Welcome to the Invicti Vulnerable API

Warning: This API is intentionally vulnerable for educational purposes. Use it responsibly!
OWASP Top 10 API Security Risks – 2023: This vulnerable API showcases multiple issues from the OWASP Top 10 API Security Risks – 2023. It's designed to demonstrate common API security vulnerabilities.
Authentication: To authenticate with this API, use the following credentials and Bearer tokens:
Username Password Bearer Token
user1 password1 one
user2 password2 two
admin adminpassword three
Example HTTP Request:

                  
GET /api/users/1 HTTP/1.1
Authorization: Bearer one
Host: vulnapi.testinvicti.com

This example demonstrates how to use the static bearer token to authenticate a request.

API Documentation Download Swagger JSON file View Security Issues