Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Call GraphQL API

Rahim | Last updated: Jun 17, 2020 10:54PM UTC

I'm having trouble calling GraphQL API on our Enterprise BurpSuite server. For example, our burpsuite enterprise URL is http://<BURPURL> I tried calling ScanReport GraphQL API via Postman as follows: Endpoint: http://<BURPURL> Headers: "Authorization:<API KEY MY ADMIN SENT ME>" Body: query: Query get_report( $scan_id: ID!, $include_false_positives: Boolean) { scan_report( scan_id: $scan_id, include_false_positives: $include_false_positives) { report_html } } variables: { "scan_id": "156", "include_false_positives": false } And I get HTTP 401 Unauthorized. Please advise.

Rahim | Last updated: Jun 17, 2020 11:16PM UTC

I suspect this error is due to my API key expiring or no longer working so I'm waiting for my admin to reset the APIKey but in the meanwhile, I'd like to rule out other issues. For example, is the end point above correct? I've tried http://<BURPURL>/api and http://<BURPURL>/api/graphql as well.

Rahim | Last updated: Jun 17, 2020 11:16PM UTC

I suspect this error is due to my API key expiring or no longer working so I'm waiting for my admin to reset the APIKey but in the meanwhile, I'd like to rule out other issues. For example, is the end point above correct? I've tried http://<BURPURL>/api and http://<BURPURL>/api/graphql as well.

Uthman, PortSwigger Agent | Last updated: Jun 18, 2020 07:27AM UTC

Hi Rahim, The GraphQL endpoint is at <ENTERPRISE-SERVER-URL>/graphql/v1. Can you try that out first? If you still see the 401, it is likely that your API key is invalid.

Rahim | Last updated: Jun 18, 2020 07:54PM UTC

HI Uthman, This worked! Thank you very much Rahim

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.