(Frequently Asked Questions)
What platforms are supported?
The Mayhem for API CLI (command line interface),
mapi, will run on the following platforms:
- Linux (64-bit)
- Windows (64-bit)
What languages are supported?
Mayhem for API scans Web APIs. It does not matter what language the API is written in,
as long as it is accessible from the same network as the
For more detailed issues, Mayhem for API can collect stacktraces returned by the API. It is common to enable returning stacktraces when running an API in a debug mode, but not in production.
Stacktrace parsing enables Mayhem for API to achieve tighter integrations with tools like GitHub / Visual Studio Code with the help of SARIF results export.
The supported languages for Stacktrace parsing include:
What kind of information do you collect?
When you sign up for Mayhem for API, we collect your email address and any other optional information that you provide such as Name and Phone Number.
When you sign up using a social login, such as Atlassian, GitLab, Github or Google, we will automatically collect your email address and Name.
If you choose to delete your account, are personal information will remove all personal information at, or before, 28 days in accordance with GDPR compliance.
During a Mayhem scan, the
mapi CLI can make thousands, or even millions, of
requests to your API. We do not store the contents of every request. Only when
an issue is discovered, will we collect the request that was sent to your API,
and the response that it returned to the CLI.
Other information that is considered 'secret', such as Bearer tokens used for Authentication, will be redacted prior to uploading issue details.
ℹ️ Organizations with Enterprise plans can run in 'local' mode. This mode prevents the
mapiCLI from uploading all run details to the mAPI API. Results will be kept local to the computer where
See Keeping Results Local for more details.