diff --git a/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/README.md b/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/README.md
index b9f53a4eab95..6f09d6ff272c 100644
--- a/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/README.md
+++ b/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/README.md
@@ -1,34 +1,34 @@
# Snyk API & Web
-Snyk API & Web is a cloud-based dynamic application security testing (DAST) solution that identifies security vulnerabilities in your running web applications and APIs. Snyk API & Web simulates real-world attacks against your deployed applications to discover security issues before attackers can exploit them.
+Snyk API & Web is a cloud-based dynamic application security testing (DAST) solution that identifies security vulnerabilities in your running web applications and APIs. Snyk simulates real-world attacks against your deployed applications to discover security vulnerabilities before attackers can exploit them.
-Modern applications expose complex attack surfaces through web interfaces and API endpoints. Security vulnerabilities in production applications can expose sensitive data, compromise user accounts, and damage the reputation of your organization. Traditional static analysis tools examine code at rest, but many vulnerabilities only appear when code executes in its runtime environment.
+Modern applications expose complex attack surfaces through web interfaces and API endpoints. Security vulnerabilities in production applications can expose sensitive data, compromise user accounts, and damage the reputation of your company. Traditional static analysis tools examine code at rest, but many vulnerabilities only appear when code executes in its runtime environment.
-Snyk API & Web tests your applications in their running state, finding runtime vulnerabilities such as SQL injection, cross-site scripting (XSS), authentication bypasses, and configuration weaknesses. By integrating DAST throughout the software development lifecycle (SDLC), you can catch and fix vulnerabilities before they reach production.
+Snyk tests your applications in their running state, finding runtime vulnerabilities such as SQL injection, cross-site scripting (XSS), authentication bypasses, and configuration weaknesses. By integrating DAST throughout the software development lifecycle (SDLC), you can catch and fix vulnerabilities before they reach production.
## Scan web applications and APIs
-Snyk API & Web supports two scanning approaches:
+Snyk supports two scanning approaches:
-* **Web applications**: The scanner crawls your application, discovers pages and functionality, interacts with forms and buttons, and performs comprehensive security tests across your entire web application.
-* **APIs**: The scanner tests all endpoints defined in your API schema, ensuring complete coverage of your API surface.
+* Web applications: the scanner crawls your application, discovers pages and functionality, interacts with forms and buttons, and performs comprehensive security tests across your entire web application.
+* APIs: the scanner tests all endpoints defined in your API schema to ensure complete coverage of your API surface.
-Configure authentication to scan protected areas accessible only to logged-in users. Snyk API & Web supports multiple authentication methods including login forms, login sequences, Basic Auth, API keys, and two-factor authentication (2FA).
+Configure authentication to scan protected areas accessible only to logged-in users. Snyk supports multiple authentication methods, including login forms, login sequences, Basic Auth, API keys, and two-factor authentication (2FA).
## Test behind authentication
-Snyk API & Web provides flexible authentication options to scan protected application areas:
+Snyk provides flexible authentication options to scan protected application areas:
-* **Login forms and sequences**: Automate login flows using form selectors or recorded browser interactions.
-* **Two-factor authentication**: Support for TOTP-based 2FA (for example, Google Authenticator, Authy) and email/SMS-based OTP.
-* **API authentication**: API keys, login endpoints, and token-based authentication.
-* **Logout detection**: Automatically re-authenticate if your application logs out mid-scan.
+* Login forms and sequences: automate login flows using form selectors or recorded browser interactions.
+* Two-factor authentication: TOTP-based 2FA (for example, Google Authenticator, Authy) and email or SMS-based OTP.
+* API authentication: API keys, login endpoints, and token-based authentication.
+* Logout detection: re-authenticate automatically if your application logs out mid-scan.
Comprehensive authentication support ensures security coverage across your entire application, including administrative interfaces and user-specific functionality.
