Endpoint Discovery
Endpoint Overview
To get an overview of all the endpoints your Juice Shop contains, you can view the Endpoints page. Here, you can see information such as what specific endpoints the app contains, what kind of sensitive data they might be exposing, and when they were first detected or last seen. You can also filter the list by multiple categories to narrow down on a specific subset of endpoints. You can click on any one of the endpoints to get a detailed view about it’s usage, the fields it contains in it’s requests and responses, the exact requests that it’s receiving, and much more.
Sensitive Data
To get an overview of the types of sensitive data going in and out of your Juice Shop app, you can view the Sensitive Data page. You can get an overview of how many endpoints are returning sensitive data and how many times they are present in your API endpoints. You can also view which endpoints contain a specific type of sensitive data by clicking on the View
button on each entry.
API Specs
Metlo also provides an easy way to understand your APIs using OpenAPI Specs which can be viewed on the API Specs page. Metlo automatically generates OpenAPI Documents that conform to the OpenAPI Specification for all the Juice Shop endpoints based on the traffic it scans. You can read more about the OpenAPI Specification and its usage here.
Note: Metlo will auto generate OpenAPI Spec files every hour.