naftiko: 1.0.0-alpha2 info: label: ZAP API description: The HTTP API for controlling and accessing ZAP. tags: - Owasp - Zap - API created: '2026-05-06' modified: '2026-05-06' capability: consumes: - type: http namespace: owasp-zap baseUri: http://zap description: ZAP API HTTP API. authentication: type: apikey in: header name: X-ZAP-API-Key value: '{{OWASP_ZAP_TOKEN}}' resources: - name: json-accesscontrol-action-scan path: /JSON/accessControl/action/scan/ operations: - name: accesscontrolactionscan method: GET description: 'Starts an Access Control scan with the given context ID and user ID. (Optional parameters: user ID for Unauthenticated user, boolean identifying whether or not Alerts are raised, and the Risk level for the Alerts.) [This assumes the Access ' outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-accesscontrol-action-writehtmlreport path: /JSON/accessControl/action/writeHTMLreport/ operations: - name: accesscontrolactionwritehtmlreport method: GET description: Generates an Access Control report for the given context ID and saves it based on the provided filename (path). outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-accesscontrol-view-getscanprogress path: /JSON/accessControl/view/getScanProgress/ operations: - name: accesscontrolviewgetscanprogress method: GET description: Gets the Access Control scan progress (percentage integer) for the given context ID. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-accesscontrol-view-getscanstatus path: /JSON/accessControl/view/getScanStatus/ operations: - name: accesscontrolviewgetscanstatus method: GET description: Gets the Access Control scan status (description string) for the given context ID. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-acsrf-action-addoptiontoken path: /JSON/acsrf/action/addOptionToken/ operations: - name: acsrfactionaddoptiontoken method: GET description: Adds an anti-CSRF token with the given name, enabled by default outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-acsrf-action-removeoptiontoken path: /JSON/acsrf/action/removeOptionToken/ operations: - name: acsrfactionremoveoptiontoken method: GET description: Removes the anti-CSRF token with the given name outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-acsrf-action-setoptionpartialmatchingenable path: /JSON/acsrf/action/setOptionPartialMatchingEnabled/ operations: - name: acsrfactionsetoptionpartialmatchingenabled method: GET description: Define if ZAP should detect CSRF tokens by searching for partial matches. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: other-acsrf-other-genform path: /OTHER/acsrf/other/genForm/ operations: - name: acsrfothergenform method: GET description: Generate a form for testing lack of anti-CSRF tokens - typically invoked via ZAP outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-acsrf-view-optionpartialmatchingenabled path: /JSON/acsrf/view/optionPartialMatchingEnabled/ operations: - name: acsrfviewoptionpartialmatchingenabled method: GET description: Define if ZAP should detect CSRF tokens by searching for partial matches outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-acsrf-view-optiontokensnames path: /JSON/acsrf/view/optionTokensNames/ operations: - name: acsrfviewoptiontokensnames method: GET description: Lists the names of all anti-CSRF tokens outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-action-addallowedresource path: /JSON/ajaxSpider/action/addAllowedResource/ operations: - name: ajaxspideractionaddallowedresource method: GET description: Adds an allowed resource. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-action-addexcludedelement path: /JSON/ajaxSpider/action/addExcludedElement/ operations: - name: ajaxspideractionaddexcludedelement method: GET description: Adds an excluded element to a context. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-action-modifyexcludedelement path: /JSON/ajaxSpider/action/modifyExcludedElement/ operations: - name: ajaxspideractionmodifyexcludedelement method: GET description: Modifies an excluded element of a context. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-action-removeallowedresource path: /JSON/ajaxSpider/action/removeAllowedResource/ operations: - name: ajaxspideractionremoveallowedresource method: GET description: Removes an allowed resource. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-action-removeexcludedelement path: /JSON/ajaxSpider/action/removeExcludedElement/ operations: - name: ajaxspideractionremoveexcludedelement method: GET description: Removes an excluded element from a context. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-action-scan path: /JSON/ajaxSpider/action/scan/ operations: - name: ajaxspideractionscan method: GET description: Runs the AJAX Spider against a given target. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-action-scanasuser path: /JSON/ajaxSpider/action/scanAsUser/ operations: - name: ajaxspideractionscanasuser method: GET description: Runs the AJAX Spider from the perspective of a User of the web application. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-action-setenabledallowedresource path: /JSON/ajaxSpider/action/setEnabledAllowedResource/ operations: - name: ajaxspideractionsetenabledallowedresource method: GET description: Sets whether or not an allowed resource is enabled. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-action-setoptionbrowserid path: /JSON/ajaxSpider/action/setOptionBrowserId/ operations: - name: ajaxspideractionsetoptionbrowserid method: GET description: Sets the configuration of the AJAX Spider to use one of the supported browsers. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-action-setoptionclickdefaultelem path: /JSON/ajaxSpider/action/setOptionClickDefaultElems/ operations: - name: ajaxspideractionsetoptionclickdefaultelems method: GET description: Sets whether or not the AJAX Spider will only click on the default HTML elements. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-action-setoptionclickelemsonce path: /JSON/ajaxSpider/action/setOptionClickElemsOnce/ operations: - name: ajaxspideractionsetoptionclickelemsonce method: GET description: When enabled, the crawler attempts to interact with each element (e.g., by clicking) only once. