Cookie Consent

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

deny icon
Deny
allow icon
Accept
All Posts

How to Start with Mayhem for API

Mayhem Team
September 15, 2022
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

If you haven't done so yet, the fastest way to get started is to sign up for a free plan at https://mayhem4api.forallsecure.com/signup. If you already have an account, then you are ready to go for the next steps!

Installation

The Mayhem for API CLI is available to download for various common platforms.

ℹ️ The CLI will automatically keep itself updated when used as we make fixes and bug improvements.

MacOS

curl -Lo mapi https://mayhem4api.forallsecure.com/downloads/cli/latest/macos/mapi \
&& chmod +x mapi

Here's an easy way to add the mapi executable to your path:

sudo mv mapi /usr/local/bin

Linux (64-bit)

curl -Lo mapi https://mayhem4api.forallsecure.com/downloads/cli/latest/linux-musl/mapi \
&& chmod +x mapi

Here's an easy way to add the mapi executable to your path:

sudo mkdir -p /usr/local/bin/
sudo install mapi /usr/local/bin/

Windows (64-bit)

From a Windows 10 terminal (PowerShell or cmd):

curl.exe -Lo mapi.exe https://mayhem4api.forallsecure.com/downloads/cli/latest/windows-amd64/mapi.exe

or download :

https://mayhem4api.forallsecure.com/downloads/cli/latest/windows-amd64/mapi.exe


{{api-cta}}

Test it out!

Make sure the CLI works by running:

mapi --help

Authentication

The mapi CLI communicates with our API using OAuth 2.0 Bearer Tokens. The token will be read by the environment variable, MAPI_TOKEN, if available.

To get a new token, visit the "Manage API Tokens page" to create a new token, <NEW_TOKEN>, and login:

$ mapi login <NEW_TOKEN>

Welcome to Mayhem for API! We have saved a new API token in
your local settings at '/Users/mapi_fuzzer/Library/Preferences/rs.mapi/mapi.toml':

3BzW...

Setting the displayed API Token to the environment variable, MAPI_TOKEN, will allow you to run the CLI on other computers, such as part of your Continuous Integration build.

Now you can try contacting the API. Let's get the list of targets to which you have access:

mapi target list


You should see an (empty) list of API targets. Let's add our first target so that list won't stay empty for long.

Share this post
Blog

Recent Blogs

View All
The Hacker Mind Podcast

The Hacker Mind: Hacking Visual Studio Code Extensions

Rather than use backdoor exploits, attackers are stealing credentials going through the front door - sometimes from the tools we trust.
Read More
The Hacker Mind Podcast

The Hacker Mind Podcast: Ghost Token

What if an OAUTH access token wasn’t deleted? This could expose databases to bad actors.
Read More
Mayhem Makers

Mayhem Makers: Patrick Bishop, SVP of Revenue

For this month’s employee profile, we talked with Patrick Bishop, SVP of Revenue, who joined the Mayhem team in September, 2022 and is based out of Boston, MA.
Read More
View all

Add a Little Mayhem to Your Inbox

Subscribe to our weekly newsletter for expert insights and news on DevSecOps topics, plus Mayhem tips and tutorials.

By subscribing, you're agreeing to our website terms and privacy policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Add Mayhem to Your DevSecOps for Free.

Get a full-featured 30 day free trial.

Company
AboutCareersPressEvents
Support
CommunityDocs & TutorialsContact
Follow us
GitHub
LinkedIn
X (...sigh)
Youtube
Medium
© 2023 ForAllSecure
Privacy PolicyTerms of UseCookies Settings
Mayhem Tips
API Security

Complete API Security in 5 Minutes

Get started with Mayhem today for fast, comprehensive, API security. 

Get Mayhem

Maximize Code Coverage in Minutes

Mayhem is an award-winning AI that autonomously finds new exploitable bugs and improves your test suites.

Get Mayhem