HCL AppScan Traffic Recorder API commands

The information on this page is also available in Swagger using the following command at a command prompt:
All commands point to an endpoint that looks like this:
server = IP address of the machine on which the Traffic Recorder is installed. The default is localhost.

port = port on which the HCL AppScan Traffic Recorder proxy listens


Starts the HCL AppScan Traffic Recorder, that listens on the specified port.
  • URL: https://[server]:[port]/automation/StartProxy/<recordingPort>
  • Request type: POST or GET. If using chainedProxy, proxyCertificate, and clientCertificate the request is POST. otherwise it is GET.


Stops the instance of the traffic recorder that is listening on the specified port.
  • URL: https://[server]:[port]/automation/StopProxy/<recordingPort>
  • Request type: GET
Important: Setting the port to 0 does not stop all open proxies. Use StopAllProxies.


Stop all running recording proxies on all ports, including those started by other users.
  • URL: https://[server]:[port]/automation/StopAllProxies
  • Request type: POST


Uploads DAST.CONFIG file for encryption.
  • URL: https://[server]:[port]/automation/EncryptDastConfig
  • Request type: POST


Downloads an encrypted DAST.CONFIG file (uploaded using the EncryptDastConfig API call).
Note: When the file is downloaded, both encrypted and unencrypted DAST.CONFIG files are deleted from the Traffic Recorder.
  • URL: https://[server]:[port]/automation/DownloadEncryptedDastConfig/<uuid>
  • Request type: GET


Downloads recorded data from the Traffic Recorder identified by its port, as a DAST.CONFIG file.
  • URL: https://[server]:[port]/automation/Traffic/<recordingPort>
  • Request type: GET


Downloads the self-signed Root Certificate Authority, used by the traffic recorder, as a PEM file.
  • URL: https://[server]:[port]/automation/Certificate
  • Request type: GET