to the API you want to update, and click > Update definition.
  2. Select the file to upload.
  3. Click Update definition.

The OpenAPI definition of the API you selected in 42Crunch Platform is replaced with the one you uploaded. Security Audit audits the uploaded API definition and recalculates the audit score for the API.

Uploading an API definition changes the format (JSON or YAML) of the API in the platform to match the uploaded file. If you upload a .json file, the API definition in the platform will now be in JSON format. Same applies uploading a YAML file. You can switch between the JSON and YAML format as needed, see Convert APIs.

You can also integrate Security Audit with your CI/CD pipeline so that any changes to APIs in your project are automatically audited for security. For more details, see CI/CD integration.