SeentySeenty Docs
Domains

Endpoint Collections

Scan API endpoints directly without DNS domain verification using Seenty endpoint collections.

Endpoint Collections

Endpoint collections let you group and scan API endpoints directly, without requiring DNS domain verification. This is useful when you want to scan APIs hosted on third-party platforms, staging environments, or any URL where you do not control the DNS.

When to use endpoint collections vs. domains: Use domains when you own the domain and can add a DNS TXT record for verification -- this unlocks the full scanning pipeline (subdomain discovery, technology detection, CVEs). Use endpoint collections when you need to scan specific URLs quickly without going through DNS verification, or when the endpoints are hosted on domains you do not control (e.g., api.thirdparty.com/v1/your-service).

Creating a collection

  1. Navigate to Assets > Endpoint Collections in the sidebar.
  2. Click New Collection.
  3. Enter a name for the collection (e.g., "Production APIs" or "Staging Endpoints").
  4. Optionally add a description.
  5. Click Create.

Adding endpoints

After creating a collection, you can add endpoints to it:

  1. Open the collection detail page.
  2. Click Add Endpoint.
  3. Enter the full URL of the endpoint (e.g., https://api.example.com/v1/health).
  4. Repeat for each endpoint you want to include.

You can add as many endpoints as your plan allows. Endpoints must be valid HTTP or HTTPS URLs.

Running scans

To scan all endpoints in a collection:

  1. Open the collection detail page.
  2. Click Scan All.
  3. Seenty will send requests to each endpoint and analyze the responses.

Scans check for:

  • HTTP security headers -- Missing or misconfigured headers like Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, etc.
  • TLS/SSL configuration -- Certificate validity, protocol versions, cipher suites.
  • Response analysis -- Error messages that might leak sensitive information, server version disclosure, etc.

Viewing results

Scan results appear on the collection detail page. Each endpoint shows:

  • Status -- Whether the endpoint was reachable and responded successfully.
  • Findings count -- How many security issues were detected.
  • Last scanned -- When the endpoint was last scanned.

Click on an endpoint to see its detailed findings. Findings from endpoint collections also appear in the global Security Posture views, alongside findings from domains and cloud accounts.

Managing collections

Editing a collection

You can rename a collection or update its description from the collection detail page by clicking the settings icon.

Removing endpoints

To remove an endpoint from a collection, click the delete icon next to the endpoint in the collection detail view.

Deleting a collection

To delete an entire collection, go to its detail page and click Delete Collection. This removes the collection, all its endpoints, and all associated findings.

Deleting a collection is permanent and cannot be undone.

Domains

Add and verify domains, discover subdomains, detect technologies, and scan for vulnerabilities with Seenty.

Cloud Accounts

Connect your AWS or Azure accounts to Seenty for automated security scanning of IAM, storage, and network configurations.

On this page

Endpoint CollectionsCreating a collectionAdding endpointsRunning scansViewing resultsManaging collectionsEditing a collectionRemoving endpointsDeleting a collection