Black Friday offer! Buy your Burp Suite certified exam for just $9, pass before 15 Dec, and we'll refund your $9.  –   Find out more


API reference

  • Last updated: November 24, 2021

  • Read time: 2 Minutes

Burp Suite Enterprise Edition provides two APIs that you can use to interact with the system from other third-party software. The GraphQL API offers the broadest range of functionality and is recommended for new integrations, while the REST API offers a simple migration for users who are familiar with the Burp Suite Professional API.


If you are planning on developing a new integration of Burp Suite Enterprise Edition with your own software or a third-party tool, we recommend using the GraphQL API wherever possible.

The GraphQL API exposes virtually all of the core functionality and data of Burp Suite Enterprise Edition. Among other things, you can use the API to:

  • Create and edit sites.
  • Schedule one-off and regular scans.
  • Create and edit custom scan configurations.
  • Add folders to your site tree.
  • Get scan results and reports.
  • Manage your pool of agent machines, including authorizing new agent machines.
  • Integrate scans as part of your build pipeline.

More information:


Burp Suite Enterprise Edition's REST API offers a basic means of initiating scans from your CI system and failing software builds whenever certain issues are reported. It is closely related to the Burp Suite Professional API, and represents a simple migration from that API surface.

While the REST API may be more familiar to users of Burp Suite Professional, it is only able to expose a limited range of Burp Suite Enterprise Edition's functionality. Therefore, we strongly recommend using the GraphQL API for your new integrations wherever possible.

To view interactive documentation for the REST API, browse to: [Enterprise server URL]/api/[API key].

Using the APIs

In order to use either of Burp Suite Enterprise Edition's APIs, you will need to set up an API user. API users each have a unique API key that enables them to authenticate when making requests.

Note that Burp Suite Enterprise Edition's user roles apply to API users in the same way as UI users. You can only use the APIs to perform those tasks that the user permissions associated with your role allow. As such, you should ensure that any API users you set up have the correct roles applied.

More information:

  • For more information on setting up API users, see Creating API users.

  • For more information on configuring roles in Burp Suite Enterprise Edition, see Roles.