> ## Documentation Index
> Fetch the complete documentation index at: https://docs.apyguard.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Security Scanning

# Your First API Security Scan

This guide will walk you through creating your first API collection and running a security scan with ApyGuard.

## Prerequisites

* An ApyGuard account (sign up at [apyguard.com](https://apyguard.com))
* An API specification file (OpenAPI 3.0, Swagger 2.0, or Postman collection)
* Basic understanding of your API endpoints

## Step 1: Create an API Collection

### Option A: Import from File

1. Navigate to **Assets** in your dashboard
2. Click **"Create API Collection"**
3. Choose **"Import API Collection"**

<Frame>
  <img src="https://mintcdn.com/apyguard-390a5608/qk85_EKOZHWubuMo/images/Screenshot-2026-05-12-at-10.05.20.png?fit=max&auto=format&n=qk85_EKOZHWubuMo&q=85&s=06ed6560fe15cf23a20b3e1db93394fc" alt="Screenshot 2026 05 12 At 10 05 20" width="1822" height="850" data-path="images/Screenshot-2026-05-12-at-10.05.20.png" />
</Frame>

## Step 2: Configure Authentication

Before running scans, you need to set up authentication for your API:

### API Key Authentication

1. Go to your asset details → configure scan
2. Select **"Authorization"**
   <Frame>
     <img src="https://mintcdn.com/apyguard-390a5608/qk85_EKOZHWubuMo/images/Screenshot-2026-05-12-at-10.10.40.png?fit=max&auto=format&n=qk85_EKOZHWubuMo&q=85&s=e5357be7c2d6637c055284100cc6d23a" alt="Screenshot 2026 05 12 At 10 10 40" width="1911" height="899" data-path="images/Screenshot-2026-05-12-at-10.10.40.png" />
   </Frame>
3. Choose **"Create Auth Settings"**
4. Choose your authentication method

<Frame>
  <img src="https://mintcdn.com/apyguard-390a5608/qk85_EKOZHWubuMo/images/Screenshot-2026-05-12-at-10.10.47.png?fit=max&auto=format&n=qk85_EKOZHWubuMo&q=85&s=89c8e55f5583cfcf013bdba9b22f4bbb" alt="Screenshot 2026 05 12 At 10 10 47" width="1911" height="899" data-path="images/Screenshot-2026-05-12-at-10.10.47.png" />
</Frame>

### Authorization Verify

Before creating authorization settings you can verify your configuration with detected endpoints.

1. Press create button.
   <Frame>
     <img src="https://mintcdn.com/apyguard-390a5608/qk85_EKOZHWubuMo/images/Screenshot-2026-05-12-at-10.11.10.png?fit=max&auto=format&n=qk85_EKOZHWubuMo&q=85&s=46281e03611ef217ba0b4f433d88bd4c" alt="Screenshot 2026 05 12 At 10 11 10" width="1911" height="899" data-path="images/Screenshot-2026-05-12-at-10.11.10.png" />
   </Frame>
2. See the detected token and move to the auth matrix step.
   <Frame>
     <img src="https://mintcdn.com/apyguard-390a5608/qk85_EKOZHWubuMo/images/Screenshot-2026-05-12-at-10.18.25.png?fit=max&auto=format&n=qk85_EKOZHWubuMo&q=85&s=b8501eef5182af92e61d7d4f58e5e900" alt="Screenshot 2026 05 12 At 10 18 25" width="1911" height="899" data-path="images/Screenshot-2026-05-12-at-10.18.25.png" />

