| alert (id* ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoint with the same name in the 'alert' component instead. Gets the alert with the given ID, the corresponding HTTP message can be obtained with the 'messageId' field and 'message' API method |
| alerts (baseurl start count riskId ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoint with the same name in the 'alert' component instead. Gets the alerts raised by ZAP, optionally filtering by URL or riskId, and paginating with 'start' position and 'count' of alerts |
| alertsSummary (baseurl ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoint with the same name in the 'alert' component instead. Gets number of alerts grouped by each risk level, optionally filtering by URL |
| childNodes (url ) | Gets the child nodes underneath the specified URL in the Sites tree |
| excludedFromProxy | Gets the regular expressions, applied to URLs, to exclude from the local proxies. |
| getLogLevel (name ) | The detailed logging config, optionally filtered based on a name (ex: starts with). |
| homeDirectory | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. |
| hosts | Gets the name of the hosts accessed through/by ZAP |
| message (id* ) | Gets the HTTP message with the given ID. Returns the ID, request/response headers and bodies, cookies, note, type, RTT, and timestamp. |
| messages (baseurl start count ) | Gets the HTTP messages sent by ZAP, request and response, optionally filtered by URL and paginated with 'start' position and 'count' of messages |
| messagesById (ids* ) | Gets the HTTP messages with the given IDs. |
| mode | Gets the mode |
| numberOfAlerts (baseurl riskId ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoint with the same name in the 'alert' component instead. Gets the number of alerts, optionally filtering by URL or riskId |
| numberOfMessages (baseurl ) | Gets the number of messages, optionally filtering by URL |
| optionAlertOverridesFilePath | Gets the path to the file with alert overrides. |
| optionDefaultUserAgent | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. Gets the user agent that ZAP should use when creating HTTP messages (for example, spider messages or CONNECT requests to outgoing proxy). |
| optionDnsTtlSuccessfulQueries | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. Gets the TTL (in seconds) of successful DNS queries. |
| optionHttpState | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. |
| optionHttpStateEnabled | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. |
| optionMaximumAlertInstances | Gets the maximum number of alert instances to include in a report. |
| optionMergeRelatedAlerts | Gets whether or not related alerts will be merged in any reports generated. |
| optionProxyChainName | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. |
| optionProxyChainPassword | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. |
| optionProxyChainPort | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. |
| optionProxyChainPrompt | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. |
| optionProxyChainRealm | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. |
| optionProxyChainSkipName | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use view proxyChainExcludedDomains instead. |
| optionProxyChainUserName | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. |
| optionProxyExcludedDomains | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use view proxyChainExcludedDomains instead. |
| optionProxyExcludedDomainsEnabled | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use view proxyChainExcludedDomains instead. |
| optionSingleCookieRequestHeader | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Option no longer in effective use. |
| optionTimeoutInSecs | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. Gets the connection time out (in seconds). |
| optionUseProxyChain | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. |
| optionUseProxyChainAuth | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. |
| optionUseSocksProxy | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. Gets whether or not the SOCKS proxy should be used. |
| proxyChainExcludedDomains | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. Gets all the domains that are excluded from the outgoing proxy. For each domain the following are shown: the index, the value (domain), if enabled, and if specified as a regex. |
| sessionLocation | Gets the location of the current session file |
| sites | Gets the sites accessed through/by ZAP (scheme and domain) |
| urls (baseurl ) | Gets the URLs accessed through/by ZAP, optionally filtering by (base) URL. |
| version | Gets ZAP version |
| zapHomePath | Gets the path to ZAP's home directory. |
| accessUrl (url* followRedirects ) | Convenient and simple action to access a URL, optionally following redirections. Returns the request sent and response received and followed redirections, if any. Other actions are available which offer more control on what is sent, like, 'sendRequest' or 'sendHarRequest'. |
| addProxyChainExcludedDomain (value* isRegex isEnabled ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. Adds a domain to be excluded from the outgoing proxy, using the specified value. Optionally sets if the new entry is enabled (default, true) and whether or not the new value is specified as a regex (default, false). |
| clearExcludedFromProxy | Clears the regexes of URLs excluded from the local proxies. |
| createSbomZip (filePath* ) | Create a zip file of the ZAP core and add-on SBOMs |
| deleteAlert (id* ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoint with the same name in the 'alert' component instead. Deletes the alert with the given ID. |
| deleteAllAlerts | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoint with the same name in the 'alert' component instead. Deletes all alerts of the current session. |
| deleteSiteNode (url* method postData ) | Deletes the site node found in the Sites Tree on the basis of the URL, HTTP method, and post data (if applicable and specified). |
| disableAllProxyChainExcludedDomains | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. Disables all domains excluded from the outgoing proxy. |
| disableClientCertificate | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. Disables the option for use of client certificates. |
| enableAllProxyChainExcludedDomains | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. Enables all domains excluded from the outgoing proxy. |
| enablePKCS12ClientCertificate (filePath* password* index ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. Enables use of a PKCS12 client certificate for the certificate with the given file system path, password, and optional index. |
| excludeFromProxy (regex* ) | Adds a regex of URLs that should be excluded from the local proxies. |
| generateRootCA | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. Generates a new Root CA certificate for the local proxies. |
| loadSession (name* ) | Loads the session with the given name. If a relative path is specified it will be resolved against the "session" directory in ZAP "home" dir. |
| modifyProxyChainExcludedDomain (idx* value isRegex isEnabled ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. Modifies a domain excluded from the outgoing proxy. Allows to modify the value, if enabled or if a regex. The domain is selected with its index, which can be obtained with the view proxyChainExcludedDomains. |
| newSession (name overwrite ) | Creates a new session, optionally overwriting existing files. If a relative path is specified it will be resolved against the "session" directory in ZAP "home" dir. |
| removeProxyChainExcludedDomain (idx* ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. Removes a domain excluded from the outgoing proxy, with the given index. The index can be obtained with the view proxyChainExcludedDomains. |
| runGarbageCollection | |
| saveSession (name* overwrite ) | Saves the session. |
| sendRequest (request* followRedirects ) | Sends the HTTP request, optionally following redirections. Returns the request sent and response received and followed redirections, if any. The Mode is enforced when sending the request (and following redirections), custom manual requests are not allowed in 'Safe' mode nor in 'Protected' mode if out of scope. |
| setHomeDirectory (dir* ) | |
| setLogLevel (name* logLevel* ) | Sets the logging level for a given logger name. |
| setMode (mode* ) | Sets the mode, which may be one of [safe, protect, standard, attack] |
| setOptionAlertOverridesFilePath (filePath ) | Sets (or clears, if empty) the path to the file with alert overrides. |
| setOptionDefaultUserAgent (String* ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. Sets the user agent that ZAP should use when creating HTTP messages (for example, spider messages or CONNECT requests to outgoing proxy). |
| setOptionDnsTtlSuccessfulQueries (Integer* ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. Sets the TTL (in seconds) of successful DNS queries (applies after ZAP restart). |
| setOptionHttpStateEnabled (Boolean* ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. |
| setOptionMaximumAlertInstances (numberOfInstances* ) | Sets the maximum number of alert instances to include in a report. A value of zero is treated as unlimited. |
| setOptionMergeRelatedAlerts (enabled* ) | Sets whether or not related alerts will be merged in any reports generated. |
| setOptionProxyChainName (String* ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. |
| setOptionProxyChainPassword (String* ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. |
| setOptionProxyChainPort (Integer* ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. |
| setOptionProxyChainPrompt (Boolean* ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. |
| setOptionProxyChainRealm (String* ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. |
| setOptionProxyChainSkipName (String* ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Option no longer in effective use. Use actions [add|modify|remove]ProxyChainExcludedDomain instead. |
| setOptionProxyChainUserName (String* ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. |
| setOptionSingleCookieRequestHeader (Boolean* ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Option no longer in effective use. |
| setOptionTimeoutInSecs (Integer* ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. Sets the connection time out (in seconds). |
| setOptionUseProxyChain (Boolean* ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. Sets whether or not the outgoing proxy should be used. The address/hostname of the outgoing proxy must be set to enable this option. |
| setOptionUseProxyChainAuth (Boolean* ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. |
| setOptionUseSocksProxy (Boolean* ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. Sets whether or not the SOCKS proxy should be used. |
| shutdown | Shuts down ZAP |
| snapshotSession (name overwrite ) | Snapshots the session, optionally with the given name, and overwriting existing files. If no name is specified the name of the current session with a timestamp appended is used. If a relative path is specified it will be resolved against the "session" directory in ZAP "home" dir. |
| fileDownload (fileName* ) | Download a file from the transfer directory |
| fileUpload (fileName* fileContents* ) | Upload a file to the transfer directory. Only POST requests accepted with encodings of "multipart/form-data" or "application/x-www-form-urlencoded". |
| htmlreport | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the 'generate' API endpoint the 'reports' component instead. Generates a report in HTML format |
| jsonreport | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the 'generate' API endpoint the 'reports' component instead. Generates a report in JSON format |
| mdreport | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the 'generate' API endpoint the 'reports' component instead. Generates a report in Markdown format |
| messageHar (id* ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'exim' add-on instead. Gets the message with the given ID in HAR format |
| messagesHar (baseurl start count ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'exim' add-on instead. Gets the HTTP messages sent through/by ZAP, in HAR format, optionally filtered by URL and paginated with 'start' position and 'count' of messages |
| messagesHarById (ids* ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'exim' add-on instead. Gets the HTTP messages with the given IDs, in HAR format. |
| proxy.pac | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. |
| rootcert | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. Gets the Root CA certificate used by the local proxies. |
| sendHarRequest (request* followRedirects ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'exim' add-on instead. Sends the first HAR request entry, optionally following redirections. Returns, in HAR format, the request sent and response received and followed redirections, if any. The Mode is enforced when sending the request (and following redirections), custom manual requests are not allowed in 'Safe' mode nor in 'Protected' mode if out of scope. |
| setproxy (proxy* ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the API endpoints in the 'network' component instead. |
| xmlreport | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use the 'generate' API endpoint the 'reports' component instead. Generates a report in XML format |