ZAP provides a REST Application Programming Interface (API) which allows you to interact with ZAP programmatically.
The REST API can be accessed directly or via one of the client implementations detailed below.
It is documented briefly in the ZAP user guide, but there is more information here on the wiki.
A set of wiki pages which lists all of the available functionality is generated by the code and is available here: API details
In order to be able to use the API when using the ZAP UI you have to first enable it. You can do this via the Options API screen:
- Tools / Options... / API
If you run ZAP in 'headless' or 'daemon' mode (by starting ZAP via the command line and using the -daemon flag) then the API will be automatically enabled.
The ZAP API is particularly useful for Security Regression Tests.
A summary of the clients available:
| Language | Download links | Notes |
|---|---|---|
| Java | GitHub | Official API |
| Python | PyPI | Official API |
| Node.js | NPM | Official API |
| PHP | GitHub Packagist | In process of becoming an official API |
| Ruby | GitHub | |
| Ruby | GitHub |
More details about the API are available in these pages: