Circle CI

Add the Mayhem for API CircleCI Orb to your .circleci/config.yml file.

version: 2.1
orbs:
  mapi: forallsecure/mapi@1.0.0

Pipeline Hosted Service

Create a new job to scan your API and start your service. Then call the mapi/scan command to run Mayhem against your service.

jobs:
  mayhem-for-api:
    machine:
      image: ubuntu-2204:2022.07.1
    steps:
      # Start your service
      - run:
          command: start-service.sh &
      # Scan your API with Mayhem for API
      - mapi/scan:
          api-url: "http://localhost:8000"
          api-spec: "https://demo-api.mayhem4api.forallsecure.com/api/v3/openapi.json"
      - store_artifacts:
          path: /tmp/mapi
      - store_test_results:
          path: /tmp/mapi/junit.xml

Then add the new job to your workflow.

workflows:
  tests-and-security:
    jobs:
      - mayhem-for-api

Deployed Service

To test a service that is already deployed and not running as part of the build pipeline, use the mapi/scan job in your workflow. Mayhem should never be executed against production environments.

workflows:
  tests-and-security:
    jobs:
      - mapi/scan:
          api-url: "https://your.staging.com/"
          api-spec: "https://your.staging.com/openapi.json"