When attempting to add a new API Source in Acunetix 360 On-Prem (API Discovery enabled), the credential input fields fail to appear after selecting a Source type.
Issue Example:
Expected Example:
Symptoms
At APIs → Sources → Add New Source, no credential fields or instruction links are displayed after selecting a Source type.
-
Browser developer tools may show
500 Internal Server Errorresponses from theapihub/graphqlendpoint. : APIHub reinstall attempts fail to restore expected functionality.
Root Cause Analysis
Through multiple reproductions and investigations, the following underlying causes were identified:
-
Incomplete API Hub reinstall
Required folders (such as
graphql) are not recreated after uninstall/reinstall, leading to backend service errors.
-
Missing configuration in PostgreSQL database
The
zeroconfig__enabledtenant setting is not present, preventing API Discovery from initializing shared keys and loading credential fields.
-
Incorrect or inconsistent HTTPS bindings
Mismatched bindings in IIS and
appsettings.jsoncan prevent the API Discovery service from responding correctly.
Troubleshooting Steps
Follow these steps in order:
** Ensure that the initial Whitelisting & Prerequisite Needs are Met, as well as, confirm the client has & followed the Guides provided for installation **
For A36:
Whitelisting requirements for Acunetix 360 On-Premises | Acunetix
Step 1: Components, architecture, prerequisites, and download | Acunetix
Installing Invicti API Security for Acunetix 360 On-Premises | Acunetix
For Invicti:
Whitelisting requirements for Invicti On-Premises | Invicti
Step 1: Components and architecture, prerequisites, and download | Invicti
Installing Invicti API Security On-Premises | Invicti
1. Verify Installation Integrity
Confirm that API Hub Service and PostgreSQL were installed by the APIHub installer (not manually).
-
Check for the presence of
C:\Program Files (x86)\Invicti Enterprise API Hub Service\graphql.-
If missing, create
graphqlfolder in the API Hub installation directory and place aweb.configfile inside it (this can be empty).-
What you will see if it is missing:
-
-
2. Insert Missing Tenant Configuration
Run the following SQL query on the apihub database in PostgreSQL:
INSERT INTO apihub.apihub_tenant_settings(
id, tenant_id, key, value)
VALUES (
'76ba2e26-18da-4a90-b70c-fabb5495df87',
'<Tenant_Account_ID>',
'zeroconfig__enabled',
'True');id- random GUID value tenant_id - Account ID of the customer on IE
3. Check Application Settings
-
Open / update appsettings.json for API Discovery Service:
Example of some parts from appsettings.json:
APIDiscoService : https://onprem.netsparker.com:5217
IE Web App - https://onprem.netsparker.com
"Kestrel": { "Endpoints": { "Http": { "Url": "https://onprem.netsparker.com:5217" } } }, "Deployment": { "Type": "on-prem", "PublicUrl": "https://onprem.netsparker.com:5217", "ProxyUrl": "https://onprem.netsparker.com:5217", "ProxyPathSuffix": "/apihub" }, "InvictiEnterpriseApiClient": { "BaseUrl": "https://onprem.netsparker.com", "InternalApiBaseUrl": "https://onprem.netsparker.com" }
Ensure HTTPS bindings match in IIS and in the config file.
4. Restart Services
Restart the APIHub application pool in IIS.
Reboot the server to ensure all services and bindings load with the updated settings.
Resolution
After performing the above steps:
The graphql folder and configuration restore APIHub’s backend functionality.
The PostgreSQL update ensures API Discovery initializes correctly.
Consistent HTTPS bindings guarantee proper communication between APIHub and Invicti Enterprise.
Result: The Add New Source screen now correctly displays credential input fields and associated instructions.
Best Practices
Always uninstall APIHub and PostgreSQL using the APIHub installer, not Windows “Apps & Features.”
After reinstall, confirm the presence of the
graphqlfolder and key config files.Maintain a backup of
appsettings.jsonfor quick recovery.If logs are not helpful, tools like ProcMon can trace real-time file access issues.