## Scan internal and private applications
-For applications not accessible from the public internet, deploy the scanning agent in your private network. The agent creates a secure tunnel between Snyk cloud scanning infrastructure and your internal applications, enabling DAST for:
+For applications not accessible from the public internet, deploy the scanning agent in your private network. The agent creates a secure tunnel between Snyk cloud scanning infrastructure and your internal applications to support DAST for:
* Development and staging environments on private networks
* Internal tools and administrative interfaces
@@ -38,22 +38,22 @@ The agent deploys as a Docker container or Kubernetes workload in your infrastru
## Integrate into your development workflow
-Snyk API & Web provides multiple interfaces for integrating security testing into your workflow:
+Snyk provides multiple interfaces for integrating security testing into your workflow:
-* **Web UI**: Configure targets, review findings, and generate reports
-* **REST API**: Programmatic access for custom integrations and automation
-* **CLI**: Command-line interface for scripting and CI/CD pipelines
-* **CI/CD integrations**: Native support for Jenkins, GitHub Actions, GitLab CI, and Azure DevOps
+* Web UI: configure targets, review findings, and generate reports.
+* REST API: programmatic access for custom integrations and automation.
+* CLI: command-line interface for scripting and CI/CD pipelines.
+* CI/CD integrations: native support for Jenkins, GitHub Actions, GitLab CI, and Azure DevOps.
Trigger scans automatically after deployments, fail builds based on vulnerability thresholds, and sync findings with Jira or other ticketing systems to streamline remediation across your development and security teams.
## Prioritize and fix vulnerabilities
-Snyk API & Web detects and reports security vulnerabilities with detailed information including:
+Snyk detects and reports security vulnerabilities with detailed information, including:
-* **Severity ratings**: Automatically assigned based on vulnerability type, exploitability, impact, and scope, with CVSS scores to prioritize fixes.
-* **Affected endpoints**: Specific URLs and API endpoints where vulnerabilities were found
-* **Remediation guidance**: Detailed explanations and recommended fixes for each vulnerability type
-* **Vulnerability evidence**: Evidence demonstrating how the vulnerability can be exploited
+* Severity ratings: Snyk assigns these automatically based on vulnerability type, exploitability, impact, and scope, with CVSS scores to prioritize fixes.
+* Affected endpoints: specific URLs and API endpoints where Snyk finds vulnerabilities.
+* Remediation guidance: detailed explanations and recommended fixes for each vulnerability type.
+* Vulnerability evidence: evidence demonstrating how an attacker can exploit the vulnerability.
-Use customizable scan profiles to balance speed and coverage based on your needs, from lightning-fast SSL/TLS checks for CI/CD gates to comprehensive full scans for thorough security assessments.
+Use customizable scan profiles to balance speed and coverage based on your needs, from fast SSL/TLS checks for CI/CD gates to comprehensive full scans for thorough security assessments.
diff --git a/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-api-targets/configure-message-level-encryption.md b/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-api-targets/configure-message-level-encryption.md
index eeda3223ec91..4186f0fca5ea 100644
--- a/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-api-targets/configure-message-level-encryption.md
+++ b/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-api-targets/configure-message-level-encryption.md
@@ -18,20 +18,20 @@ Additional requirements:
If your target requires requests to be encrypted, configure message level encryption in the Encryption tab.
-1. In Snyk API & Web, navigate to the **Targets** page.
+1. In Snyk, navigate to the **Targets** page.
2. Identify the target you want to configure and click the **gear** icon to access the target settings.
3. Click the **Encryption** tab and configure all fields:
* Upload a certificate with the server public key
* Upload a certificate with the client private key
* Enter the Key ID (KID) to be placed in the JWE header
- * (Optional) Limit the set of URLs that should be encrypted
+ * (Optional) Limit the set of URLs to encrypt
4. Click **Save**.
## Verify encryption
-After you save the configuration, encryption is enabled. The next time you run a scan against this target, Snyk API & Web automatically uses the configured encryption for all requests.
