Rapid7 · Capability

InsightVM API — Scan

InsightVM API — Scan. 5 operations. Lead operation: Scans. Self-contained Naftiko capability covering one business surface.

InsightVM API — Scan is a Naftiko capability published by Rapid7, one of 47 capabilities the APIs.io network indexes for this provider. It bundles 5 operations across the GET and POST methods rooted at /v1/api/3.

The capability includes 3 read-only operations and 2 state-changing operations. Lead operation: Scans. Can be deployed as a REST endpoint, MCP tool, or Agent Skill via Naftiko.

Tagged areas include Rapid7 and Scan.

Run with Naftiko Rapid7Scan

What You Can Do

GET
Getscans — Scans
/v1/api/3/scans
GET
Getscan — Scan
/v1/api/3/scans/{id}
POST
Setscanstatus — Scan Status
/v1/api/3/scans/{id}/{status}
GET
Getsitescans — Site Scans
/v1/api/3/sites/{id}/scans
POST
Startscan — Site Scans
/v1/api/3/sites/{id}/scans

MCP Tools

rapid7-getscans

Scans

read-only idempotent
rapid7-getscan

Scan

read-only idempotent
rapid7-setscanstatus

Scan Status

rapid7-getsitescans

Site Scans

read-only idempotent
rapid7-startscan

Site Scans

Capability Spec

insightvm-console-swagger-scan.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: InsightVM API — Scan
  description: 'InsightVM API — Scan. 5 operations. Lead operation: Scans. Self-contained Naftiko capability covering one business surface.'
  tags:
  - Rapid7
  - Scan
  created: '2026-05-20'
  modified: '2026-05-20'
binds:
- namespace: env
  keys:
    RAPID7_API_KEY: RAPID7_API_KEY
capability:
  consumes:
  - type: http
    namespace: insightvm-console-swagger-scan
    baseUri: https://localhost:3780
    description: InsightVM API — Scan business capability. Self-contained, no shared references.
    resources:
    - name: api-3-scans
      path: /api/3/scans
      operations:
      - name: getscans
        method: GET
        description: Scans
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: active
          in: query
          type: boolean
          description: Return running scans or past scans (true/false value).
        - name: page
          in: query
          type: integer
          description: The index of the page (zero-based) to retrieve.
        - name: size
          in: query
          type: integer
          description: The number of records per page to retrieve.
        - name: sort
          in: query
          type: array
          description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
    - name: api-3-scans-id
      path: /api/3/scans/{id}
      operations:
      - name: getscan
        method: GET
        description: Scan
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: integer
          description: The identifier of the scan.
          required: true
    - name: api-3-scans-id-status
      path: /api/3/scans/{id}/{status}
      operations:
      - name: setscanstatus
        method: POST
        description: Scan Status
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: integer
          description: The identifier of the scan.
          required: true
        - name: status
          in: path
          type: string
          description: The status of the scan.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-3-sites-id-scans
      path: /api/3/sites/{id}/scans
      operations:
      - name: getsitescans
        method: GET
        description: Site Scans
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: integer
          description: The identifier of the site.
          required: true
        - name: active
          in: query
          type: boolean
          description: Return running scans or past scans (true/false value).
        - name: page
          in: query
          type: integer
          description: The index of the page (zero-based) to retrieve.
        - name: size
          in: query
          type: integer
          description: The number of records per page to retrieve.
        - name: sort
          in: query
          type: array
          description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
      - name: startscan
        method: POST
        description: Site Scans
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: integer
          description: The identifier of the site.
          required: true
        - name: overrideBlackout
          in: query
          type: boolean
          description: Whether to request for the override of an scan blackout window.
        - name: scan
          in: body
          type: string
          description: The details for the scan.
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
  exposes:
  - type: rest
    namespace: insightvm-console-swagger-scan-rest
    port: 8080
    description: REST adapter for InsightVM API — Scan. One resource per consumed operation, prefixed with /v1.
    resources:
    - path: /v1/api/3/scans
      name: api-3-scans
      description: REST surface for api-3-scans.
      operations:
      - method: GET
        name: getscans
        description: Scans
        call: insightvm-console-swagger-scan.getscans
        with:
          active: rest.active
          page: rest.page
          size: rest.size
          sort: rest.sort
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/3/scans/{id}
      name: api-3-scans-id
      description: REST surface for api-3-scans-id.
      operations:
      - method: GET
        name: getscan
        description: Scan
        call: insightvm-console-swagger-scan.getscan
        with:
          id: rest.id
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/3/scans/{id}/{status}
      name: api-3-scans-id-status
      description: REST surface for api-3-scans-id-status.
      operations:
      - method: POST
        name: setscanstatus
        description: Scan Status
        call: insightvm-console-swagger-scan.setscanstatus
        with:
          id: rest.id
          status: rest.status
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/3/sites/{id}/scans
      name: api-3-sites-id-scans
      description: REST surface for api-3-sites-id-scans.
      operations:
      - method: GET
        name: getsitescans
        description: Site Scans
        call: insightvm-console-swagger-scan.getsitescans
        with:
          id: rest.id
          active: rest.active
          page: rest.page
          size: rest.size
          sort: rest.sort
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: startscan
        description: Site Scans
        call: insightvm-console-swagger-scan.startscan
        with:
          id: rest.id
          overrideBlackout: rest.overrideBlackout
          scan: rest.scan
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: insightvm-console-swagger-scan-mcp
    port: 9090
    transport: http
    description: MCP adapter for InsightVM API — Scan. One tool per consumed operation, routed inline through this capability's consumes block.
    tools:
    - name: rapid7-getscans
      description: Scans
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: insightvm-console-swagger-scan.getscans
      with:
        active: tools.active
        page: tools.page
        size: tools.size
        sort: tools.sort
      outputParameters:
      - type: object
        mapping: $.
    - name: rapid7-getscan
      description: Scan
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: insightvm-console-swagger-scan.getscan
      with:
        id: tools.id
      outputParameters:
      - type: object
        mapping: $.
    - name: rapid7-setscanstatus
      description: Scan Status
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: insightvm-console-swagger-scan.setscanstatus
      with:
        id: tools.id
        status: tools.status
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: rapid7-getsitescans
      description: Site Scans
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: insightvm-console-swagger-scan.getsitescans
      with:
        id: tools.id
        active: tools.active
        page: tools.page
        size: tools.size
        sort: tools.sort
      outputParameters:
      - type: object
        mapping: $.
    - name: rapid7-startscan
      description: Site Scans
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: insightvm-console-swagger-scan.startscan
      with:
        id: tools.id
        overrideBlackout: tools.overrideBlackout
        scan: tools.scan
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.