OWASP ZAP · Capability

ZAP API — authorization

ZAP API — authorization. 2 operations. Lead operation: authorization. Self-contained Naftiko capability covering one Owasp Zap business surface.

Run with Naftiko Owasp Zapauthorization

What You Can Do

GET
Authorizationactionsetbasicauthorizationdetectionmethod — Sets the authorization detection method for a context as one that identifies un-authorized messages based on: the message's status code or a regex pattern in the response's header or body. Also, whether all conditions must match or just som
/v1/json/authorization/action/setbasicauthorizationdetectionmethod
GET
Authorizationviewgetauthorizationdetectionmethod — Obtains all the configuration of the authorization detection method that is currently set for a context.
/v1/json/authorization/view/getauthorizationdetectionmethod

MCP Tools

sets-authorization-detection-method-context

Sets the authorization detection method for a context as one that identifies un-authorized messages based on: the message's status code or a regex pattern in the response's header or body. Also, whether all conditions must match or just som

read-only idempotent
obtains-all-configuration-authorization-detection

Obtains all the configuration of the authorization detection method that is currently set for a context.

read-only idempotent

Capability Spec

owasp-zap-authorization.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: ZAP API — authorization
  description: 'ZAP API — authorization. 2 operations. Lead operation: authorization. Self-contained Naftiko capability covering
    one Owasp Zap business surface.'
  tags:
  - Owasp Zap
  - authorization
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    OWASP_ZAP_API_KEY: OWASP_ZAP_API_KEY
capability:
  consumes:
  - type: http
    namespace: owasp-zap-authorization
    baseUri: http://zap
    description: ZAP API — authorization business capability. Self-contained, no shared references.
    resources:
    - name: JSON-authorization-action-setBasicAuthorizationDetectionMethod
      path: /JSON/authorization/action/setBasicAuthorizationDetectionMethod/
      operations:
      - name: authorizationactionsetbasicauthorizationdetectionmethod
        method: GET
        description: 'Sets the authorization detection method for a context as one that identifies un-authorized messages
          based on: the message''s status code or a regex pattern in the response''s header or body. Also, whether all conditions
          must match or just som'
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-authorization-view-getAuthorizationDetectionMethod
      path: /JSON/authorization/view/getAuthorizationDetectionMethod/
      operations:
      - name: authorizationviewgetauthorizationdetectionmethod
        method: GET
        description: Obtains all the configuration of the authorization detection method that is currently set for a context.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    authentication:
      type: apikey
      key: X-ZAP-API-Key
      value: '{{env.OWASP_ZAP_API_KEY}}'
      placement: header
  exposes:
  - type: rest
    namespace: owasp-zap-authorization-rest
    port: 8080
    description: REST adapter for ZAP API — authorization. One Spectral-compliant resource per consumed operation, prefixed
      with /v1.
    resources:
    - path: /v1/json/authorization/action/setbasicauthorizationdetectionmethod
      name: json-authorization-action-setbasicauthorizationdetectionmethod
      description: REST surface for JSON-authorization-action-setBasicAuthorizationDetectionMethod.
      operations:
      - method: GET
        name: authorizationactionsetbasicauthorizationdetectionmethod
        description: 'Sets the authorization detection method for a context as one that identifies un-authorized messages
          based on: the message''s status code or a regex pattern in the response''s header or body. Also, whether all conditions
          must match or just som'
        call: owasp-zap-authorization.authorizationactionsetbasicauthorizationdetectionmethod
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/authorization/view/getauthorizationdetectionmethod
      name: json-authorization-view-getauthorizationdetectionmethod
      description: REST surface for JSON-authorization-view-getAuthorizationDetectionMethod.
      operations:
      - method: GET
        name: authorizationviewgetauthorizationdetectionmethod
        description: Obtains all the configuration of the authorization detection method that is currently set for a context.
        call: owasp-zap-authorization.authorizationviewgetauthorizationdetectionmethod
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: owasp-zap-authorization-mcp
    port: 9090
    transport: http
    description: MCP adapter for ZAP API — authorization. One tool per consumed operation, routed inline through this capability's
      consumes block.
    tools:
    - name: sets-authorization-detection-method-context
      description: 'Sets the authorization detection method for a context as one that identifies un-authorized messages based
        on: the message''s status code or a regex pattern in the response''s header or body. Also, whether all conditions
        must match or just som'
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-authorization.authorizationactionsetbasicauthorizationdetectionmethod
      outputParameters:
      - type: object
        mapping: $.
    - name: obtains-all-configuration-authorization-detection
      description: Obtains all the configuration of the authorization detection method that is currently set for a context.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-authorization.authorizationviewgetauthorizationdetectionmethod
      outputParameters:
      - type: object
        mapping: $.