+After you save the configuration, encryption is enabled. The next time you run a scan against this target, Snyk automatically uses the configured encryption for all requests.
{% hint style="info" %}
For your security, all sensitive fields (such as certificates and shared secrets) are obfuscated after they are saved and cannot be viewed or retrieved again.
diff --git a/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-api-targets/configure-postman-collection-targets.md b/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-api-targets/configure-postman-collection-targets.md
index 2f010aeefefb..d732e9d76dd5 100644
--- a/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-api-targets/configure-postman-collection-targets.md
+++ b/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-api-targets/configure-postman-collection-targets.md
@@ -2,7 +2,7 @@
Use Postman Collections to define API endpoints for scanning with Snyk API & Web.
-This article describes how to configure Snyk API & Web to scan API endpoints using a Postman Collection. The configuration involves three main steps:
+Configure Snyk API & Web to scan API endpoints using a Postman Collection. The configuration involves three main steps:
1. Prepare the Postman Collection
2. Configure an API target using the Postman Collection
@@ -10,7 +10,7 @@ This article describes how to configure Snyk API & Web to scan API endpoints usi
## Example scenario
-This guide uses a Postman Collection example with the following requests:
+This example uses a Postman Collection with the following requests:
* **Authenticate and obtain an authentication token** - requires a username and password in the request body.
* **Get a list of users** - requires the authentication token in the request header.
@@ -26,14 +26,14 @@ Prepare the Postman Collection to run the sequence of requests from start to end
* `username`: hard-coded value of the username to obtain the token.
* `password`: hard-coded value of the password to obtain the token.
- * `user_id`: value to get user details by id. You can let the value as null, since it will be set by the script dynamically.
+ * `user_id`: value to get user details by ID. Leave the value as null because the script sets it dynamically.
-
The username and password variables should be set as Shared, so that the exported collection contains their hard-coded values. The user_id variable can be set as Unshared, since the value will be set dynamically by the script.
-2. Navigate to **Environments** to create the variable for storing the authentication token, and other variables that are set in Snyk AI & Web:
- * `bearerToken`: variable to store the authentication token. You can let the value as null, since it will be set by the script dynamically.
- * `baseUrl`: hard-coded value of the API url.
+
Set the username and password variables as Shared, so that the exported collection contains their hard-coded values. Set the user_id variable as Unshared, because the script sets the value dynamically.
+2. Navigate to **Environments** to create the variable for storing the authentication token, and other variables that you set in Snyk API & Web:
+ * `bearerToken`: variable to store the authentication token. Leave the value as null because the script sets it dynamically.
+ * `baseUrl`: hard-coded value of the API URL.
-The configuration of your collection and environments variables, should be looking like the following example:
+Your collection and environment variables look like the following example:
@@ -63,9 +63,9 @@ In this example, the request to obtain user details requires the user identifier
var jsonData = pm.response.json();
pm.collectionVariables.set('user_id', jsonData.results[0].id);
```
-2. Then, navigate to the request that gets the user details and add the `user_id` variable as a parameter.
+2. Navigate to the request that gets the user details and add the `user_id` variable as a parameter.
-The request to get the user details, should be looking like the following example:
+The request to get the user details looks like the following example:
@@ -78,7 +78,7 @@ With all requests configured, run the collection to test it. If there are no iss
After the Postman Collection is prepared and exported, add an API target.
1. Navigate to **Targets** and click **Add**.
-2. Complete the Add target form:
+2. Complete the **Add target** form:
* **Name**: Enter a meaningful identifier for your target.
* **URL**: Enter the base URL for your API.
* **API Type**: Select **API**, then select **Postman Collection**.
@@ -88,10 +88,10 @@ After the Postman Collection is prepared and exported, add an API target.
