| CARVIEW |
Select Language
HTTP/2 200
content-type: text/html; charset=utf-8
access-control-allow-origin: null
cache-control: public, must-revalidate, max-age=60
x-xss-protection: 1; mode=block
content-security-policy: default-src 'none';form-action 'self';base-uri 'none';child-src 'self' https://www.youtube.com/embed/ https://cheat-sheets.portswigger.net https://*.portswigger.com;connect-src 'self' https://ps.containers.piwik.pro https://ps.piwik.pro https://go.portswigger.net https://tags.srv.stackadapt.com https://www.google.com/recaptcha/ https://formsubmission.portswigger.net https://*.portswigger.com;font-src 'self' https://fonts.gstatic.com data:;frame-src 'self' https://*.portswigger.com/ https://portswigger.net/ https://cheat-sheets.portswigger.net https://www.youtube.com/embed/ https://www.google.com/recaptcha/;img-src 'self' https://*.portswigger.com/ https://portswigger.net/ https://i.ytimg.com/ https://tags.srv.stackadapt.com/sa.jpeg;script-src https://*.portswigger.com/ https://portswigger.net/ https://ps.containers.piwik.pro/ppms.js https://ps.piwik.pro/ppms.js https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://tags.srv.stackadapt.com/events.js https://go.portswigger.net/pd.js 'nonce-YZ+TdqBtFWUqUkexmf6EbFYnUaOFgNWV' 'strict-dynamic';style-src 'self' https://tags.srv.stackadapt.com/sa.css 'nonce-YZ+TdqBtFWUqUkexmf6EbFYnUaOFgNWV' https://fonts.googleapis.com/css2* https://unpkg.com/animate.css@4.1.1/animate.css https://unpkg.com/@teleporthq/teleport-custom-scripts/dist/style.css;
date: Sat, 11 Oct 2025 18:48:25 GMT
server: '; DELETE carlos FROM users --
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-hiring-now: We're on a mission to secure the web: https://portswigger.net/careers
x-robots-tag: all
content-encoding: gzip
vary: accept-encoding
x-cache: Miss from cloudfront
via: 1.1 c06a592a5123b4cf0bac6202c234d25c.cloudfront.net (CloudFront)
x-amz-cf-pop: TLV55-P1
x-amz-cf-id: 5wOzxGTiOjF19x3PbF5k0C-dbW0yd0BqEc3rdCyk-pc2k3VpPIRo1w==
Creating API users - PortSwigger
Research
Academy
My account
Customers
About
Blog
Careers
Legal
Contact
Resellers
Attack surface visibility
Improve security posture, prioritize manual testing, free up time.
CI-driven scanning
More proactive security - find and fix vulnerabilities earlier.
Application security testing
See how our software enables the world to secure the web.
DevSecOps
Catch critical bugs; ship more secure software, more quickly.
Penetration testing
Accelerate penetration testing - find more bugs, more quickly.
Automated scanning
Scale dynamic scanning. Reduce risk. Save time/money.
Bug bounty hunting
Level up your hacking and earn more bug bounties.
Compliance
Enhance security monitoring to comply with confidence.
View all solutions
Support Center
Get help and advice from our experts on all things Burp.
Documentation
Tutorials and guides for Burp Suite.
Get Started - Professional
Get started with Burp Suite Professional.
Get Started - Enterprise
Get started with Burp Suite Enterprise Edition.
User Forum
Get your questions answered in the User Forum.
Downloads
Download the latest version of Burp Suite.
Visit the Support Center
DAST
Creating API users
-
Last updated: October 1, 2025
-
Read time: 1 Minute
If you want to integrate Burp Suite DAST with other software, such as Jira or a CI system, you need to create a dedicated API user that the other software will use to authenticate communication with Burp Suite DAST via either the REST API or GraphQL API.
Note
API users cannot log in to the web UI.
- Log in as an administrator and go to Team > Add a new user.
- Enter a name and username that will help you easily identify the user later, for example, "Jenkins Build".
- Enter an email address, for example, the email address of the admin user.
- Select the login type API Key.
- When you are happy with your changes, click the save icon in the upper-right corner.
- When prompted, copy the API key and URL, and save them somewhere secure. You will need these later.
Note that you cannot retrieve the API key for an existing user. If you lose it, you will have to generate a new key and manually update any files where it's used.