In Akto, a user configuration refers to the specific settings that control how a user can run a test on their APIs. These settings may include user access levels, permissions, and other security protocols. In Akto, it refers to a specific set of data that we receive from the user in one of two ways:

1. In an automated manner, when the user connects to traffic data

2. Manually, to be filled in or created by the user

This is what the screen contains:

• Config name: The name of the user configuration

• Status:
  Done: Akto was able to create this group or role through traffic data in an automated manner Pending: Requires manual intervention from the user

• Values: Hyperlinks to the exact groups or role settings

• Impacting Categories: Exact vulnerabilities that these configurations will be used to test against.

In Akto, we use multiple user configurations in the context of API Security testing. These are categorized in two ways:

1. Which APIs do you want to test?

Akto groups API endpoints that have been called by a certain user when performing an action that is directly linked to their account. We use traffic already present in the dashboard and use regex-based matching to create the API groups.

For example, when a user wants to reset their password, the system triggers a specific API endpoint linked to this user’s account.

By capturing this action, Akto groups the endpoints that are specifically related to the password reset process of this user, thereby creating a logical group. These groups are API collections on which you can now conduct your API security testing.

Here are some logical groups created by Akto:

• Password reset endpoint

• Authentication token header key

• User registration endpoint

• Login endpoint

Now, instead of appending test templates to include new APIs under these categories, Akto will automatically group these endpoints based on pre-defined conditions. All you have to do is run your test on the API collection!