Skip to content

FAQapikey

Jump to bottom Edit New page
psiinon edited this page Jul 30, 2015 · 8 revisions

FAQ: Why is an API key created by default from ZAP 2.4.1?

Starting from version 2.4.1 ZAP creates an API key by default.
Applications that use the ZAP API will only work if they supply the correct key.
This is a security feature to prevent malicious sites from invoking the ZAP API.

The API key can be found in the API Options screen
You can also set it from the command line using an option like:

-config api.key=change-me-9203935709

You can disable it via the UI or via the command line option:

-config api.disablekey=true

This is not recommended unless you are using ZAP in a completely isolated environment, as it allows malicious sites to access the ZAP API.

Back to the FAQ

Add a custom footer
Clone this wiki locally