Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Support
API Discovery

Integrating with Kong Konnect

This document is for:
Invicti Enterprise On-Demand

This feature is available with Invicti API Security Standalone or Bundle

Integrating Kong Konnect with Invicti Enterprise allows you to fetch Swagger2 and OpenAPI3 specification files from Kong Konnect and provide them as inputs to our DAST scanners. The imported specification files are used to build an inventory of API endpoints that can be scanned for vulnerabilities.

This document explains how to set up an integration between Kong Konnect and Invicti Enterprise.

PREREQUISITES:

  • A Kong Konnect account that contains your API specification files published through the API Products Dashboard.

How to integrate Invicti Enterprise with Kong Konnect

Before configuring the integration in Invicti Enterprise, you need to generate a personal access token in Kong Konnect that will be used to authorize the retrieval of your API specification files. Follow the steps below in all sections to integrate Invicti Enterprise with Kong Konnect.

NOTE: Only Swagger2 and OpenAPI3 specification files will be imported.

Step 1: Generate a personal access token

  1. Log in to Kong Konnect.
  2. Click the profile icon in the top-right corner, then select Personal Access Tokens.

  1. Click + Generate Token.

  1. Enter a Name for the token and set an Expiration period, then click Generate.

  1. Click Copy.

You now have the necessary information to configure the integration in Invicti Enterprise. Continue with the steps in the next section below.

Step 2: Configure Invicti Enterprise

  1. Log in to Invicti Enterprise.
  2. Select APIs > Sources from the left-side menu.

  1. Click Add New Source.

  1. Enter a Name for the API integration and select Kong Konnect as the Source type. 
  2. Select the Region that corresponds with the region used for your Kong Konnect account. (This is visible in the bottom-left corner of the Kong Konnect user interface after selecting API Products.)
  3. Paste your Personal Access Token into the corresponding field.

  1. Click Authenticate and Save.

An Authorization successful message will display and the integration will appear on the APIs > Sources page in Invicti Enterprise. Continue with the final step below to synchronize the API import.

Step 3: Synchronize the API import

  1. On the APIs > Sources page in Invicti Enterprise, click the sync icon to start importing your API specification files from Kong Konnect into your Invicti Enterprise API Inventory.

  1. When the sync is complete, your API specification files will be displayed on the API Inventory page in Invicti Enterprise. From this page, you can link your API specification files to targets so they can be scanned for vulnerabilities. For more information, refer to Linking and unlinking discovered APIs to targets.

 

Kong Konnect is now integrated with Invicti Enterprise. After the initial synchronization, the integration will automatically sync your API specifications once every 24 hours.

NOTE: To synchronize API specifications on demand, click the sync icon on the APIs > Sources page. To disable automatic synchronization, click the toggle in the Sync Automatically column on the APIs > Sources page.

Top Articles

What is Invicti?

Overview of Scan Policies

Scheduling Scans

Managing Integrations

Built-In Reports