Is it possible to use the service if I don't have any API definition?
Definitely yes! Use our simple 3-step wizard to create an API profile by entering information about your API host, resources and headers. You need to do it just once.
Who can scan my API?
Since some scanning rules are potentially dangerous, API owners only are allowed to scan their API. Once your API profile is created, we'll provide you with straightforward instruction how to confirm API ownership.
When do I need to start API security audit?
Our service can scan APIs that are available online. Even if your API is not in production, pay attention to its security as early as possible. Sapience can be used by development and QA teams to find and fix vulnerabilities before you go live.
My API is vulnerable. What are my next steps?
Vulnerabilities discovery is the essence of our service, but the ultimate goal of Sapience is to help you to fix security issues. That's why our scanning report contains practical solutions and recommendations.
What kind of API do you support?
Sapience focuses on RESTful APIs, which are one of the most spread application programming interfaces for web systems nowadays. If your API is not RESTful, but you still like our service and want to use it - please contact us.
Do you offer plans for non-profits?
We support the open source community and certain non-profits that align with our team's values. Please contact us to see if you qualify.