## Configure Postman environment variables
-In our example, we added two variables to **Environments**: `baseUrl` and `bearerToken`. Since the `baseUrl` was hard-coded in Postman, we also need to set its value in Snyk API & Web.
+This example added two variables to **Environments**: `baseUrl` and `bearerToken`. Because the `baseUrl` was hard-coded in Postman, you must also set its value in Snyk.
{% hint style="info" %}
-For security reasons you might want to set the `password` variable using the [credentials manager](../configure-authentication/manage-credentials.md). Variables added to **Environments** will take precedence to the variables added in the collection.
+For security reasons, set the `password` variable using the [credentials manager](../configure-authentication/manage-credentials.md). Variables added to **Environments** take precedence over the variables added in the collection.
{% endhint %}
### Manual configuration
@@ -107,9 +107,9 @@ Configure environment variables manually in the user interface:
Alternatively, import environment variables using an automated script:
1. In Postman, export the Postman environment to a file.
-2. Retrieve the Python script to import Postman environment variables into Snyk API & Web. This script can be found on the [Probely API Scripts GitHub page](https://github.com/Probely/API_Scripts/blob/master/import_postman_env.py).
+2. Retrieve the Python script to import Postman environment variables into Snyk. Find this script on the [Probely API Scripts GitHub page](https://github.com/Probely/API_Scripts/blob/master/import_postman_env.py).
3. Run the Python script and enter the following values:
- * **Target ID**: The Snyk API & Web identifier of the API target, which can be found in the URL of the API target. For example, the target ID in `https://plus.probely.app/targets/2yzxnYgwmqbd` is `2yzxnYgwmqbd`.
+ * **Target ID**: The Snyk identifier of the API target, which you find in the URL of the API target. For example, the target ID in `https://plus.probely.app/targets/2yzxnYgwmqbd` is `2yzxnYgwmqbd`.
* **Postman collection file**: The file exported from Postman containing the environment variables.
4. Navigate to the **Postman Environment Values** section of the API target to see the newly added environment variables.
@@ -118,5 +118,5 @@ Alternatively, import environment variables using an automated script:
After configuration is complete, the target is ready to scan. [Test your configuration](../test-target-configuration.md) and then run a scan to verify that all requests in the collection are tested.
{% hint style="success" %}
-In this example, the auth request to set the `bearerToken` is the first in the list of the collection, therefore the scan will be able to properly run all the requests. For production scenarios, we recommend that you [configure Postman authentication](../configure-authentication/configure-postman-authentication.md) and enable the **API TARGET AUTHENTICATION** and **LOGOUT DETECTION** in Snyk API & Web.
+In this example, the authentication request to set the `bearerToken` is the first in the list of the collection, so the scan can run all the requests. For production scenarios, Snyk recommends that you [configure Postman authentication](../configure-authentication/configure-postman-authentication.md) and enable **API TARGET AUTHENTICATION** and **LOGOUT DETECTION** in Snyk.
{% endhint %}
diff --git a/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-api-targets/configure-raml-targets.md b/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-api-targets/configure-raml-targets.md
index 52603292c765..8dcec276f8b6 100644
--- a/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-api-targets/configure-raml-targets.md
+++ b/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-api-targets/configure-raml-targets.md
@@ -16,7 +16,7 @@ Change the RAML file extension from `.raml` to `.yaml`.
After you have the file with the new extension, create the target as an OpenAPI target:
1. Navigate to **Targets** and click **Add**.
-2. Complete the Add target form:
+2. Complete the **Add target** form:
- **Name**: Enter a meaningful identifier for your target
- **URL**: Enter the base URL for your API
- **API Type**: Select **API**, then select **OpenAPI**
@@ -24,4 +24,4 @@ After you have the file with the new extension, create the target as an OpenAPI
- **File**: Choose the RAML file with the `.yaml` extension
3. Click **Add**.
-Snyk API & Web performs all necessary conversions, creates the target, and you can scan your RAML API.
