How to Start with Mayhem for API

How to Start with Mayhem for API

Editorial Staff


September 15, 2022

If you haven’t done so yet, the fastest way to get started is to sign up for a free plan at If you already have an account, then you are ready to go for the next steps!


The Mayhem for API CLI is available to download for various common platforms.

ℹ️ The CLI will automatically keep itself updated when used as we make fixes and bug improvements.


curl -Lo mapi 
  && chmod +x mapi

Here’s an easy way to add the mapi executable to your path:

sudo mv mapi /usr/local/bin

Linux (64-bit)

curl -Lo mapi 
  && chmod +x mapi

Here’s an easy way to add the mapi executable to your path:

sudo mkdir -p /usr/local/bin/
sudo install mapi /usr/local/bin/

Windows (64-bit)

From a Windows 10 terminal (PowerShell or cmd):

curl.exe -Lo mapi.exe

or download :

API Security. Performance. Validation. Fast.

Prime Your APIs for Performance … In As Little As 5 Minutes.

Get Free Request A Demo

Test it out!

Make sure the CLI works by running:

mapi --help


The mapi CLI communicates with our API using OAuth 2.0 Bearer Tokens. The token will be read by the environment variable, MAPI_TOKEN, if available.

To get a new token, visit the “Manage API Tokens page” to create a new token, <NEW_TOKEN>, and login:

$ mapi login <NEW_TOKEN>

Welcome to Mayhem for API! We have saved a new API token in
your local settings at '/Users/mapi_fuzzer/Library/Preferences/rs.mapi/mapi.toml':


Setting the displayed API Token to the environment variable, MAPI_TOKEN, will allow you to run the CLI on other computers, such as part of your Continuous Integration build.

Now you can try contacting the API. Let’s get the list of targets to which you have access:

mapi target list

You should see an (empty) list of API targets. Let’s add our first target so that list won’t stay empty for long.

Stay Connected

Subscribe to Updates

By submitting this form, you agree to our
Terms of Use
and acknowledge our
Privacy Statement.

*** This is a Security Bloggers Network syndicated blog from Latest blog posts authored by Editorial Staff. Read the original post at:

Secure Coding Practices