vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios in the means of Exercises.

  • PHP
  • MySQL
  • PostMan
  • MITM Proxy

docker-compose up -d

Copying the Code

cd <your-hosting-directory>

git clone

Setting up the Database

Import vapi.sql into MySQL Database

Configure the DB Credentials in the vapi/.env

Starting MySQL service

Run following command (Linux)

service mysqld start

Starting Laravel Server

Go to vapi directory and Run

php artisan serve

Setting Up Postman

  • Import vAPI.postman_collection.json in Postman
  • Import vAPI_ENV.postman_environment.json in Postman


Use Public Workspace

Browse http://localhost/vapi/ for Documentation

After Sending requests, refer to the Postman Tests or Environment for Generated Tokens

Helm can be used to deploy to a Kubernetes namespace. The chart is in the vapi-chart folder. The chart requires one secret named vapi with the following values:


Sample Helm Install Command: helm upgrade --install vapi ./vapi-chart --values=./vapi-chart/values.yaml

*** Important ***

The MYSQL_ROOT_PASSWORD on line 232 in the values.yaml must match that on line 184 in order to work.



ahmedaljanahy Creative Designer @al.janahy Founder of @inkhost I hope to stay passionate in what I doing

Leave a Reply

Your email address will not be published. Required fields are marked *