Use Conformance Scan v1

API Conformance Scan is a dynamic runtime analysis of your API to check that the implementation behind your API and the behavior of the backend service matches the contract set out in the OpenAPI (formerly known as Swagger) definition of the API.

Both OpenAPI Specification v2 and v3 are supported.

The scan generates real traffic to the selected API endpoint and could incur costs depending on your setup.

For best results, make sure that your OpenAPI definition is valid and well-formatted before you scan it. The API must be deployed so that the API endpoint is live, and the backend server your API uses must be accessible to Conformance Scan. Otherwise the API cannot be scanned.

Conformance Scan can have potential side effects: APIs can throw exceptions, fail, and data can be affected. As per our terms and conditions, you must only scan APIs that you own, and only against non-production systems and non-production data! Do not use Conformance Scan in production environment!

Set a reference scan configuration

Reference scan configuration is the quality reference for the API: the statistics and results from the reference scan configuration are the ones shown, for example, on the API summary page. Once you know which of the scan configurations is most representative of the API as a whole, you can set that one as the reference configuration.

  1. Go to the API you want, click Conformance Scan > Configurations.
  2. Find the scan configuration you want, and click > Set as reference.

The scan configuration you selected is set as the reference scan configuration for your API and its scan status on the API summary page and in the API collection is updated accordingly. If you run scan using another scan configuration, the results shown on the API summary do not change when the scan process finish, but you can view the results of other scan configurations through the list of scan reports.

An example screenshot showing the Pixi API with four different scan configurations: one for Scan v1 in platform, one for Scan v1 on premises, and two configurations for Scan v2, one of which is not valid when compared against the OpenAPI defiinition of the API. The default scan configuration has been selected as the reference scan configuration.

If you want to use Scan v1 as your quality reference for Conformance Scan, then the results from the latest scan (whether run on premises or on the platform) are shown, because the underlying scan configuration is the same. For example, if you want to use on-premises Scan v1 as your reference scan configuration but your latest Scan v1 was run on 42Crunch Platform, the results from the platform scan are shown on the API summary tab. To switch to showing the results of the on-premises configuration, simply run Scan v1 on premises again.

Because the reference scan configuration is needed to provide scan statistics for your API, you cannot delete that scan configuration before you choose a new reference scan configuration.