Burp Suite Enterprise Edition provides two APIs, which you can use to interact with Burp Suite Enterprise Edition from other third-party software.
The GraphQL API exposes virtually all of the core functionality and data of Burp Suite Enterprise Edition. Among other things, you can currently use the API to:
- Create and edit sites
- Schedule one-off and regular scans
- Create and edit custom scan configurations
- Add folders to your site tree
- Get scan results and reports
- Manage your pool of agent machines, including authorizing new agent machines.
We plan to expand the capabilities using the GraphQL API in the near future. This includes releasing GraphQL-based versions of our generic CI driver and native plugins for integrating a scan as part of your Jenkins or TeamCity build pipeline, which currently rely on the REST API. If you are planning on developing a new integration of Burp Suite Enterprise Edition with your own software or a third-party tool, we recommend using the GraphQL API wherever possible.
For more detailed information, please refer to our GraphQL API documentation.
Burp Suite Enterprise Edition's REST API can be used for integration with other software, including CI/CD systems. The API can be used to initiate scans from your CI system and fail software builds when certain issues are reported. In fact, the REST API is currently used by our generic CI driver and our native plugins for integrating with Jenkins and TeamCity.
While the REST API may be more familiar to users of Burp Suite Professional, it is only able to expose a limited range of Burp Suite Enterprise Edition's functionality. Therefore, we recommend using the GraphQL API for your new integrations wherever possible.
To make use of the REST API, you first need to create a user with the login type "API key" and assign them suitable privileges. Keep a record of the user's API key and handle it sensitively.
You can view the API documentation and interact with the API by browsing to:
[Enterprise server URL]/api/[API key].
Burp Suite Enterprise Edition's CI integration uses the REST API to let you drive scans from your CI system and fail software builds when certain issues are reported.