API Scoping

  1. Purpose of the API?

  2. How many endpoints exist?

  3. Roughly how many parameters exist across the endpoints?

  4. What type of API is it? ie REST, SOAP, RPC etc

  5. How do we authenticate against the API? What authentication mechanisms are used?

  6. How many roles exist across the API?

  7. Can you provide supporting API documentation about the request, expected data etc?

  8. Can you provide anything that can be imported into postman or similar to build out the requests?

PreviousInfrastructure ScopingNextWebApp Scoping

Last updated