​

Web App Scanning API Reference

Published April 5, 2023 | Last modified October 1, 2025

Objective

This document outlines the APIs exposed by F5® Distributed Cloud Web App Scanning and how to access them.

You can find a detailed overview of the APIs on our Swagger UI page. You can also download a copy of our OpenAPI Specification (version 3.0.1) to automatically generate a client in your preferred development framework.

API Access

To make use of the APIs offered by F5® Distributed Cloud Web App Scanning, you must first create an API key.

Step 1: Log into the Distributed Cloud Web App Scanning Console and navigate to the Settings page.

  1. Log into the Distributed Cloud Web App Scanning Console.

  2. Click on Settings in the header menu.

  3. Click on API Keys.

Step 2: Create an API key.

  1. To create a new API key, click on Create.

  2. Provide a name for your API key. This lets you easily identify your API key in the future.

  3. Click on Create.

Step 3: Read your API key.

  1. Reveal your newly created API key by clicking on its corresponding row in the table.

  2. Your API key will be revealed for you to copy and use in your program.

  3. The API key will automatically expire a year after creation. Make sure to create a new key and renew it before expiry.

Figure: API Keys

Figure: API Keys

Note: Add an Authorization header to all your API requests to F5® Distributed Cloud Web App Scanning with the value Heyhack API_KEY. Replace API_KEY with the value of your key.

On this page: