-
Notifications
You must be signed in to change notification settings - Fork 229
docs: apply Snyk writing-style skill to Snyk API & Web pages #1357
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -2,15 +2,15 @@ | |||||
|
|
||||||
| Use Postman Collections to define API endpoints for scanning with Snyk API & Web. | ||||||
|
|
||||||
| This article describes how to configure Snyk API & Web to scan API endpoints using a Postman Collection. The configuration involves three main steps: | ||||||
| Configure Snyk API & Web to scan API endpoints using a Postman Collection. The configuration involves three main steps: | ||||||
|
|
||||||
| 1. Prepare the Postman Collection | ||||||
| 2. Configure an API target using the Postman Collection | ||||||
| 3. Configure the API target with Postman environment variables | ||||||
|
|
||||||
| ## Example scenario | ||||||
|
|
||||||
| This guide uses a Postman Collection example with the following requests: | ||||||
| This example uses a Postman Collection with the following requests: | ||||||
|
|
||||||
| * **Authenticate and obtain an authentication token** - requires a username and password in the request body. | ||||||
| * **Get a list of users** - requires the authentication token in the request header. | ||||||
|
|
@@ -26,14 +26,14 @@ Prepare the Postman Collection to run the sequence of requests from start to end | |||||
|
|
||||||
| * `username`: hard-coded value of the username to obtain the token. | ||||||
| * `password`: hard-coded value of the password to obtain the token. | ||||||
| * `user_id`: value to get user details by id. You can let the value as null, since it will be set by the script dynamically. | ||||||
| * `user_id`: value to get user details by ID. Leave the value as null because the script sets it dynamically. | ||||||
|
|
||||||
| <div data-gb-custom-block data-tag="hint" data-style="info" class="hint hint-info"><p>The <code>username</code> and <code>password</code> variables should be set as <strong>Shared</strong>, so that the exported collection contains their hard-coded values. The <code>user_id</code> variable can be set as <strong>Unshared</strong>, since the value will be set dynamically by the script.</p></div> | ||||||
| 2. Navigate to **Environments** to create the variable for storing the authentication token, and other variables that are set in Snyk AI & Web: | ||||||
| * `bearerToken`: variable to store the authentication token. You can let the value as null, since it will be set by the script dynamically. | ||||||
| * `baseUrl`: hard-coded value of the API url. | ||||||
| <div data-gb-custom-block data-tag="hint" data-style="info" class="hint hint-info"><p>Set the <code>username</code> and <code>password</code> variables as <strong>Shared</strong>, so that the exported collection contains their hard-coded values. Set the <code>user_id</code> variable as <strong>Unshared</strong>, because the script sets the value dynamically.</p></div> | ||||||
| 2. Navigate to **Environments** to create the variable for storing the authentication token, and other variables that you set in Snyk API & Web: | ||||||
| * `bearerToken`: variable to store the authentication token. Leave the value as null because the script sets it dynamically. | ||||||
| * `baseUrl`: hard-coded value of the API URL. | ||||||
|
|
||||||
| The configuration of your collection and environments variables, should be looking like the following example: | ||||||
| Your collection and environment variables look like the following example: | ||||||
|
|
||||||
| <figure><img src="../../../../.gitbook/assets/configure-postman-collection-targets-variables.png" alt="Collection and environment variables showing username, password, user_id, bearerToken and baseUrl variables"><figcaption></figcaption></figure> | ||||||
|
|
||||||
|
|
@@ -63,9 +63,9 @@ In this example, the request to obtain user details requires the user identifier | |||||
| var jsonData = pm.response.json(); | ||||||
| pm.collectionVariables.set('user_id', jsonData.results[0].id); | ||||||
| ``` | ||||||
| 2. Then, navigate to the request that gets the user details and add the `user_id` variable as a parameter. | ||||||
| 2. Navigate to the request that gets the user details and add the `user_id` variable as a parameter. | ||||||
|
|
||||||
| The request to get the user details, should be looking like the following example: | ||||||
| The request to get the user details looks like the following example: | ||||||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
|
||||||
|
|
||||||
| <figure><img src="../../../../.gitbook/assets/configure-postman-collection-targets-user-details.png" alt="User details request showing the variables in request and the authorization header configuration"><figcaption></figcaption></figure> | ||||||
|
|
||||||
|
|
@@ -78,7 +78,7 @@ With all requests configured, run the collection to test it. If there are no iss | |||||
| After the Postman Collection is prepared and exported, add an API target. | ||||||
|
|
||||||
| 1. Navigate to **Targets** and click **Add**. | ||||||
| 2. Complete the Add target form: | ||||||
| 2. Complete the **Add target** form: | ||||||
| * **Name**: Enter a meaningful identifier for your target. | ||||||
