Simon Bennetts edited this page Apr 23, 2018 · 6 revisions
Clone this wiki locally


ZAP provides a REST Application Programming Interface (API) which allows you to interact with ZAP programmatically.

The REST API can be accessed directly or via one of the client implementations detailed below.

It is documented briefly in the ZAP user guide, but there is more information here on the wiki.

A set of wiki pages which lists all of the available functionality is generated by the code and is available here: API details

In order to be able to use the API when using the ZAP UI you have to first enable it. You can do this via the Options API screen:

  • Tools / Options... / API

If you run ZAP in 'headless' or 'daemon' mode (by starting ZAP via the command line and using the -daemon flag) then the API will be automatically enabled.

The ZAP API is particularly useful for Security Regression Tests.

A summary of the clients available:

Language Download links Notes
Java GitHub Official API
Python PyPI Official API
Node.js NPM In process of becoming an official API
PHP GitHub Packagist In process of becoming an official API
Ruby GitHub
Ruby GitHub

More details about the API are available in these pages: