To avoid common pitfalls that lead to failed scans or incomplete results, we recommend you test your settings before scanning your target with Snyk API & Web. Testing your configuration allows you to:
Confirm we can access your target.
Verify that login credentials are working as expected.
Identify if a web application firewall (WAF) or other security measures are blocking our traffic.
Verify the validity of your API schema/collection.
Discover extra hosts that might need to be added to your target.
Prerequisites
To use the test configuration feature, you must have the following permissions:
view_target,change_target_settings, andstart_scan.
Steps to test your configuration
You can initiate a configuration test from the targets list or directly in the target settings.
From the Targets list, locate the target you want to test, open the Scan button dropdown, and select Test configuration.
From the Target settings, click the Test configuration button in the Login Configuration/API Target Authentication module, or at the top of the page.
After you start the test, a side panel opens to display the test progress in real time.
We provide feedback on several key areas:
Connectivity: confirms we can reach the URL.
WAF Detection: alerts you if we detect a firewall that might interfere with the DAST scan.
Authentication: validates that the provided credentials successfully grant access to the target.
Schema Validity: verifies the schema provided for the API target.
Extra Hosts: identifies additional domains the web application relies on that might need to be added to your target settings.
If a check fails or if further configuration is required, the side panel provides a specific call to action to help you resolve the issue immediately. You can also see connectivity details and, if applicable, a video of the login attempt. Here are some examples:
 |  |
Test your target configuration right away, and let us know if you encounter any issues. Happy scanning!