Occasionally, API Scan might fail to scan your API. The reason for this could be, for example:

• Invalid OpenAPI definition: You API definition has critical errors that are preventing API Scan from running. For example, the structure of your API might not conform to the OAS. Use API Security Audit to check your API definition and fix any found issues in Security Editor, then try API Scan again.
• Invalid scan configuration: The configuration you set up for the scan does not match your API definition and thus is not valid. For example, you might have chosen an authentication method that does not match the ones defined in your API definition. Try configuring and running API Scan again, making sure the authentication details match your API definition.
• Scan cannot reach API endpoint: API Scan tried to run the scan but failed to reach the API endpoint you had selected for the scan. The API host could be down, or there could be an error in the URL, especially if entered a custom URL. Check the URL and the host of your API and try again.
• Timeout: The scan took longer than the maximum scan duration (3600 seconds).