Azure API Management API Discovery Connectors

The Azure API Management API Discovery Connector enables automated integration between your Microsoft Azure environment and the Qualys TotalAppSec (TAS). The connector discovers APIs managed in Azure API Management and imports their metadata and Swagger specifications into Qualys for inventory and scan readiness.

Category Supported Asset Type Supported Finding Type
API Connector APIs N/A (Discovery only)

Prerequisites

  • An active subscription to the Qualys TAS module
  • Access to your Microsoft Azure tenant with permissions to:
    • Register apps in Azure AD
    • Access Azure API Management
    • Grant required API permissions (minimum: User.Read)

Authentication Details

Field Description
Tenant ID Azure Active Directory > Overview
Client ID Azure AD > App registrations > Application ID
Client Secret Generated in Azure > Certificates & secrets

How to Obtain Tenant ID, Client ID and Client Secret

Follow the steps to obtain the required authentication values.

Tenant ID

Navigate to your azure portal (https://portal.azure.com)

  1. Go to Azure Active Directory 
  2. Click Overview
  3. Copy Tenant ID

Client ID

  • Navigate to:
    Azure Active Directory > App registrations > All applications
  • Search for the App name (you may need to ask for it if unknown)
  • Click the app
  • Under the App's Overview
  • Copy Application (client) ID — this is your client_id

Client Secret

You need to have this value stored at your local in secured storage.

  • Go to Certificates & secrets tab

  • Under "Client secrets", check if any are listed.

If a client secret exists, you can’t view its value again after it was created. You can only see:

  • Description
  • Expiry date

If you cannot see the value, you must create a new one (if you have permission).

Permissions

  1. Go to API permissions.
  2. Look at the list of APIs and scopes granted.
  3. It should have atleast User.Read permission.

Connector Configuration

To Enable the feature you should have TAS module.

TAS > Discovery > Sources > Azure API Connectors.

Azure API Connectors.

Basic Details

  1. Provide a Name and Description
  2. Select the Qualys Data Model (API Discovery) and Data Model Type (API)
  3. Provide required Authentication Details.

Basic details.

Data Model

The Azure API Discovery Default Data Model offers an out-of-the-box data model mapping with Qualys TAS schema. You can view the schema to understand the attributes in the data model.

Here's the default data model mapping.

WAS Azure API Discovery Default Data Model

Transform Maps

Transform maps ensure data is correctly transformed during data import. Qualys provides the default transform map, and it cannot be edited. 

Transform maps.

Profile Configuration

Create a profile for your connector. A profile decides the connector status, execution schedule, and transform map to choose. The connector follows the configurations of this profile for all future executions.

Create a profile for connector.

  1. Click the  to create a new profile.
  2. In the Create Profile screen, provide the necessary inputs for your new profile:
    1. Provide a Name and Description.
    2. Select the required Transform Map for the data mapping.
    3. In the Status field select whether the connector should be in Active or Inactive state after creation. 
    4. In the Schedule section, select Single Occurrence schedule or a Recurring schedule. For the Single occurrence, select the timezone, start time, and end time. For recurrent scheduling, select the timezone, frequency, start time, and end time. 
    5. Click Create to add a new profile.

Connector States

After configuration, the connector progresses through these states:

State Description
Registered Connector created and registered successfully
Scheduled Connection execution is scheduled
Processing A connection is executed  and the connector is retrieving asset data. 
Processed

Asset discovery completed; findings ingestion may still continue. The Processed state indicates that the Connector is successfully configured but it is under the process of importing all your assets. This process may take some time.

Logs

End-to-end logging provides enhanced visibility into connector activities from the TotalAppSec, enabling more effective analysis and troubleshooting. You can access these logs from the Logs tab.

Logs tab.

View Assets in the TAS Application

Follow the steps to view your assets in the TAS application.

Sources

You can find the Discovered APIs count under the Azure API Connectors tile in Discovery > Sources.

Sources tab.

Discovered APIs

Here, you can view all the API assets discovered by the Azure connector with additional details like Status, URL, Endpoints, etc.

Discovered APIs

Additional Resources

Additional Information related to Azure Connector.

API Reference

Here are the APIs executed for the Azure connection.

Operation API Endpoint
Login https://login.microsoftonline.com/{{tenantId}}/oauth2/token
Get Subscriptions https://management.azure.com/subscriptions?api-version=2024-11-01
List Resources https://management.azure.com/subscriptions/:subscriptionId/
resources?api-version=2024-06-01-preview
Get Resource Groups & APIs https://management.azure.com/subscriptions/:subscriptionId/
resourceGroups/:resourceGroupName/providers/Microsoft.ApiManagement/
service/:serviceName/apis?api-version=2024-06-01-preview
Get API Details https://management.azure.com/.../apis/
:apiId?format=swagger-link&export=true&api-version=2024-06-01-preview
Download Swagger https://<<id>>.blob.core.windows.net/api-export/<<apiName>>.json?...

Data Model Map

This section explains the attribute mappings of the values from Azure and Qualys TotalAppSec.

Source Attribute Label

Target Attribute Label

subscriptionId

subscriptionId

resourceGroups

resourceGroups (Required)

service

service (Required)

api

api

masifLocation

masifLocation

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.