New feature: Automated API Discovery from Source Code. Get Access

New feature: Automated API Discovery from Source Code. Get Access

New feature: Automated API Discovery from Source Code. Get Access

All User Configurations in a Single Screen

With this single screen, managing user configurations becomes more streamlined and efficient. By providing visibility into all user settings and configurations in one place, Akto empowers you to carry out API security testing more effectively and accurately.

Raaga Srinivas

Raaga Srinivas

6 mins

All User Configurations in a Single Screen
All User Configurations in a Single Screen
All User Configurations in a Single Screen

In Akto, a user configuration refers to the specific settings that control how a user can run a test on their APIs. These settings may include user access levels, permissions, and other security protocols. In Akto, it refers to a specific set of data that we receive from the user in one of two ways:

  1. In an automated manner, when the user connects to traffic data

  2. Manually, to be filled in or created by the user

This is what the screen contains:

  • Config name: The name of the user configuration

  • Status:
    Done: Akto was able to create this group or role through traffic data in an automated manner Pending: Requires manual intervention from the user

  • Values: Hyperlinks to the exact groups or role settings

  • Impacting Categories: Exact vulnerabilities that these configurations will be used to test against.

User configurations screen

In Akto, we use multiple user configurations in the context of API Security testing. These are categorized in two ways:

1. Which APIs do you want to test?

Akto groups API endpoints that have been called by a certain user when performing an action that is directly linked to their account. We use traffic already present in the dashboard and use regex-based matching to create the API groups.

For example, when a user wants to reset their password, the system triggers a specific API endpoint linked to this user’s account.

By capturing this action, Akto groups the endpoints that are specifically related to the password reset process of this user, thereby creating a logical group. These groups are API collections on which you can now conduct your API security testing.

Here are some logical groups created by Akto:

  • Password reset endpoint

  • Authentication token header key

  • User registration endpoint

  • Login endpoint

Now, instead of appending test templates to include new APIs under these categories, Akto will automatically group these endpoints based on pre-defined conditions. All you have to do is run your test on the API collection!

Monthly product updates in your inbox. No spam.

Monthly product updates in your inbox. No spam.

Monthly product updates in your inbox. No spam.

2. Against what role do you want to test your APIs?

When it comes to role-based testing, certain API Security tests require certain user configurations.

For example, if you're testing your APIs against a malicious attacker, you may want to configure your user settings to simulate that attacker's potential access levels and permissions. So you will need an attacker account role. In this particular case, Akto does this in a completely automated way.

Conversely, if you're testing how your APIs behave for a regular user, you would configure your settings to reflect that user's access and permissions.

Like this, Akto has a set of pre-defined roles for which we require user configurations to ensure you can easily get started with testing.

Here are some of the roles:

  • Locked account role

  • Logged out account role

  • Attacker account role

You can also create more test roles by navigating to the ‘Test Roles’ tab in the left nav. Know more about how to create a test role here.

Akto now lets you view all your user configuration data described above in a single screen.

Final Thoughts

With this single screen, managing user configurations becomes more streamlined and efficient. By providing visibility into all user settings and configurations in one place, Akto empowers you to carry out API security testing more effectively and accurately.

After setting up all user configurations, you can get started on testing your APIs! Check out these resources to know more:

Want to ask something?

Our community offers a network of support and resources. You can ask any question there and will get a reply in 24 hours.

Want to ask something?

Our community offers a network of support and resources. You can ask any question there and will get a reply in 24 hours.

Want to ask something?

Our community offers a network of support and resources. You can ask any question there and will get a reply in 24 hours.

Follow us for more updates

Experience enterprise-grade API Security solution