Scanning API endpoints using openapi job

[Sun]

Hi,

I am fairly new to using ZAP, thanks for all the help I have received so far! 

I'm using the ZAP Automation Framework with the openapi job to scan some API endpoints.

I'm passing in an OpenAPI definition file, and ZAP appears to correctly load the file and recognize the paths.

Here's a simplified example of a path from my OpenAPI file:

paths:
  /app1/example/{dataItemId}:
    get:
      parameters:
        - in: path
          name: dataItemId
          required: true
          schema:
            type: string
            minLength: 1
            maxLength: 20

Issue:
ZAP is only attempting requests to /app1/example and not expanding the {dataItemId} path parameter unless I explicitly provide a value.

Question:
Can ZAP automatically generate a value for the dataItemId based on the schema (e.g., type and constraints), or is manual input required for path parameters in the OpenAPI job?

Thanks in advance for any guidance!

[Sun]

I have found this in the openapi docs: https://www.zaproxy.org/docs/desktop/addons/openapi-support/

Data Driven Nodes:

When the OpenAPI definition contains path parameters, and a context is specified during importing, the add-on will automatically generate data driven nodes. If no context is specified, no data driven nodes are generated. For example, the following OpenAPI definition will result in at least one data driven node.

My understanding to that is Zap will generate a value for the variable. However, in my case its not happening, so am I doing something wrong or miss understood something?

[Sun]

I have found the issue & solution. 

My openapi definition file starts with the line openapi: 3.1.0

When I switched this to openapi: 3.0.0  it worked and I can see the nodes in the sites tree. 

My next question is:

How can I pass in a value for the {dataItemId} and run a scan where i scans a specific value I want for the endpoint, and also one that ZAP generates - so it scans both a happy and unhappy path?

Thanks