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-action-setoptionenableextensions path: /JSON/ajaxSpider/action/setOptionEnableExtensions/ operations: - name: ajaxspideractionsetoptionenableextensions method: GET description: GET /JSON/ajaxSpider/action/setOptionEnableExtensions/ outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-action-setoptioneventwait path: /JSON/ajaxSpider/action/setOptionEventWait/ operations: - name: ajaxspideractionsetoptioneventwait method: GET description: 'Sets the time to wait after an event (in milliseconds). For example: the wait delay after the cursor hovers over an element, in order for a menu to display, etc.' outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-action-setoptionlogoutavoidance path: /JSON/ajaxSpider/action/setOptionLogoutAvoidance/ operations: - name: ajaxspideractionsetoptionlogoutavoidance method: GET description: Sets whether or not the AJAX Spider should avoid clicking logout elements. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-action-setoptionmaxcrawldepth path: /JSON/ajaxSpider/action/setOptionMaxCrawlDepth/ operations: - name: ajaxspideractionsetoptionmaxcrawldepth method: GET description: Sets the maximum depth that the crawler can reach. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-action-setoptionmaxcrawlstates path: /JSON/ajaxSpider/action/setOptionMaxCrawlStates/ operations: - name: ajaxspideractionsetoptionmaxcrawlstates method: GET description: Sets the maximum number of states that the crawler should crawl. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-action-setoptionmaxduration path: /JSON/ajaxSpider/action/setOptionMaxDuration/ operations: - name: ajaxspideractionsetoptionmaxduration method: GET description: The maximum time that the crawler is allowed to run. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-action-setoptionnumberofbrowsers path: /JSON/ajaxSpider/action/setOptionNumberOfBrowsers/ operations: - name: ajaxspideractionsetoptionnumberofbrowsers method: GET description: Sets the number of windows to be used by AJAX Spider. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-action-setoptionrandominputs path: /JSON/ajaxSpider/action/setOptionRandomInputs/ operations: - name: ajaxspideractionsetoptionrandominputs method: GET description: When enabled, inserts random values into form fields. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-action-setoptionreloadwait path: /JSON/ajaxSpider/action/setOptionReloadWait/ operations: - name: ajaxspideractionsetoptionreloadwait method: GET description: Sets the time to wait after the page is loaded before interacting with it. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-action-setoptionscopecheck path: /JSON/ajaxSpider/action/setOptionScopeCheck/ operations: - name: ajaxspideractionsetoptionscopecheck method: GET description: Sets the scope check. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-action-stop path: /JSON/ajaxSpider/action/stop/ operations: - name: ajaxspideractionstop method: GET description: Stops the AJAX Spider. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-view-allowedresources path: /JSON/ajaxSpider/view/allowedResources/ operations: - name: ajaxspiderviewallowedresources method: GET description: Gets the allowed resources. The allowed resources are always fetched even if out of scope, allowing to include necessary resources (e.g. scripts) from 3rd-parties. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-view-excludedelements path: /JSON/ajaxSpider/view/excludedElements/ operations: - name: ajaxspiderviewexcludedelements method: GET description: Gets the excluded elements. The excluded elements are not clicked during crawling, for example, to prevent logging out. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-view-fullresults path: /JSON/ajaxSpider/view/fullResults/ operations: - name: ajaxspiderviewfullresults method: GET description: Gets the full crawled content detected by the AJAX Spider. Returns a set of values based on 'inScope' URLs, 'outOfScope' URLs, and 'errors' encountered during the last/current run of the AJAX Spider. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-view-numberofresults path: /JSON/ajaxSpider/view/numberOfResults/ operations: - name: ajaxspiderviewnumberofresults method: GET description: Gets the number of resources found. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-view-optionbrowserid path: /JSON/ajaxSpider/view/optionBrowserId/ operations: - name: ajaxspiderviewoptionbrowserid method: GET description: Gets the configured browser to use for crawling. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-view-optionclickdefaultelems path: /JSON/ajaxSpider/view/optionClickDefaultElems/ operations: - name: ajaxspiderviewoptionclickdefaultelems method: GET description: Gets the configured value for 'Click Default Elements Only', HTML elements such as 'a', 'button', 'input', all associated with some action or links on the page. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-view-optionclickelemsonce path: /JSON/ajaxSpider/view/optionClickElemsOnce/ operations: - name: ajaxspiderviewoptionclickelemsonce method: GET description: Gets the value configured for the AJAX Spider to know if it should click on the elements only once. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-view-optionenableextensions path: /JSON/ajaxSpider/view/optionEnableExtensions/ operations: - name: ajaxspiderviewoptionenableextensions method: GET description: GET /JSON/ajaxSpider/view/optionEnableExtensions/ outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-view-optioneventwait path: /JSON/ajaxSpider/view/optionEventWait/ operations: - name: ajaxspiderviewoptioneventwait method: GET description: 'Gets the time to wait after an event (in milliseconds). For example: the wait delay after the cursor hovers over an element, in order for a menu to display, etc.' outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-view-optionlogoutavoidance path: /JSON/ajaxSpider/view/optionLogoutAvoidance/ operations: - name: ajaxspiderviewoptionlogoutavoidance method: GET description: Gets the value of the Logout Avoidance option. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-view-optionmaxcrawldepth path: /JSON/ajaxSpider/view/optionMaxCrawlDepth/ operations: - name: ajaxspiderviewoptionmaxcrawldepth method: GET description: Gets the configured value for the max crawl depth. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-view-optionmaxcrawlstates path: /JSON/ajaxSpider/view/optionMaxCrawlStates/ operations: - name: ajaxspiderviewoptionmaxcrawlstates method: GET description: Gets the configured value for the maximum crawl states allowed. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-view-optionmaxduration path: /JSON/ajaxSpider/view/optionMaxDuration/ operations: - name: ajaxspiderviewoptionmaxduration method: GET description: Gets the configured max duration of the crawl, the value is in minutes. