December Product Update

This month, Equixly focuses on one critical resource: your time.

For that purpose, we are rolling out a suite of features designed to automate initial setup, simplify complex permission management, and accelerate your entire API security workflow.

Our goal for this update was to eliminate friction points and add flexibility to how you onboard and manage APIs. To that end, we are happy to bring to you our:

• AI Assistant for immediate, automated error fixing in API definitions
• Improved Authorization Matrix with bulk actions for streamlined permission handling
• HAR file support for flexible API definition imports via captured traffic
• Pre-scan validation for credentials to catch authentication misconfigurations early

Introducing the Equixly AI Assistant

We are delighted to launch the Equixly AI Assistant, a new intelligent agent that fundamentally changes how you handle API specifications.

API definitions, like OpenAPI and Swagger files, are rarely perfect. They can contain syntax errors, missing fields, or structural issues that prevent security scanners from properly ingesting them. Traditionally, fixing these meant manual debugging and editing JSON or YAML files—a tedious process that delays testing.

Automated API Definition Validation

The new AI Assistant automatically detects and repairs errors in your API definitions. This validation process triggers when you create or update a service, making sure your definitions are structurally correct from the start.

Why does this matter?

By automating the repair of specifications, we reduce the “time-to-scan.” You no longer need to spend hours fixing a Swagger file before you can launch API security testing. That means your administrative or syntax errors will no longer block your security workflow.

Broad Standard Support

The AI Assistant supports all major industry standards, including:

• OAS (OpenAPI Specification)
• Swagger
• WSDL
• GraphQL schemas
• Postman Collections

What’s Next?

This is just the beginning for the Equixly AI Assistant. In upcoming releases, we plan to add new capabilities, including an interactive chatbot to assist you with creating custom testing scripts, validating complex logic, and more.

You can enable the current feature directly in your Organization Settings.

Improved Authorization Matrix Management

Managing access controls for APIs with hundreds of endpoints can be overwhelming. That’s why we have redesigned the project-level Authorization Matrix interface to give you more control and flexibility, reducing the manual effort required to map permissions.

Bulk Actions

You can now perform bulk actions on grouped paths. Instead of toggling permissions for endpoints one by one, you can apply changes to entire groups of similar endpoints simultaneously.

Simplified Access Control

For example, if you have an administrative section of your API with 50 endpoints (e.g., /admin/*), you can now apply the “Admin” role to all of them in a single click, rather than manually configuring each row.

New Filtering Capabilities

We have also added advanced filtering that lets you quickly focus on specific sections of your authorization matrix. That allows you to isolate particular API groups or methods, streamlining the review and update of access controls across your infrastructure.

Flexibility in API Documentation

We understand that you don’t always have a pristine OpenAPI spec available. To bridge the gap between real-world traffic and documentation, we have introduced support for HAR files.

Import from Captured Traffic

Equixly now supports importing API definitions directly from HAR (HTTP Archive) files. HAR files are JSON-formatted archives of a web browser’s interactions with a site.

This addition gives you greater flexibility in documenting and testing APIs, especially when working with legacy systems where documentation is missing, or when you want to test specific flows captured via browser DevTools or proxy tools (like Charles Proxy or Fiddler).

Validate Credentials in Authentication Settings

Nothing is more frustrating than waiting for a scan to initialize, only to find out it failed because of a typo in a password or a token.

Pre-Scan Validation

You can now configure and validate credentials in the authentication settings before running a full scan. This feature brings standard authentication methods (Basic Auth, API Keys, etc.) up to par with our existing OAuth and AWS Cognito flows.

Immediate Feedback Loop

This feature saves valuable time by confirming your setup is correct upfront. Instead of waiting for scan results to identify misconfigurations, you get a green light immediately, knowing that when you hit “Scan,” the engine will successfully authenticate and test your API.

These updates reinforce our commitment to removing friction from DevSecOps. By automating the mundane aspects of API definition and configuration, we free up your time to concentrate on what matters most: analyzing results and securing your applications.

Edoardo Zatti

Technical Product Manager

With a master's degree in Theoretical Physics, Edoardo has established a robust analytical thinking and problem-solving foundation. During the final year of his studies, he taught an integration course at the university, refining his communication skills and kindling his passion for education. His academic journey took an exciting turn during his master's program as he ventured into the field of computer science through relevant courses. These courses sparked his interest in IT and led him to specialize in backend development, where he sharpened his skills through involvement in complex projects and practical experience in other Tech companies.

Zoran Gorgiev

Technical Content Specialist

Zoran is a technical content specialist with SEO mastery and practical cybersecurity and web technologies knowledge. He has rich international experience in content and product marketing, helping both small companies and large corporations implement effective content strategies and attain their marketing objectives. He applies his philosophical background to his writing to create intellectually stimulating content. Zoran is an avid learner who believes in continuous learning and never-ending skill polishing.