Fix APIs in Security Editor

You can use Security Editor to edit API definitions and fix the issues that Security Audit found in your API directly in 42Crunch Platform.

The issues represent real concerns and security risks in your API definition, and they may either prevent API Protection completely, or severely impact its quality. We highly recommend that you fix all found issues.

  1. In 42Crunch Platform, find the API you want, and click to view the API summary. The quickest way to find API definitions in 42Crunch Platform is to click Find API in the main menu.
  2. Click the Security Editor tab. You can see the API definition of your API in the editor on the left, and the list of issues that Security Audit found on the right.

    OpenAPI definitions are shown in the format they were imported in to the platform. Use the toggles to switch between the JSON and YAML view. If the JSON or YAML structure currently in the Security Editor is not valid, you cannot switch the format or save the API definition.

  3. To filter which issues are shown, you can either search the list of found issues, or select from the dropdown list how severe issues are shown. By default, all issues are shown.

    The report shows the impact of each issue is, so you can prioritize what to fix first. The list of found issues shows how many points each issue deducted from the audit score of the API. If the issue occurred multiple times, the total impact from all occurrences is shown. Fixing the issues with the biggest impact on the score is the fastest way to a better audit score.

  4. Click an issue on the list to see where in the API definition the issue is located. To get more details on the issue, the possible security risks involved, and the remediation, click the How to fix button.

    An example screenshot of Security Editor with encyclopedia article open on the right.

  5. Edit the API definition as needed, and click Save and re-test to update the API definition. Security Audit checks the fix and recalculates the audit score.

    If you switch the format in the editor and save the API definition, it is converted to the new format. For more details, see Convert APIs.

For a practical example, check out Tutorial 4: Fixing security issues in Security Editor.

Did the whitespace in JSON get messed up when fixing your OpenAPI definition? Do you have integers with zero fractions (like 42.0), perhaps due to the framework used to produce your OpenAPI definition? To fix these quickly, click Reformat to run your API definition through a JSON parser and reformat it.

Download fixed API definitions

If you have fixed an API definition in 42Crunch Platform and you need to provide the API elsewhere, you can download the fixed API definition from the platform. Just go to the API that you want to download, and click > Download definition.

OpenAPI definitions are downloaded in their current format (JSON or YAML). If the current format is not what you need, you can switch the format.

What is...

API Security Audit

Security Editor and extensions for third-party editors

APIs and API collections

API Scan

Customizations

Security quality gates

How to...

Audit API security

Fix APIs

Import APIs

Define security quality gates

Learn more...

x-42c extensions