Inject cookie in the header in api scan

[Felipe França]

How to make a custom configuration to insert these cookies: access token, refresh token and the definition curl command in the header with a command or a code?

I've tried twith this curl command to make the method in the api:

curl -X GET "api_url_endpoint" -H "accept: */*" -H "Content-Type: application/json" -d "{\"username\":\"user\",\"password\":\"pass_example\",\"client_id\":\"annotationlab\",\"client_secret\":\"secret\"}"

curl -X POST "api_url_endpoint" -H "accept: */*" -H "Content-Type: application/json" -d "{\"username\":\"user\",\"password\":\"pass_example\",\"client_id\":\"annotationlab\",\"client_secret\":\"secret\"}"

curl -X DELETE "api_url_endpoint" -H "accept: */*" -H "Content-Type: application/json" -d "{\"username\":\"user\",\"password\":\"pass_example\",\"client_id\":\"annotationlab\",\"client_secret\":\"secret\"}"

curl -X DELETE "api_url_endpoint" -H "accept: */*" -H "Content-Type: application/json" -d "{\"username\":\"user\",\"password\":\"pass_example\",\"client_id\":\"annotationlab\",\"client_secret\":\"secret\"}"

This is possible to do in the owasp/zap2docker-weekly docker image?

Kind regards, Felipe.

[kingthorin+owaspzap]

Well you're already setting headers with curl so you could do it there. For ZAP you could use a Replacer Rule or Auth ENV VAR. (Details are just a web search away.)

[Felipe França]

So, I want to run the API scan in the command line with these methods, how I can use it? have you any examples to do this?

Nothing I'm searching on the web helped me by now, please, if you have an example to do this, I appreciate it.