Web Vulnerability Analysis Request API
Description
Users can send API requests to analyze vulnerabilities of sites published on the web and receive responses about the status of those requests.
Request
a. Information about the URL to analyze and analysis option information to set the scope and extent of analysis, and b. Callback URL information to receive analysis results are required. Refer to Request to enter the API.
Response
You will receive a success or failure response immediately after sending the analysis request. For details, refer to the Response section of the Web Vulnerability Analysis Request API.
Callback
You will receive progress or analysis completion callbacks according to the callback information entered in the request. For details, refer to Callback.
For information about the analysis request process, refer to Analysis Request and Callback.
Request
{
"resultVersion": `2`,
"memo": "test memo",
"dastOptions": {
"crawlerTargetSeedUrls": ["http://52.78.58.6:38380/dcta-for-java/hostHeader"],
"crawlerCrawlMaxUrl": 999,
"commonRecordsLogin": ["eyJ2ZXJzaW9uIjoiMS4xIiwic2VlZFVybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS8iLCJkYXN0RXZlbnRMaXN0IjpbeyJkYXRhIjp7InRhYklkIjoxODEzODAzNDY0LCJ2YWx1ZSI6IiIsIndpbmRvd0lkIjoxODEzODAzNDYzLCJ4cGF0aCI6Ii9IVE1MWzFdL0JPRFlbMV0vRElWWzFdL0RJVlsxXS9IRUFERVJbMV0vRElWWzFdL0RJVlsxXS9ESVZbMl0vRElWWzJdL05BVlsxXS9VTFsxXS9MSVsxXS9BWzFdL1NQQU5bMV0ifSwiZXZlbnRWYWxpZGF0aW9uIjpmYWxzZSwiZnJvbVVybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS8iLCJpbnRlcnZhbCI6MCwidGltZXN0YW1wIjoyNzMxLCJ0eXBlIjoiZGFzdC5ldmVudC5wbGFpbi1ldmVudC5jbGljayJ9LHsiZGF0YSI6eyJ0YWJJZCI6MTgxMzgwMzQ2NCwidmFsdWUiOiIiLCJ3aW5kb3dJZCI6MTgxMzgwMzQ2MywieHBhdGgiOiIvSFRNTFsxXS9CT0RZWzFdL0RJVlsxXS9ESVZbNV0vRElWWzFdL0RJVlsxXS9BU0lERVsxXS9ESVZbMV0vRElWWzFdL0xPQURJTkctQ09OVEVYVFsxXS9ESVZbMV0vRElWWzFdL0RJVlsxXS9VTFsxXS9MSVsyXS9ESVZbMV0vRElWWzFdL0FbMV0ifSwiZXZlbnRWYWxpZGF0aW9uIjpmYWxzZSwiZnJvbVVybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS8iLCJpbnRlcnZhbCI6MCwidGltZXN0YW1wIjozMjcyLCJ0eXBlIjoiZGFzdC5ldmVudC5wbGFpbi1ldmVudC5jbGljayJ9XX0="]
}
}
Response
✔️ Success Response
Request Success
If the analysis request is processed normally, you will receive the following response along with 200 OK.
{
"requestId": "REQUEST_ID",
"accountId": "ACCOUNT_ID",
"operationType": "SCAN",
"requestVersion": "v1Dast",
"stopAnalysisId": null,
"status": "ING",
"result": "S",
"requestText": "REQUEST_TEXT",
"tokenId": 1,
"insertTime": "YYYY-MM-DDThh:mm:ss.sss±hh:mm",
"updateTime": "YYYY-MM-DDThh:mm:ss.sss±hh:mm",
"analysisList": [
{
"analysisId": "ANALYSIS_ID",
"requestId": "REQUEST_ID",
"status": "INIT",
"result": null,
"progress": null,
"toolType": "DAST",
"memo": "MEMO",
"startTime": null,
"endTime": null,
"issueCount": null,
"issueCountRisk1": null,
"issueCountRisk2": null,
"issueCountRisk3": null,
"issueCountRisk4": null,
"issueCountRisk5": null,
"insertTime": "YYYY-MM-DDThh:mm:ss.sss±hh:mm",
"updateTime": "YYYY-MM-DDThh:mm:ss.sss±hh:mm",
"analysisType": null,
"target": "http://52.78.58.6:38380/dcta-for-java/hostHeader",
"urlCount": null,
"requestCount": null
}
]
}
❌ Failure Response
Authentication Failure
If authentication information is incorrect, you will receive a 401 Unauthorized response.
Invalid Request
If the request is invalid, you will receive a 400 Bad Request response along with the following information.
resultCode: Displays the result of the request as a code. For details, refer to Result Code Collection.message: Displays an error message.
Callback
✅ Analysis Status Callback
{
"analysisId": "ANALYSIS_ID"
"requestId": "REQUEST_ID"
"type": "ANALYSIS_PROGRESS"
"status": "ANALYSIS"
"result": null
"progress": null
"step": "STEP"
"totalStep": 5
"updateTime": 1750312561610
}
☑️ Analysis Completion Callback
{
"analysisId": "ANALYSIS_ID"
"requestId": "REQUEST_ID"
"type": "ANALYSIS_COMPLETE"
"errorCode": null
"analysis": {
"analysisId": 2992
"requestId": 3837
"status": "COMPLETE"
"result": "SUCCESS"
"progress": null
"toolType": "DAST"
"memo": "MEMO"
"startTime": 1750312561610
"endTime": 1750312561610
"issueCount": "TOTAL_ISSUES"
}
}