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-view-optionnumberofbrowsers path: /JSON/ajaxSpider/view/optionNumberOfBrowsers/ operations: - name: ajaxspiderviewoptionnumberofbrowsers method: GET description: Gets the configured number of browsers to be used. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-view-optionrandominputs path: /JSON/ajaxSpider/view/optionRandomInputs/ operations: - name: ajaxspiderviewoptionrandominputs method: GET description: Gets if the AJAX Spider will use random values in form fields when crawling, if set to true. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-view-optionreloadwait path: /JSON/ajaxSpider/view/optionReloadWait/ operations: - name: ajaxspiderviewoptionreloadwait method: GET description: Gets the configured time to wait after reloading the page, this value is in milliseconds. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-view-optionscopecheck path: /JSON/ajaxSpider/view/optionScopeCheck/ operations: - name: ajaxspiderviewoptionscopecheck method: GET description: Gets the configured scope check. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-view-results path: /JSON/ajaxSpider/view/results/ operations: - name: ajaxspiderviewresults method: GET description: Gets the current results of the crawler. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-ajaxspider-view-status path: /JSON/ajaxSpider/view/status/ operations: - name: ajaxspiderviewstatus method: GET description: Gets the current status of the crawler. Actual values are Stopped and Running. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-alert-action-addalert path: /JSON/alert/action/addAlert/ operations: - name: alertactionaddalert method: GET description: Add an alert associated with the given message ID, with the provided details. (The ID of the created alert is returned.) outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-alert-action-deletealert path: /JSON/alert/action/deleteAlert/ operations: - name: alertactiondeletealert method: GET description: Deletes the alert with the given ID. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-alert-action-deletealerts path: /JSON/alert/action/deleteAlerts/ operations: - name: alertactiondeletealerts method: GET description: Deletes all the alerts optionally filtered by URL which fall within the Context with the provided name, risk, or base URL. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-alert-action-deleteallalerts path: /JSON/alert/action/deleteAllAlerts/ operations: - name: alertactiondeleteallalerts method: GET description: Deletes all alerts of the current session. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-alert-action-updatealert path: /JSON/alert/action/updateAlert/ operations: - name: alertactionupdatealert method: GET description: Update the alert with the given ID, with the provided details. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-alert-action-updatealertsconfidence path: /JSON/alert/action/updateAlertsConfidence/ operations: - name: alertactionupdatealertsconfidence method: GET description: Update the confidence of the alerts. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-alert-action-updatealertsrisk path: /JSON/alert/action/updateAlertsRisk/ operations: - name: alertactionupdatealertsrisk method: GET description: Update the risk of the alerts. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-alert-view-alert path: /JSON/alert/view/alert/ operations: - name: alertviewalert method: GET description: Gets the alert with the given ID, the corresponding HTTP message can be obtained with the 'messageId' field and 'message' API method outputRawFormat: json outputParameters: - name: result type: object value: $. - name: json-alert-view-alertcountsbyrisk path: /JSON/alert/view/alertCountsByRisk/ operations: - name: alertviewalertcountsbyrisk method: GET description: Gets a count of the alerts, optionally filtered as per alertsPerRisk outputRawFormat: json outputParameters: - name: result type: object value: $. exposes: - type: rest port: 8080 namespace: owasp-zap-rest description: REST adapter for ZAP API. resources: - path: /JSON/accessControl/action/scan/ name: accesscontrolactionscan operations: - method: GET name: accesscontrolactionscan description: 'Starts an Access Control scan with the given context ID and user ID. (Optional parameters: user ID for Unauthenticated user, boolean identifying whether or not Alerts are raised, and the Risk level for the Alerts.) [This assumes the Access ' call: owasp-zap.accesscontrolactionscan outputParameters: - type: object mapping: $. - path: /JSON/accessControl/action/writeHTMLreport/ name: accesscontrolactionwritehtmlreport operations: - method: GET name: accesscontrolactionwritehtmlreport description: Generates an Access Control report for the given context ID and saves it based on the provided filename (path). call: owasp-zap.accesscontrolactionwritehtmlreport outputParameters: - type: object mapping: $. - path: /JSON/accessControl/view/getScanProgress/ name: accesscontrolviewgetscanprogress operations: - method: GET name: accesscontrolviewgetscanprogress description: Gets the Access Control scan progress (percentage integer) for the given context ID. call: owasp-zap.accesscontrolviewgetscanprogress outputParameters: - type: object mapping: $. - path: /JSON/accessControl/view/getScanStatus/ name: accesscontrolviewgetscanstatus operations: - method: GET name: accesscontrolviewgetscanstatus description: Gets the Access Control scan status (description string) for the given context ID. call: owasp-zap.accesscontrolviewgetscanstatus outputParameters: - type: object mapping: $. - path: /JSON/acsrf/action/addOptionToken/ name: acsrfactionaddoptiontoken operations: - method: GET name: acsrfactionaddoptiontoken description: Adds an anti-CSRF token with the given name, enabled by default call: owasp-zap.acsrfactionaddoptiontoken outputParameters: - type: object mapping: $. - path: /JSON/acsrf/action/removeOptionToken/ name: acsrfactionremoveoptiontoken operations: - method: GET name: acsrfactionremoveoptiontoken description: Removes the anti-CSRF token with the given name call: owasp-zap.acsrfactionremoveoptiontoken outputParameters: - type: object mapping: $. - path: /JSON/acsrf/action/setOptionPartialMatchingEnabled/ name: acsrfactionsetoptionpartialmatchingenabled operations: - method: GET name: acsrfactionsetoptionpartialmatchingenabled description: Define if ZAP