+Snyk performs all necessary conversions and creates the target, and you can then scan your RAML API.
diff --git a/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-api-targets/configure-signed-requests.md b/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-api-targets/configure-signed-requests.md
index 957e7c35d1b1..ab04b08c67f1 100644
--- a/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-api-targets/configure-signed-requests.md
+++ b/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-api-targets/configure-signed-requests.md
@@ -18,7 +18,7 @@ Additional requirements:
If your target requires requests to be signed, configure the signature in the target Signature settings.
-1. In Snyk API & Web, navigate to the **Targets** page.
+1. In Snyk, navigate to the **Targets** page.
2. Identify the target you want to configure and click the **gear** icon to access the target settings.
3. Click the **Signature** tab and identify the **SIGNATURE** module.
4. Select the **Signature** you want to use and complete the form accordingly.
@@ -28,7 +28,7 @@ If your target requires requests to be signed, configure the signature in the ta
## Verify signed requests
-After you save the configuration, signed requests are enabled. The next time you run a scan against this target, Snyk API & Web automatically uses the configured signature.
+After you save the configuration, signed requests are enabled. The next time you run a scan against this target, Snyk automatically uses the configured signature.
{% hint style="info" %}
For your security, all sensitive fields (such as certificates and shared secrets) are obfuscated after they are saved and cannot be viewed or retrieved again.
diff --git a/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-authentication/README.md b/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-authentication/README.md
index de061f1368f0..6e37c1cf1351 100644
--- a/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-authentication/README.md
+++ b/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-authentication/README.md
@@ -2,7 +2,7 @@
Configure authentication to scan protected areas of your web application or API.
-Websites and applications can have restricted areas meant for authenticated users only. Configuring authentication allows Snyk API & Web to access these protected areas and identify vulnerabilities within the full scope of your target.
+Websites and applications can have restricted areas meant for authenticated users only. Configuring authentication lets Snyk API & Web access these protected areas and identify vulnerabilities within the full scope of your target.
Authentication options differ between Web targets and API targets. Configure authentication in the **Authentication** section of your target settings.
@@ -38,12 +38,12 @@ Visit [Two-factor authentication](configure-two-factor-authentication.md) and [A
API targets use authentication methods tailored for API security testing. Configuration options depend on your API target (OpenAPI, Postman Collection, or GraphQL).
-API targets authentication methods include:
+API target authentication methods include:
- API keys
- Bearer tokens
-- OAuth authentication flows
+- OAuth authentication flows
- Login endpoints that return authentication tokens
-- Custom Scripts
+- Custom scripts
Visit the following guides for detailed setup steps:
- [OpenAPI authentication](configure-openapi-authentication.md)
@@ -56,7 +56,7 @@ Some authentication features apply to both Web targets and API targets.
### Basic authentication
-Basic authentication uses HTTP Basic Access Authentication, where credentials are sent in the HTTP header. Configure the username and password for the scanner to include in HTTP requests.
+Basic authentication uses HTTP Basic Access Authentication, where the scanner sends credentials in the HTTP header. Configure the username and password for the scanner to include in HTTP requests.
Use this method for applications or APIs that implement the HTTP Basic Auth protocol rather than form-based or token-based authentication.
@@ -66,13 +66,13 @@ Visit [Basic authentication](configure-basic-authentication.md) for configuratio
Logout detection helps the scanner maintain authenticated sessions throughout the scan. Configure indicators that show when the session ends, such as logout URLs, redirects to login pages, or specific page elements that appear only when logged out.
-The scanner monitors these indicators and re-authenticates if the session is lost during scanning.
+The scanner monitors these indicators and re-authenticates if it loses the session during scanning.
Visit [Logout detection](configure-logout-detection.md) for configuration instructions.
### Mutual TLS (mTLS) authentication
-Mutual TLS authentication provides enhanced security by requiring both the client and server to authenticate using digital certificates. Unlike standard TLS which only authenticates the server, mTLS ensures bidirectional authentication.
