Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Call GraphQL API

Rahim | Last updated: Jun 17, 2020 10:54PM UTC

I'm having trouble calling GraphQL API on our Enterprise BurpSuite server. For example, our burpsuite enterprise URL is http://<BURPURL> I tried calling ScanReport GraphQL API via Postman as follows: Endpoint: http://<BURPURL> Headers: "Authorization:<API KEY MY ADMIN SENT ME>" Body: query: Query get_report( $scan_id: ID!, $include_false_positives: Boolean) { scan_report( scan_id: $scan_id, include_false_positives: $include_false_positives) { report_html } } variables: { "scan_id": "156", "include_false_positives": false } And I get HTTP 401 Unauthorized. Please advise.

Rahim | Last updated: Jun 17, 2020 11:16PM UTC

I suspect this error is due to my API key expiring or no longer working so I'm waiting for my admin to reset the APIKey but in the meanwhile, I'd like to rule out other issues. For example, is the end point above correct? I've tried http://<BURPURL>/api and http://<BURPURL>/api/graphql as well.

Rahim | Last updated: Jun 17, 2020 11:16PM UTC

I suspect this error is due to my API key expiring or no longer working so I'm waiting for my admin to reset the APIKey but in the meanwhile, I'd like to rule out other issues. For example, is the end point above correct? I've tried http://<BURPURL>/api and http://<BURPURL>/api/graphql as well.

Uthman, PortSwigger Agent | Last updated: Jun 18, 2020 07:27AM UTC

Hi Rahim, The GraphQL endpoint is at <ENTERPRISE-SERVER-URL>/graphql/v1. Can you try that out first? If you still see the 401, it is likely that your API key is invalid.

Rahim | Last updated: Jun 18, 2020 07:54PM UTC