should detect CSRF tokens by searching for partial matches. call: owasp-zap.acsrfactionsetoptionpartialmatchingenabled outputParameters: - type: object mapping: $. - path: /OTHER/acsrf/other/genForm/ name: acsrfothergenform operations: - method: GET name: acsrfothergenform description: Generate a form for testing lack of anti-CSRF tokens - typically invoked via ZAP call: owasp-zap.acsrfothergenform outputParameters: - type: object mapping: $. - path: /JSON/acsrf/view/optionPartialMatchingEnabled/ name: acsrfviewoptionpartialmatchingenabled operations: - method: GET name: acsrfviewoptionpartialmatchingenabled description: Define if ZAP should detect CSRF tokens by searching for partial matches call: owasp-zap.acsrfviewoptionpartialmatchingenabled outputParameters: - type: object mapping: $. - path: /JSON/acsrf/view/optionTokensNames/ name: acsrfviewoptiontokensnames operations: - method: GET name: acsrfviewoptiontokensnames description: Lists the names of all anti-CSRF tokens call: owasp-zap.acsrfviewoptiontokensnames outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/action/addAllowedResource/ name: ajaxspideractionaddallowedresource operations: - method: GET name: ajaxspideractionaddallowedresource description: Adds an allowed resource. call: owasp-zap.ajaxspideractionaddallowedresource outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/action/addExcludedElement/ name: ajaxspideractionaddexcludedelement operations: - method: GET name: ajaxspideractionaddexcludedelement description: Adds an excluded element to a context. call: owasp-zap.ajaxspideractionaddexcludedelement outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/action/modifyExcludedElement/ name: ajaxspideractionmodifyexcludedelement operations: - method: GET name: ajaxspideractionmodifyexcludedelement description: Modifies an excluded element of a context. call: owasp-zap.ajaxspideractionmodifyexcludedelement outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/action/removeAllowedResource/ name: ajaxspideractionremoveallowedresource operations: - method: GET name: ajaxspideractionremoveallowedresource description: Removes an allowed resource. call: owasp-zap.ajaxspideractionremoveallowedresource outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/action/removeExcludedElement/ name: ajaxspideractionremoveexcludedelement operations: - method: GET name: ajaxspideractionremoveexcludedelement description: Removes an excluded element from a context. call: owasp-zap.ajaxspideractionremoveexcludedelement outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/action/scan/ name: ajaxspideractionscan operations: - method: GET name: ajaxspideractionscan description: Runs the AJAX Spider against a given target. call: owasp-zap.ajaxspideractionscan outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/action/scanAsUser/ name: ajaxspideractionscanasuser operations: - method: GET name: ajaxspideractionscanasuser description: Runs the AJAX Spider from the perspective of a User of the web application. call: owasp-zap.ajaxspideractionscanasuser outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/action/setEnabledAllowedResource/ name: ajaxspideractionsetenabledallowedresource operations: - method: GET name: ajaxspideractionsetenabledallowedresource description: Sets whether or not an allowed resource is enabled. call: owasp-zap.ajaxspideractionsetenabledallowedresource outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/action/setOptionBrowserId/ name: ajaxspideractionsetoptionbrowserid operations: - method: GET name: ajaxspideractionsetoptionbrowserid description: Sets the configuration of the AJAX Spider to use one of the supported browsers. call: owasp-zap.ajaxspideractionsetoptionbrowserid outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/action/setOptionClickDefaultElems/ name: ajaxspideractionsetoptionclickdefaultelems operations: - method: GET name: ajaxspideractionsetoptionclickdefaultelems description: Sets whether or not the AJAX Spider will only click on the default HTML elements. call: owasp-zap.ajaxspideractionsetoptionclickdefaultelems outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/action/setOptionClickElemsOnce/ name: ajaxspideractionsetoptionclickelemsonce operations: - method: GET name: ajaxspideractionsetoptionclickelemsonce description: When enabled, the crawler attempts to interact with each element (e.g., by clicking) only once. call: owasp-zap.ajaxspideractionsetoptionclickelemsonce outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/action/setOptionEnableExtensions/ name: ajaxspideractionsetoptionenableextensions operations: - method: GET name: ajaxspideractionsetoptionenableextensions description: GET /JSON/ajaxSpider/action/setOptionEnableExtensions/ call: owasp-zap.ajaxspideractionsetoptionenableextensions outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/action/setOptionEventWait/ name: ajaxspideractionsetoptioneventwait operations: - method: GET name: ajaxspideractionsetoptioneventwait description: 'Sets the time to wait after an event (in milliseconds). For example: the wait delay after the cursor hovers over an element, in order for a menu to display, etc.' call: owasp-zap.ajaxspideractionsetoptioneventwait outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/action/setOptionLogoutAvoidance/ name: ajaxspideractionsetoptionlogoutavoidance operations: - method: GET name: ajaxspideractionsetoptionlogoutavoidance description: Sets whether or not the AJAX Spider should avoid clicking logout elements. call: owasp-zap.ajaxspideractionsetoptionlogoutavoidance outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/action/setOptionMaxCrawlDepth/ name: ajaxspideractionsetoptionmaxcrawldepth operations: - method: GET name: ajaxspideractionsetoptionmaxcrawldepth description: Sets the maximum depth that the crawler can reach. call: owasp-zap.ajaxspideractionsetoptionmaxcrawldepth outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/action/setOptionMaxCrawlStates/ name: ajaxspideractionsetoptionmaxcrawlstates operations: - method: GET name: ajaxspideractionsetoptionmaxcrawlstates description: Sets the maximum number of states that the crawler should crawl. call: owasp-zap.ajaxspideractionsetoptionmaxcrawlstates outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/action/setOptionMaxDuration/ name: ajaxspideractionsetoptionmaxduration operations: - method: GET name: ajaxspideractionsetoptionmaxduration description: The maximum time that the crawler is allowed to run. call: owasp-zap.ajaxspideractionsetoptionmaxduration outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/action/setOptionNumberOfBrowsers/ name: ajaxspideractionsetoptionnumberofbrowsers operations: - method: GET name: ajaxspideractionsetoptionnumberofbrowsers description: Sets the number of windows to be used by AJAX Spider. call: owasp-zap.ajaxspideractionsetoptionnumberofbrowsers outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/action/setOptionRandomInputs/ name: ajaxspideractionsetoptionrandominputs operations: - method: GET name: ajaxspideractionsetoptionrandominputs description: When enabled, inserts random values into form fields. call: owasp-zap.ajaxspideractionsetoptionrandominputs outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/action/setOptionReloadWait/ name: ajaxspideractionsetoptionreloadwait operations: - method: GET name: ajaxspideractionsetoptionreloadwait description: Sets the time to wait after the page is loaded before interacting with it. call: owasp-zap.ajaxspideractionsetoptionreloadwait outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/action/setOptionScopeCheck/ name: ajaxspideractionsetoptionscopecheck operations: - method: GET name: ajaxspideractionsetoptionscopecheck description: Sets the scope check. call: owasp-zap.ajaxspideractionsetoptionscopecheck outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/action/stop/ name: ajaxspideractionstop operations: - method: GET name: ajaxspideractionstop description: Stops the AJAX Spider. call: owasp-zap.ajaxspideractionstop outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/view/allowedResources/ name: ajaxspiderviewallowedresources operations: - method: GET name: ajaxspiderviewallowedresources description: Gets the allowed resources. The allowed resources are always fetched even if out of scope, allowing to include necessary resources (e.g. scripts) from 3rd-parties. call: owasp-zap.ajaxspiderviewallowedresources outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/view/excludedElements/ name: ajaxspiderviewexcludedelements operations: - method: GET name: ajaxspiderviewexcludedelements description: Gets the excluded elements. The excluded elements are not clicked during crawling, for example, to prevent logging out. call: owasp-zap.ajaxspiderviewexcludedelements outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/view/fullResults/ name: ajaxspiderviewfullresults operations: - method: GET name: ajaxspiderviewfullresults description: Gets the full crawled content detected by the AJAX Spider. Returns a set of values based on 'inScope' URLs, 'outOfScope' URLs, and 'errors' encountered during the last/current run of the AJAX Spider. call: owasp-zap.ajaxspiderviewfullresults outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/view/numberOfResults/ name: ajaxspiderviewnumberofresults operations: - method: GET name: ajaxspiderviewnumberofresults description: Gets the number of resources found. call: owasp-zap.ajaxspiderviewnumberofresults outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/view/optionBrowserId/ name: ajaxspiderviewoptionbrowserid operations: - method: GET name: ajaxspiderviewoptionbrowserid description: Gets the configured browser to use for crawling. call: owasp-zap.ajaxspiderviewoptionbrowserid outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/view/optionClickDefaultElems/ name: ajaxspiderviewoptionclickdefaultelems operations: - method: GET name: ajaxspiderviewoptionclickdefaultelems description: Gets the configured value for 'Click Default Elements Only', HTML elements such as 'a', 'button', 'input', all associated with some action or links on the page. call: owasp-zap.ajaxspiderviewoptionclickdefaultelems outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/view/optionClickElemsOnce/ name: ajaxspiderviewoptionclickelemsonce operations: - method: GET name: ajaxspiderviewoptionclickelemsonce description: Gets the value configured for the AJAX Spider to know if it should click on the elements only once. call: owasp-zap.ajaxspiderviewoptionclickelemsonce outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/view/optionEnableExtensions/ name: ajaxspiderviewoptionenableextensions operations: - method: GET name: ajaxspiderviewoptionenableextensions description: GET /JSON/ajaxSpider/view/optionEnableExtensions/ call: owasp-zap.ajaxspiderviewoptionenableextensions outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/view/optionEventWait/ name: ajaxspiderviewoptioneventwait operations: - method: GET name: ajaxspiderviewoptioneventwait description: 'Gets the time to wait after an event (in milliseconds). For example: the wait delay after the cursor hovers over an element, in order for a menu to display, etc.' call: owasp-zap.ajaxspiderviewoptioneventwait outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/view/optionLogoutAvoidance/ name: ajaxspiderviewoptionlogoutavoidance operations: - method: GET name: ajaxspiderviewoptionlogoutavoidance description: Gets the value of the Logout Avoidance option. call: owasp-zap.ajaxspiderviewoptionlogoutavoidance outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/view/optionMaxCrawlDepth/ name: ajaxspiderviewoptionmaxcrawldepth operations: - method: GET name: ajaxspiderviewoptionmaxcrawldepth description: Gets the configured value for the max crawl depth. call: owasp-zap.ajaxspiderviewoptionmaxcrawldepth outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/view/optionMaxCrawlStates/ name: ajaxspiderviewoptionmaxcrawlstates operations: - method: GET name: ajaxspiderviewoptionmaxcrawlstates description: Gets the configured value for the maximum crawl states allowed. call: owasp-zap.ajaxspiderviewoptionmaxcrawlstates outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/view/optionMaxDuration/ name: ajaxspiderviewoptionmaxduration operations: - method: GET name: ajaxspiderviewoptionmaxduration description: Gets the configured max duration of the crawl, the value is in minutes. call: owasp-zap.ajaxspiderviewoptionmaxduration outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/view/optionNumberOfBrowsers/ name: ajaxspiderviewoptionnumberofbrowsers operations: - method: GET name: ajaxspiderviewoptionnumberofbrowsers description: Gets the configured number of browsers to be used. call: owasp-zap.ajaxspiderviewoptionnumberofbrowsers outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/view/optionRandomInputs/ name: ajaxspiderviewoptionrandominputs operations: - method: GET name: ajaxspiderviewoptionrandominputs description: Gets if the AJAX Spider will use random values in form fields