+Mutual TLS authentication provides enhanced security by requiring both the client and server to authenticate using digital certificates. Unlike standard TLS, which authenticates only the server, mTLS ensures bidirectional authentication.
Upload a client authentication certificate (.p12 or .pfx format) and provide the certificate password. The scanner uses the configured certificate during scans to establish secure mTLS connections with your target.
@@ -82,6 +82,6 @@ Visit [Mutual TLS](configure-mutual-tls.md) for configuration instructions.
### Managing credentials
-Credential management allows you to create reusable authentication credentials and apply them across multiple targets. This simplifies configuration when you have several targets that share the same authentication credentials.
+Credential management lets you create reusable authentication credentials and apply them across multiple targets. This simplifies configuration when you have several targets that share the same authentication credentials.
Visit [Manage credentials](manage-credentials.md) for instructions on creating and managing shared credentials.
\ No newline at end of file
diff --git a/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-authentication/automate-otp-extraction.md b/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-authentication/automate-otp-extraction.md
index edebd5674556..7a565e2c7bda 100644
--- a/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-authentication/automate-otp-extraction.md
+++ b/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-authentication/automate-otp-extraction.md
@@ -2,33 +2,33 @@
Automate the extraction of one-time passwords (OTPs) from email and send them to Snyk API & Web for two-factor authentication.
-When using alternative OTP for two-factor authentication, you need to send the OTP code to Snyk API & Web during scans. You can automate this process by creating scripts that monitor your email, extract the OTP, and submit it via the Snyk API & Web API.
+When using alternative OTP for two-factor authentication, you must send the OTP code to Snyk during scans. You can automate this process by creating scripts that monitor your email, extract the OTP, and submit it using the Snyk API.
This article provides examples for automating OTP extraction using:
* Google Apps Script (for Gmail)
* Microsoft Power Automate (for Outlook)
-## Before you begin
+## Prerequisites
-Ensure you have configured alternative OTP two-factor authentication for your target. Visit [Configure two-factor authentication (2FA)](configure-two-factor-authentication.md) for setup instructions.
+Configure alternative OTP two-factor authentication for your target before proceeding. Visit [Configure two-factor authentication (2FA)](configure-two-factor-authentication.md) for setup instructions.
-You will need the **UNIQUE 2FA CONFIGURATION URL** from your target's Authentication settings.
+You need the **UNIQUE 2FA CONFIGURATION URL** from the Authentication settings of your target.
## Automate OTP extraction from Gmail
Use Google Apps Script to automate OTP extraction from Gmail accounts.
-The script polls emails from the Gmail account, extracts the OTP using a regular expression, and sends it to Snyk API & Web via the API endpoint.
+The script polls emails from the Gmail account, extracts the OTP using a regular expression, and sends it to Snyk through the API endpoint.
### Create the Google Apps Script
-1. Navigate to [https://script.google.com](https://script.google.com) and sign in with the Gmail account that receives OTP emails.
+1. Navigate to [https://script.google.com](https://script.google.com) and log in with the Gmail account that receives OTP emails.
2. Select **My Projects** and click **CREATE APPS SCRIPT**.
-3. Click on the project name "Untitled Project" at the top and enter a meaningful name (for example, "Extract OTPs from Email").
+3. Click the project name "Untitled Project" at the top and enter a meaningful name (for example, "Extract OTPs from Email").
@@ -119,7 +119,7 @@ Customize the **runTask** function with your specific configuration:
**API\_ENDPOINT**
-Replace `` with the URL provided by Snyk API & Web in your target's Authentication settings.
+Replace `` with the URL that Snyk provides in the Authentication settings of your target.
**SUBJECT\_MATCH**
@@ -188,15 +188,13 @@ The trigger executes the **extractOTPFunction** every minute, which runs the **r
Use Microsoft Power Automate to automate OTP extraction from Outlook email accounts.