     <img src="https://mintcdn.com/apyguard-390a5608/qk85_EKOZHWubuMo/images/Screenshot-2026-05-12-at-10.18.33.png?fit=max&auto=format&n=qk85_EKOZHWubuMo&q=85&s=e3d0e777735700ad5bde649d66405508" alt="Screenshot 2026 05 12 At 10 18 33" width="1911" height="899" data-path="images/Screenshot-2026-05-12-at-10.18.33.png" />
   </Frame>
3. If needed change the token from the response body on editor.
4. Create your authorization matrix.
   <Frame>
     <img src="https://mintcdn.com/apyguard-390a5608/qk85_EKOZHWubuMo/images/Screenshot-2026-05-12-at-10.18.39.png?fit=max&auto=format&n=qk85_EKOZHWubuMo&q=85&s=ec34167bfa41dd9e11711881d30c5ae4" alt="Screenshot 2026 05 12 At 10 18 39" width="1911" height="899" data-path="images/Screenshot-2026-05-12-at-10.18.39.png" />
   </Frame>

## Step 3: Run Your First Scan

1. Navigate to **"Start Scan"** in your dashboard
   <Frame>
     <img src="https://mintcdn.com/apyguard-390a5608/qk85_EKOZHWubuMo/images/Screenshot-2026-05-12-at-10.23.05.png?fit=max&auto=format&n=qk85_EKOZHWubuMo&q=85&s=d4d7151d61fe38d364a7e25019c24c5b" alt="Screenshot 2026 05 12 At 10 23 05" width="1911" height="899" data-path="images/Screenshot-2026-05-12-at-10.23.05.png" />
   </Frame>
2. Select your Asset and API collection
   <Frame>
     <img src="https://mintcdn.com/apyguard-390a5608/qk85_EKOZHWubuMo/images/Screenshot-2026-05-12-at-10.23.55.png?fit=max&auto=format&n=qk85_EKOZHWubuMo&q=85&s=119cf5f62c71929b3b52db40b2bf942b" alt="Screenshot 2026 05 12 At 10 23 55" width="1911" height="899" data-path="images/Screenshot-2026-05-12-at-10.23.55.png" />
   </Frame>
3. Choose endpoints to scan:
   * **Easy Scan**: Scan selected endpoints with basic tests
   * **Custom Scan**: Select specific endpoints and tests
     <Frame>
       <img src="https://mintcdn.com/apyguard-390a5608/qk85_EKOZHWubuMo/images/Screenshot-2026-05-12-at-10.24.07.png?fit=max&auto=format&n=qk85_EKOZHWubuMo&q=85&s=fcd921ef96f66891e963b040fcd0afba" alt="Screenshot 2026 05 12 At 10 24 07" width="1911" height="899" data-path="images/Screenshot-2026-05-12-at-10.24.07.png" />
     </Frame>
4. For easy scan select the scan type between choices that suits your needs.
   <Frame>
     <img src="https://mintcdn.com/apyguard-390a5608/qk85_EKOZHWubuMo/images/Screenshot-2026-05-12-at-10.25.19.png?fit=max&auto=format&n=qk85_EKOZHWubuMo&q=85&s=c6347b72326360a70bbc90dd91bb8bcb" alt="Screenshot 2026 05 12 At 10 25 19" width="1911" height="899" data-path="images/Screenshot-2026-05-12-at-10.25.19.png" />
   </Frame>
5. For advenced scan you need to choose your scan settings.
   <Frame>
     <img src="https://mintcdn.com/apyguard-390a5608/qk85_EKOZHWubuMo/images/Screenshot-2026-05-12-at-10.29.11.png?fit=max&auto=format&n=qk85_EKOZHWubuMo&q=85&s=0b109d79d1a33f507a5fd686eafa9430" alt="Screenshot 2026 05 12 At 10 29 11" width="1911" height="899" data-path="images/Screenshot-2026-05-12-at-10.29.11.png" />
   </Frame>
   <Frame>
     <img src="https://mintcdn.com/apyguard-390a5608/qk85_EKOZHWubuMo/images/Screenshot-2026-05-12-at-10.29.20.png?fit=max&auto=format&n=qk85_EKOZHWubuMo&q=85&s=4969ac0f8038bb43974158f6e7d176a0" alt="Screenshot 2026 05 12 At 10 29 20" width="1911" height="899" data-path="images/Screenshot-2026-05-12-at-10.29.20.png" />
   </Frame>
6. Select authorization setting to be used in this scan if scan type selected authenticated
   <Frame>
     <img src="https://mintcdn.com/apyguard-390a5608/qk85_EKOZHWubuMo/images/Screenshot-2026-05-12-at-10.29.27.png?fit=max&auto=format&n=qk85_EKOZHWubuMo&q=85&s=b6531af6e73060e796634e4634746c44" alt="Screenshot 2026 05 12 At 10 29 27" width="1911" height="899" data-path="images/Screenshot-2026-05-12-at-10.29.27.png" />
   </Frame>
7. Select the endpoints to be used during the scan.
   <Frame>
     <img src="https://mintcdn.com/apyguard-390a5608/qk85_EKOZHWubuMo/images/Screenshot-2026-05-12-at-10.29.35.png?fit=max&auto=format&n=qk85_EKOZHWubuMo&q=85&s=1c7ea308a624b0f9e62c65141f791c4f" alt="Screenshot 2026 05 12 At 10 29 35" width="1911" height="899" data-path="images/Screenshot-2026-05-12-at-10.29.35.png" />
   </Frame>
8. Select the scan types to be used for this scan.
   <Frame>
     <img src="https://mintcdn.com/apyguard-390a5608/qk85_EKOZHWubuMo/images/Screenshot-2026-05-12-at-10.29.41.png?fit=max&auto=format&n=qk85_EKOZHWubuMo&q=85&s=07e5c2f8789fd5d016ba31af7e836bf5" alt="Screenshot 2026 05 12 At 10 29 41" width="1911" height="899" data-path="images/Screenshot-2026-05-12-at-10.29.41.png" />
   </Frame>
9. Accept nonce verification and start scan.
   <Frame>
     <img src="https://mintcdn.com/apyguard-390a5608/qk85_EKOZHWubuMo/images/Screenshot-2026-05-12-at-10.29.48.png?fit=max&auto=format&n=qk85_EKOZHWubuMo&q=85&s=89d288f7c054063b5ed425fd886fc66c" alt="Screenshot 2026 05 12 At 10 29 48" width="1911" height="899" data-path="images/Screenshot-2026-05-12-at-10.29.48.png" />
   </Frame>

## Step 4: Monitor Scan Progress

* View real-time scan progress in the dashboard
* Monitor endpoint testing status
* Check for any authentication issues
* Review preliminary findings

## Step 5: Review Results

Once the scan completes:

1. **Overview Dashboard**: See high-level security metrics
2. **Vulnerability Details**: Review each finding with:
   * Risk level (Low/Medium/High/Critical)
   * Description and impact
   * Affected endpoints
   * Remediation steps
3. **Risk Score**: Understand your overall API security posture
4. **Export Report**: Generate PDF or JSON reports

## Common First-Time Issues

### Authentication Errors

* **Problem**: Scan fails due to authentication issues
* **Solution**: Verify your API keys/tokens are valid and have proper permissions

### Rate Limiting

* **Problem**: API returns 429 errors during scan
* **Solution**: Adjust scan rate limits in settings or contact API provider

### Missing Endpoints

* **Problem**: Some endpoints not being tested
* **Solution**: Verify your API specification includes all endpoints

## Next Steps

After your first scan:

1. **Review High-Risk Vulnerabilities**: Focus on Critical and High-risk findings first
2. **Set Up Automated Scans**: Configure recurring scans for continuous monitoring
3. **Integrate with CI/CD**: Add security testing to your deployment pipeline
4. **Invite Team Members**: Collaborate with your development team

## Need Help?

* Review the [Quick Start guide](/get-started/quick-start) for the full onboarding path
* Visit [Authorization Settings](/core-workflows/authorization-settings) when a scan needs protected access
* Contact support through the in-app chat

***

**Related Guides:**

* [Authentication Overview](/authentication/overview)
* [Authorization Settings](/core-workflows/authorization-settings)
* [API Collections](/core-workflows/api-collections)
