If your functional tests are based on python pytest, you can use pynt command to run API Security tests from these functional tests.

Here is an example: goat_functional_test.py is a python based tester for goat (our vulnerable application) that we use to test the functionality of goat, we run it with:

pytest goat_functional_test.py

Now, to run Pynt on it, we run:

pynt command --cmd "pytest goat_functional_test.py"

SSL Support

If your functional test is enforcing SSL certificate verification (e.g. https) you will need to provide Pynt a certificate, If your client need a specific certificate, provide the path to it with --ca_path

pynt command --cmd "<your test command>" --ca-path <path to certificate file>

If your client does not use a specific certificate you will need to generate a certificate file and provide it to Pynt:

Generate a certificate (Linux)

1) Download make_certificate.sh

2) Download openssl.cnf

3) chmod +x make_certificate.sh

4) Generate the certificate: ./make_certificate.sh

Run Pynt with generated certificate

Use the export REQUESTS_CA_BUNDLE before your command to instruct your functional test to use the new certificate and provide the path ti the certificate with --ca-path to instruct Pynt to use the generated certificate

pynt command --cmd "export REQUESTS_CA_BUNDLE=rootCA.crt && python3 <your command here>" --ca-path rootCA.pem