-This flow retrieves an OTP from an email and sends it to Snyk API & Web via the API endpoint.
+This flow retrieves an OTP from an email and sends it to Snyk through the API endpoint.
### Prerequisites
-Before you begin:
-
* Access to Power Automate (Premium license required for HTTP POST calls)
* An email account configured in Power Automate that receives OTP emails
-* The **UNIQUE 2FA CONFIGURATION URL** from your target's Authentication settings (see [Configure two-factor authentication (2FA)](configure-two-factor-authentication.md))
+* The **UNIQUE 2FA CONFIGURATION URL** from the Authentication settings of your target. Visit [Configure two-factor authentication (2FA)](configure-two-factor-authentication.md).
### Create a new automated cloud flow
@@ -250,7 +248,7 @@ Configure an HTTP action to send the extracted OTP to Snyk API & Web:
3. Configure the HTTP action:
* **Method**: Select **POST**
-* **URI**: Enter the **UNIQUE 2FA CONFIGURATION URL** from your target's Authentication settings
+* **URI**: Enter the **UNIQUE 2FA CONFIGURATION URL** from the Authentication settings of your target
* **Headers**: Add a header with:
* Name: `Content-Type`
* Value: `application/json`
@@ -274,9 +272,9 @@ Configure an HTTP action to send the extracted OTP to Snyk API & Web:
### Troubleshooting
-**Email filtering**: Double-check your subject filters and email criteria to ensure the flow is triggered by the correct emails.
+Email filtering: Double-check your subject filters and email criteria to ensure the correct emails trigger the flow.
-**OTP extraction**: Use the "Test Flow" feature in Power Automate with actual email content to debug your OTP extraction expression. Inspect the outputs of each step to see what data is being processed.
+OTP extraction: Use the "Test Flow" feature in Power Automate with actual email content to debug your OTP extraction expression. Inspect the outputs of each step to see which data Power Automate processes.
## Related content
diff --git a/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-authentication/configure-basic-authentication.md b/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-authentication/configure-basic-authentication.md
index 7cd6e34c583b..511c1632fe8c 100644
--- a/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-authentication/configure-basic-authentication.md
+++ b/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-authentication/configure-basic-authentication.md
@@ -2,9 +2,9 @@
Configure basic authentication to scan targets protected by HTTP Basic Access Authentication.
-Basic authentication is a simple authentication scheme built into the HTTP protocol. When you access a protected resource, the browser prompts you with a dialog to sign in.
+Basic authentication is an authentication scheme built into the HTTP protocol. When you access a protected resource, the browser prompts you with a dialog to log in.
-This authentication process differs from your application's own authentication system and form-based authentication methods. Basic authentication sends credentials in the HTTP header rather than through form submission.
+This authentication process differs from your application's own authentication system and from form-based authentication methods. Basic authentication sends credentials in the HTTP header rather than through form submission.
## Set up basic authentication
@@ -14,6 +14,6 @@ This authentication process differs from your application's own authentication s
4. Enter your credentials (username and password).
5. Click **Save and enable**.
-The credentials are saved and basic authentication is enabled. Snyk API & Web will use these credentials to access and scan your protected application.
+Snyk API & Web saves the credentials and enables basic authentication. Snyk uses these credentials to access and scan your protected application.
You can disable or enable basic authentication anytime using the **Off/On** toggle button, or delete the configuration using the **Delete** button.
diff --git a/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-authentication/configure-graphql-authentication.md b/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-authentication/configure-graphql-authentication.md
index 9850a136a2a8..529553eee4c9 100644
--- a/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-authentication/configure-graphql-authentication.md
+++ b/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-authentication/configure-graphql-authentication.md
@@ -2,9 +2,9 @@
Configure authentication to scan an API using a GraphQL schema.
-If your GraphQL API requires authentication, Snyk API & Web can be configured to run authenticated requests and scan the API endpoints.