| * **URL**: Enter the base URL for your API. | ||||||
| * **API Type**: Select **API**, then select **Postman Collection**. | ||||||
|
|
@@ -88,10 +88,10 @@ After the Postman Collection is prepared and exported, add an API target. | |||||
|
|
||||||
| ## Configure Postman environment variables | ||||||
|
|
||||||
| In our example, we added two variables to **Environments**: `baseUrl` and `bearerToken`. Since the `baseUrl` was hard-coded in Postman, we also need to set its value in Snyk API & Web. | ||||||
| This example added two variables to **Environments**: `baseUrl` and `bearerToken`. Because the `baseUrl` was hard-coded in Postman, you must also set its value in Snyk. | ||||||
|
|
||||||
| {% hint style="info" %} | ||||||
| For security reasons you might want to set the `password` variable using the [credentials manager](../configure-authentication/manage-credentials.md). Variables added to **Environments** will take precedence to the variables added in the collection. | ||||||
| For security reasons, set the `password` variable using the [credentials manager](../configure-authentication/manage-credentials.md). Variables added to **Environments** take precedence over the variables added in the collection. | ||||||
| {% endhint %} | ||||||
|
|
||||||
| ### Manual configuration | ||||||
|
|
@@ -107,9 +107,9 @@ Configure environment variables manually in the user interface: | |||||
| Alternatively, import environment variables using an automated script: | ||||||
|
|
||||||
| 1. In Postman, export the Postman environment to a file. | ||||||
| 2. Retrieve the Python script to import Postman environment variables into Snyk API & Web. This script can be found on the [Probely API Scripts GitHub page](https://github.com/Probely/API_Scripts/blob/master/import_postman_env.py). | ||||||
| 2. Retrieve the Python script to import Postman environment variables into Snyk. Find this script on the [Probely API Scripts GitHub page](https://github.com/Probely/API_Scripts/blob/master/import_postman_env.py). | ||||||
| 3. Run the Python script and enter the following values: | ||||||
| * **Target ID**: The Snyk API & Web identifier of the API target, which can be found in the URL of the API target. For example, the target ID in `https://plus.probely.app/targets/2yzxnYgwmqbd` is `2yzxnYgwmqbd`. | ||||||
| * **Target ID**: The Snyk identifier of the API target, which you find in the URL of the API target. For example, the target ID in `https://plus.probely.app/targets/2yzxnYgwmqbd` is `2yzxnYgwmqbd`. | ||||||
| * **Postman collection file**: The file exported from Postman containing the environment variables. | ||||||
| 4. Navigate to the **Postman Environment Values** section of the API target to see the newly added environment variables. | ||||||
|
|
||||||
|
|
@@ -118,5 +118,5 @@ Alternatively, import environment variables using an automated script: | |||||
| After configuration is complete, the target is ready to scan. [Test your configuration](../test-target-configuration.md) and then run a scan to verify that all requests in the collection are tested. | ||||||
|
|
||||||
| {% hint style="success" %} | ||||||
| In this example, the auth request to set the `bearerToken` is the first in the list of the collection, therefore the scan will be able to properly run all the requests. For production scenarios, we recommend that you [configure Postman authentication](../configure-authentication/configure-postman-authentication.md) and enable the **API TARGET AUTHENTICATION** and **LOGOUT DETECTION** in Snyk API & Web. | ||||||
| In this example, the authentication request to set the `bearerToken` is the first in the list of the collection, so the scan can run all the requests. For production scenarios, Snyk recommends that you [configure Postman authentication](../configure-authentication/configure-postman-authentication.md) and enable **API TARGET AUTHENTICATION** and **LOGOUT DETECTION** in Snyk. | ||||||
| {% endhint %} | ||||||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -16,12 +16,12 @@ Change the RAML file extension from `.raml` to `.yaml`. | |
| After you have the file with the new extension, create the target as an OpenAPI target: | ||
|
|
||
| 1. Navigate to **Targets** and click **Add**. | ||
| 2. Complete the Add target form: | ||
| 2. Complete the **Add target** form: | ||
| - **Name**: Enter a meaningful identifier for your target | ||
| - **URL**: Enter the base URL for your API | ||
| - **API Type**: Select **API**, then select **OpenAPI** | ||
| - **OpenAPI schema upload**: Select this option | ||
| - **File**: Choose the RAML file with the `.yaml` extension | ||
| 3. Click **Add**. | ||
|
|
||
| Snyk API & Web performs all necessary conversions, creates the target, and you can scan your RAML API. | ||
| Snyk performs all necessary conversions and creates the target, and you can then scan your RAML API. | ||
|
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This sentence is a bit of a mouthful. I would amend to "Snyk performs all necessary conversions, creates the target, then enables you to scan your RAML API." |
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would either remove "In Snyk" or specify where in the UI you are e.g. Homepage