when crawling, if set to true. call: owasp-zap.ajaxspiderviewoptionrandominputs outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/view/optionReloadWait/ name: ajaxspiderviewoptionreloadwait operations: - method: GET name: ajaxspiderviewoptionreloadwait description: Gets the configured time to wait after reloading the page, this value is in milliseconds. call: owasp-zap.ajaxspiderviewoptionreloadwait outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/view/optionScopeCheck/ name: ajaxspiderviewoptionscopecheck operations: - method: GET name: ajaxspiderviewoptionscopecheck description: Gets the configured scope check. call: owasp-zap.ajaxspiderviewoptionscopecheck outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/view/results/ name: ajaxspiderviewresults operations: - method: GET name: ajaxspiderviewresults description: Gets the current results of the crawler. call: owasp-zap.ajaxspiderviewresults outputParameters: - type: object mapping: $. - path: /JSON/ajaxSpider/view/status/ name: ajaxspiderviewstatus operations: - method: GET name: ajaxspiderviewstatus description: Gets the current status of the crawler. Actual values are Stopped and Running. call: owasp-zap.ajaxspiderviewstatus outputParameters: - type: object mapping: $. - path: /JSON/alert/action/addAlert/ name: alertactionaddalert operations: - method: GET name: alertactionaddalert description: Add an alert associated with the given message ID, with the provided details. (The ID of the created alert is returned.) call: owasp-zap.alertactionaddalert outputParameters: - type: object mapping: $. - path: /JSON/alert/action/deleteAlert/ name: alertactiondeletealert operations: - method: GET name: alertactiondeletealert description: Deletes the alert with the given ID. call: owasp-zap.alertactiondeletealert outputParameters: - type: object mapping: $. - path: /JSON/alert/action/deleteAlerts/ name: alertactiondeletealerts operations: - method: GET name: alertactiondeletealerts description: Deletes all the alerts optionally filtered by URL which fall within the Context with the provided name, risk, or base URL. call: owasp-zap.alertactiondeletealerts outputParameters: - type: object mapping: $. - path: /JSON/alert/action/deleteAllAlerts/ name: alertactiondeleteallalerts operations: - method: GET name: alertactiondeleteallalerts description: Deletes all alerts of the current session. call: owasp-zap.alertactiondeleteallalerts outputParameters: - type: object mapping: $. - path: /JSON/alert/action/updateAlert/ name: alertactionupdatealert operations: - method: GET name: alertactionupdatealert description: Update the alert with the given ID, with the provided details. call: owasp-zap.alertactionupdatealert outputParameters: - type: object mapping: $. - path: /JSON/alert/action/updateAlertsConfidence/ name: alertactionupdatealertsconfidence operations: - method: GET name: alertactionupdatealertsconfidence description: Update the confidence of the alerts. call: owasp-zap.alertactionupdatealertsconfidence outputParameters: - type: object mapping: $. - path: /JSON/alert/action/updateAlertsRisk/ name: alertactionupdatealertsrisk operations: - method: GET name: alertactionupdatealertsrisk description: Update the risk of the alerts. call: owasp-zap.alertactionupdatealertsrisk outputParameters: - type: object mapping: $. - path: /JSON/alert/view/alert/ name: alertviewalert operations: - method: GET name: alertviewalert description: Gets the alert with the given ID, the corresponding HTTP message can be obtained with the 'messageId' field and 'message' API method call: owasp-zap.alertviewalert outputParameters: - type: object mapping: $. - path: /JSON/alert/view/alertCountsByRisk/ name: alertviewalertcountsbyrisk operations: - method: GET name: alertviewalertcountsbyrisk description: Gets a count of the alerts, optionally filtered as per alertsPerRisk call: owasp-zap.alertviewalertcountsbyrisk outputParameters: - type: object mapping: $. - type: mcp port: 9090 namespace: owasp-zap-mcp transport: http description: MCP adapter for ZAP API for AI agent use. tools: - name: accesscontrolactionscan description: 'Starts an Access Control scan with the given context ID and user ID. (Optional parameters: user ID for Unauthenticated user, boolean identifying whether or not Alerts are raised, and the Risk level for the Alerts.) [This assumes the Access ' hints: readOnly: true destructive: false idempotent: true call: owasp-zap.accesscontrolactionscan outputParameters: - type: object mapping: $. - name: accesscontrolactionwritehtmlreport description: Generates an Access Control report for the given context ID and saves it based on the provided filename (path). hints: readOnly: true destructive: false idempotent: true call: owasp-zap.accesscontrolactionwritehtmlreport outputParameters: - type: object mapping: $. - name: accesscontrolviewgetscanprogress description: Gets the Access Control scan progress (percentage integer) for the given context ID. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.accesscontrolviewgetscanprogress outputParameters: - type: object mapping: $. - name: accesscontrolviewgetscanstatus description: Gets the Access Control scan status (description string) for the given context ID. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.accesscontrolviewgetscanstatus outputParameters: - type: object mapping: $. - name: acsrfactionaddoptiontoken description: Adds an anti-CSRF token with the given name, enabled by default hints: readOnly: true destructive: false idempotent: true call: owasp-zap.acsrfactionaddoptiontoken outputParameters: - type: object mapping: $. - name: acsrfactionremoveoptiontoken description: Removes the anti-CSRF token with the given name hints: readOnly: true destructive: false idempotent: true call: owasp-zap.acsrfactionremoveoptiontoken outputParameters: - type: object mapping: $. - name: acsrfactionsetoptionpartialmatchingenabled description: Define if ZAP should detect CSRF tokens by searching for partial matches. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.acsrfactionsetoptionpartialmatchingenabled outputParameters: - type: object mapping: $. - name: acsrfothergenform description: Generate a form for testing lack of anti-CSRF tokens - typically invoked via ZAP hints: readOnly: true destructive: false idempotent: true call: owasp-zap.acsrfothergenform outputParameters: - type: object mapping: $. - name: acsrfviewoptionpartialmatchingenabled description: Define if ZAP should detect CSRF tokens by searching for partial matches hints: readOnly: true destructive: false idempotent: true call: owasp-zap.acsrfviewoptionpartialmatchingenabled outputParameters: - type: object mapping: $. - name: acsrfviewoptiontokensnames description: Lists the names of all anti-CSRF tokens hints: readOnly: true destructive: false idempotent: true call: owasp-zap.acsrfviewoptiontokensnames outputParameters: - type: object mapping: $. - name: ajaxspideractionaddallowedresource description: Adds an allowed resource. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspideractionaddallowedresource outputParameters: - type: object mapping: $. - name: ajaxspideractionaddexcludedelement description: Adds an excluded element to a context. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspideractionaddexcludedelement outputParameters: - type: object mapping: $. - name: ajaxspideractionmodifyexcludedelement description: Modifies an excluded element of a context. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspideractionmodifyexcludedelement outputParameters: - type: object mapping: $. - name: ajaxspideractionremoveallowedresource description: Removes an allowed resource. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspideractionremoveallowedresource outputParameters: - type: object mapping: $. - name: ajaxspideractionremoveexcludedelement description: Removes an excluded element from a context. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspideractionremoveexcludedelement outputParameters: - type: object mapping: $. - name: ajaxspideractionscan description: Runs the AJAX Spider against a given target. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspideractionscan outputParameters: - type: object mapping: $. - name: ajaxspideractionscanasuser description: Runs the AJAX Spider from the perspective of a User of the web application. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspideractionscanasuser outputParameters: - type: object mapping: $. - name: ajaxspideractionsetenabledallowedresource description: Sets whether or not an allowed resource is enabled. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspideractionsetenabledallowedresource outputParameters: - type: object mapping: $. - name: ajaxspideractionsetoptionbrowserid description: Sets the configuration of the AJAX Spider to use one of the supported browsers. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspideractionsetoptionbrowserid outputParameters: - type: object mapping: $. - name: ajaxspideractionsetoptionclickdefaultelems description: Sets whether or not the AJAX Spider will only click on the default HTML elements. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspideractionsetoptionclickdefaultelems outputParameters: - type: object mapping: $. - name: ajaxspideractionsetoptionclickelemsonce description: When enabled, the crawler attempts to interact with each element (e.g., by clicking) only once. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspideractionsetoptionclickelemsonce outputParameters: - type: object mapping: $. - name: ajaxspideractionsetoptionenableextensions description: GET /JSON/ajaxSpider/action/setOptionEnableExtensions/ hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspideractionsetoptionenableextensions outputParameters: - type: object mapping: $. - name: ajaxspideractionsetoptioneventwait description: 'Sets the time to wait after an event (in milliseconds). For example: the wait delay after the cursor hovers over an element, in order for a menu to display, etc.' hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspideractionsetoptioneventwait outputParameters: - type: object mapping: $. - name: ajaxspideractionsetoptionlogoutavoidance description: Sets whether or not the AJAX Spider should avoid clicking logout elements. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspideractionsetoptionlogoutavoidance outputParameters: - type: object mapping: $. - name: ajaxspideractionsetoptionmaxcrawldepth description: Sets the maximum depth that the crawler can reach. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspideractionsetoptionmaxcrawldepth outputParameters: - type: object mapping: $. - name: ajaxspideractionsetoptionmaxcrawlstates description: Sets the maximum number of states that the crawler should crawl. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspideractionsetoptionmaxcrawlstates outputParameters: - type: object mapping: $. - name: ajaxspideractionsetoptionmaxduration description: The maximum time that the crawler is allowed to run. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspideractionsetoptionmaxduration outputParameters: - type: object mapping: $. - name: ajaxspideractionsetoptionnumberofbrowsers description: Sets the number of windows to be used by AJAX Spider. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspideractionsetoptionnumberofbrowsers outputParameters: - type: object mapping: $. - name: ajaxspideractionsetoptionrandominputs description: When enabled, inserts random values into form fields. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspideractionsetoptionrandominputs outputParameters: - type: object mapping: $. - name: ajaxspideractionsetoptionreloadwait description: Sets the time to wait after the page is loaded before interacting with it. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspideractionsetoptionreloadwait outputParameters: - type: object mapping: $. - name: ajaxspideractionsetoptionscopecheck description: Sets the scope check. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspideractionsetoptionscopecheck outputParameters: - type: object mapping: $. - name: ajaxspideractionstop description: Stops the AJAX Spider. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspideractionstop outputParameters: - type: object mapping: $. - name: ajaxspiderviewallowedresources description: Gets the allowed resources. The allowed resources are always fetched even if out of scope, allowing to include necessary resources (e.g. scripts) from 3rd-parties. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspiderviewallowedresources outputParameters: - type: object mapping: $. - name: ajaxspiderviewexcludedelements description: Gets the excluded elements. The excluded elements are not clicked during crawling, for example, to prevent logging out. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspiderviewexcludedelements outputParameters: - type: object mapping: $. - name: ajaxspiderviewfullresults description: Gets the full crawled content detected by the AJAX Spider. Returns a set of values based on 'inScope' URLs, 'outOfScope' URLs, and 'errors' encountered during the last/current run of the AJAX Spider. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspiderviewfullresults outputParameters: - type: object mapping: $. - name: ajaxspiderviewnumberofresults description: Gets the number of resources found. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspiderviewnumberofresults outputParameters: - type: object mapping: $. - name: ajaxspiderviewoptionbrowserid description: Gets the configured browser to use for crawling. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspiderviewoptionbrowserid outputParameters: - type: object mapping: $. - name: ajaxspiderviewoptionclickdefaultelems description: Gets the configured value for 'Click Default Elements Only', HTML elements such as 'a', 'button', 'input', all associated with some action or links on the page. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspiderviewoptionclickdefaultelems outputParameters: - type: object mapping: $. - name: ajaxspiderviewoptionclickelemsonce description: Gets the value configured for the AJAX Spider to know if it should click on the elements only once. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspiderviewoptionclickelemsonce outputParameters: - type: object mapping: $. - name: ajaxspiderviewoptionenableextensions description: GET /JSON/ajaxSpider/view/optionEnableExtensions/ hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspiderviewoptionenableextensions outputParameters: - type: object mapping: $. - name: ajaxspiderviewoptioneventwait description: 'Gets the time to wait after an event (in milliseconds). For example: the wait delay after the cursor hovers over an element, in order for a menu to display, etc.' hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspiderviewoptioneventwait outputParameters: - type: object mapping: $. - name: ajaxspiderviewoptionlogoutavoidance description: Gets the value of the Logout Avoidance option. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspiderviewoptionlogoutavoidance outputParameters: - type: object mapping: $. - name: ajaxspiderviewoptionmaxcrawldepth description: Gets the configured value for the max crawl depth. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspiderviewoptionmaxcrawldepth outputParameters: - type: object mapping: $. - name: ajaxspiderviewoptionmaxcrawlstates description: Gets the configured value for the maximum crawl states allowed. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspiderviewoptionmaxcrawlstates outputParameters: - type: object mapping: $. - name: ajaxspiderviewoptionmaxduration description: Gets the configured max duration of the crawl, the value is in minutes. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspiderviewoptionmaxduration outputParameters: - type: object mapping: $. - name: ajaxspiderviewoptionnumberofbrowsers description: Gets the configured number of browsers to be used. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspiderviewoptionnumberofbrowsers outputParameters: - type: object mapping: $. - name: ajaxspiderviewoptionrandominputs description: Gets if the AJAX Spider will use random values in form fields when crawling, if set to true. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspiderviewoptionrandominputs outputParameters: - type: object mapping: $. - name: ajaxspiderviewoptionreloadwait description: Gets the configured time to wait after reloading the page, this value is in milliseconds. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspiderviewoptionreloadwait outputParameters: - type: object mapping: $. - name: ajaxspiderviewoptionscopecheck description: Gets the configured scope check. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspiderviewoptionscopecheck outputParameters: - type: object mapping: $. - name: ajaxspiderviewresults description: Gets the current results of the crawler. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspiderviewresults outputParameters: - type: object mapping: $. - name: ajaxspiderviewstatus description: Gets the current status of the crawler. Actual values are Stopped and Running. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.ajaxspiderviewstatus outputParameters: - type: object mapping: $. - name: alertactionaddalert description: Add an alert associated with the given message ID, with the provided details. (The ID of the created alert is returned.) hints: readOnly: true destructive: false idempotent: true call: owasp-zap.alertactionaddalert outputParameters: - type: object mapping: $. - name: alertactiondeletealert description: Deletes the alert with the given ID. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.alertactiondeletealert outputParameters: - type: object mapping: $. - name: alertactiondeletealerts description: Deletes all the alerts optionally filtered by URL which fall within the Context with the provided name, risk, or base URL. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.alertactiondeletealerts outputParameters: - type: object mapping: $. - name: alertactiondeleteallalerts description: Deletes all alerts of the current session. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.alertactiondeleteallalerts outputParameters: - type: object mapping: $. - name: alertactionupdatealert description: Update the alert with the given ID, with the provided details. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.alertactionupdatealert outputParameters: - type: object mapping: $. - name: alertactionupdatealertsconfidence description: Update the confidence of the alerts. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.alertactionupdatealertsconfidence outputParameters: - type: object mapping: $. - name: alertactionupdatealertsrisk description: Update the risk of the alerts. hints: readOnly: true destructive: false idempotent: true call: owasp-zap.alertactionupdatealertsrisk outputParameters: - type: object mapping: $. - name: alertviewalert description: Gets the alert with the given ID, the corresponding HTTP message can be obtained with the 'messageId' field and 'message' API method hints: readOnly: true destructive: false idempotent: true call: owasp-zap.alertviewalert outputParameters: - type: object mapping: $. - name: alertviewalertcountsbyrisk description: Gets a count of the alerts, optionally filtered as per alertsPerRisk hints: readOnly: true destructive: false idempotent: true call: owasp-zap.alertviewalertcountsbyrisk outputParameters: - type: object mapping: $. binds: - namespace: env keys: OWASP_ZAP_TOKEN: OWASP_ZAP_TOKEN