+If your GraphQL API requires authentication, you can configure Snyk API & Web to run authenticated requests and scan the API endpoints.
-After adding an API target, configure authentication before starting the scan. Setting authentication before starting the scan is especially important when you select the introspection option for your schema, as it is best practice to allow introspection only to authenticated requests.
+After adding an API target, configure authentication before starting the scan. This is especially important when you select the introspection option for your schema, because best practice is to allow introspection only for authenticated requests.
{% hint style="warning" %}
GraphQL Introspection enabled is considered a Low Severity vulnerability. When enabled, restrict access to your GraphQL API using authentication.
@@ -20,7 +20,7 @@ The authentication scenarios described in [Configure OpenAPI authentication](con
## Use application/graphql media type
-GraphQL also supports `application/graphql` as the authentication media type. This format is supported by GraphQL servers.
+GraphQL also supports `application/graphql` as the authentication media type. GraphQL servers support this format.
When using `application/graphql` as the authentication media type, the request body contains only the raw GraphQL query or mutation string.
@@ -34,11 +34,11 @@ When using `application/graphql` as the authentication media type, the request b
1. Configure the authentication:
1. **AUTHENTICATION MEDIA TYPE**: Select `application/graphql`.
2. **LOGIN URL**: Enter the authentication URL.
- 3. **AUTHENTICATION PAYLOAD**: Enter the GraphQL mutation to be sent in the body of the POST request to the login URL.
-2. Click **Fetch** to authenticate. The **TOKEN SELECTOR** field populates with fields obtained from the authentication response. If authentication fails, an error is displayed.
+ 3. **AUTHENTICATION PAYLOAD**: Enter the GraphQL mutation to send in the body of the POST request to the login URL.
+2. Click **Fetch** to authenticate. The **TOKEN SELECTOR** field populates with fields from the authentication response. If authentication fails, Snyk displays an error.
3. In the **TOKEN SELECTOR**, choose the field that contains the authentication token.
4. In **PLACE TOKEN IN**, choose where to place the token in API requests (usually **header**, but **cookie** is also available).
-5. In **FIELD NAME**, enter the name of the field in the header or cookie that will hold the token.
+5. In **FIELD NAME**, enter the name of the field in the header or cookie that holds the token.
6. (Optional) Set a **VALUE PREFIX** for the token value.
This is often needed for JWTs. For example, if your API requires a header like `Authorization: JWT `, configure:
diff --git a/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-authentication/configure-login-form.md b/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-authentication/configure-login-form.md
index 1a5777754001..125cf181097e 100644
--- a/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-authentication/configure-login-form.md
+++ b/scan-fix-and-prevent/scan-with-snyk/snyk-api-web/configure-targets/configure-authentication/configure-login-form.md
@@ -2,9 +2,9 @@
Configure login form authentication to scan protected areas of your web application that require a username and password login.
-Websites and applications can have restricted areas available only to authenticated users. Configuring authentication allows Snyk API & Web to access these protected areas and identify vulnerabilities within the full scope of your target.
+Websites and applications can have restricted areas available only to authenticated users. Configuring authentication lets Snyk API & Web access these protected areas and identify vulnerabilities within the full scope of your target.
-Create a dedicated user account for testing rather than using a real user account. Snyk API & Web submits forms and clicks buttons during scans, which might create unwanted data in the account.
+Create a dedicated user account for testing rather than using a real user account. Snyk submits forms and clicks buttons during scans, which can create unwanted data in the account.
## Prerequisites
@@ -67,7 +67,7 @@ If your login form requires additional fields beyond username and password, repe
## Add submit button (optional)
-In most cases, Snyk API & Web automatically detects and clicks the correct submit button. However, you may need to specify the submit button if:
+In most cases, Snyk automatically detects and clicks the correct submit button. However, you might need to specify the submit button if:
* The submit button is outside the `