September Product Update

At Equixly, we continue to focus on removing friction from API security testing so teams can move faster with confidence. This month’s release brings four complementary capabilities:
- Outbound webhooks for seamless integration.
- Authentication‑specific dictionaries for contextualized testing.
- Path rules for targeted scan scoping.
- Pre‑scan authentication validation.
Webhook Integration
Equixly can now notify your ecosystem the moment a scan finishes. When a scan completes, Equixly sends a structured JSON payload with scan details. This means results flow directly into the tools your teams already live in, whether that’s a ticketing system, a chat channel, a CI workflow, or a logging and analytics platform. Instead of manually exporting or polling for outcomes, downstream actions—creating an issue, posting a summary, or triggering a follow‑up job—can happen automatically, accelerating remediation and reporting without extra steps.
Authentication‑Specific Dictionaries
Previously, test dictionaries were global, which could introduce noise when different authentication contexts required distinct data. Now you can associate a tailored dictionary with a specific authentication setting to match user-level authentication contexts.
Path Rules in Project Settings
Path scoping evolves beyond simple exclusions. With the new path rules, you can define both inclusions and exclusions, letting you precisely target a section of your API surface for any given scan. This fine‑grained control lets you concentrate on newly introduced endpoints during a rollout, isolate a versioned namespace while deprecations occur elsewhere, or omit routine operational endpoints that add noise without value. By narrowing the scope intelligently, you reduce scan duration, improve signal quality, and channel attention toward the endpoints that matter most right now.
Test Authentication Settings
Misconfigured authentication can silently invalidate an entire scan session. The new pre‑scan authentication testing capability allows you to configure and verify flows—such as OAuth or AWS Cognito—before launching a full scan. You can confirm token acquisition, scope correctness, and role assumptions upfront. This prevents wasted runs, shortens setup iteration, and builds assurance that when a scan starts, it will exercise the intended authorization context across your API surface.

Edoardo Zatti
Technical Product Manager
With a master's degree in Theoretical Physics, Edoardo has established a robust analytical thinking and problem-solving foundation. During the final year of his studies, he taught an integration course at the university, refining his communication skills and kindling his passion for education. His academic journey took an exciting turn during his master's program as he ventured into the field of computer science through relevant courses. These courses sparked his interest in IT and led him to specialize in backend development, where he sharpened his skills through involvement in complex projects and practical experience in other Tech companies.