Fix APIs in Security Editor
You can use Security Editor to edit API definitions and fix the issues that Security Audit found in your API directly in 42Crunch Platform.
The issues represent real concerns in your OpenAPI definition, and they may either prevent API Protection completely, or severely impact its quality. We highly recommend that you fix all found issues.
- In 42Crunch Platform, find the API you want, and click to view the API summary. The quickest way to find API definitions in 42Crunch Platform is to click Find API in the main menu.
- Click the Security Editor tab. You can see the OpenAPI definition of your API in the editor on the left, and the list of issues that Security Audit found on the right.
The API definition is shown in the format it was imported in the platform. Use the toggles to switch between the JSON and YAML view. If the YAML structure is not valid, you cannot switch to YAML view, or save the API definition in YAML format.
- To filter which issues are shown, you can either search the list of found issues, or select from the dropdown list how severe issues are shown. By default, all issues are shown.
The report shows the impact of each issue is, so you can prioritize what to fix first. The list of found issues shows how many points each issue deducted from the audit score of the API. If the issue occurred multiple times, the total impact from all occurrences is shown. The more dots an issue has, the more severe it is. Fixing the issues with the biggest impact on the score is the fastest way to a better audit score.
- Click an issue on the list to see where in the API definition the issue is located. To get more details on the issue, the possible security risks involved, and the remediation, click the How to fix button.
- Edit the API definition as needed, and click Save and re-test to update the API definition. Security Audit checks the fix and recalculates the audit score.
If you switch the format in the editor and save the API definition, it is converted to the new format. For more details, see Convert APIs.
For a practical example, check out Tutorial 4: Fixing security issues in Security Editor.
If you have fixed an API definition in 42Crunch Platform and you need to provide the API elsewhere, you can download the fixed API definition from the platform.
The API is downloaded in its current format (JSON or YAML). If the current format is not what you need, you can switch the format.
- Go to the API that you want to download, and click > Download definition.
- Select either to download the API definition file, or to copy the definition to the clipboard and paste where you want it.
- When you are ready, click Close.