Burp Suite Enterprise API scanning restriction

Burp Suite Enterprise is one of the best tools in the industry for Dynamic Application Security Testing. It is being used in various organizations for scanning web application and it does great job in identifying vulnerabilities. I was searching its capabilities to scan API and came across this restriction that it only scans openAPI v3 collection and authentication parameters need to be added as part of the collection.

Note: Portswigger team is working on feature like adding additional headers and can it launch very soon.

Check below reference links for more details.

• REST API Scanning Using Burp Enterprise – Burp Suite User Forum (portswigger.net)

• API Security Testing Software from PortSwigger