API Panel

This panel provides direct access to selected APIs, allowing you to construct and send custom requests and inspect the corresponding responses. It is intended for testing API behavior, including how endpoints handle different inputs, edge cases, and non-standard or unexpected parameters.

---

GET /api/GetSession
This function return session information including first name, last name, userid and username. Only GET method is supported.

Get The Session Data (GET /api/GetSession)

---

POST /api/GetSum
This function accepts two integers (arg1 and arg2) and returns sum of these. First parameter has input validation implemented, while the second doesn't (it return server error). Supported methods: POST. Authentication not required.

Get Sum (POST /get/GetSum)

---

POST /api/ReflectInput
This function reflect the input in the data in the response.

Reflect Input (POST /api/ReflectInput)

---

POST /api/GetProductByID
This function accepts one integer (pID) and returns corresponding product details. Supported methods: POST. Authentication not required.

Get Product by ID (POST /api/GetProductByID)

---

POST /api/GetProductsByCategory
This function accepts one integer (pCAT) and returns corresponding products list. Supported methods: POST. Authentication not required.

Get Products by Category (POST /api/GetProductsByCategory)

---

GET /api/GetCategories
This function returns categoris for products in the product database. Supported method: GET. Authetnication not required.

Get Categories (GET /api/GetCategories)

---

POST /api/AddToCart
This function accepts two integers (pID and pQTY) and add a product to the cart. Supported methods: POST. Authentication is required.

AddToCart (POST /get/AddToCart)

---

GET /api/GetCart
This function returns the items in the cart. Supported method: GET. Authetnication is required.

Get Cart (GET /api/GetCart)

GET /api/GetCartInfo
This function returns the summary of the cart. Supported method: GET. Authetnication is required.

Get Cart Info (GET /api/GetCartInfo)

---

POST /api/AddCoupon
This function accepts two integers (cPARTNER and cCODE) and add a coupon to the list. Supported methods: POST. Authentication is required.

AddCoupon (POST /get/AddCoupon)

GET /api/GetCoupons
This function returns the list of coupons. Supported method: GET. Authetnication is required.

Get Cart (GET /api/GetCart)

---

POST /api/GetUserData
This function accepts one integer (UserID) and returns corresponding user details. Supported methods: POST. Authentication required. SQL injection vulnerability present (try: ' OR 1 = 1 ). BOLA vulnerability (see BOLA script in WAF Panel).

Get User Data (POST /api/GetUserData)

POST /api/GuestBook
This function accepts one text parameter (message) and adds the message to the guestbook. Supported methods: GET, POST, DELETE. Authentication required but not correctly implemented for POST method.

GuestBook Data (POST /api/GuestBook)