To support automated scanning, we have included the Web Proxy endpoint within the WebInspect API.

• http://localhost:8083/webinspect/api  >>  http://localhost:8083/webinspect/swagger/ui/index#/Proxy

If you instead produced your Workflow macro in any other way, there are endponts to check the Macros available to the WebInspect machine prior to runningyour scan.

http://localhost:8083/webinspect/swagger/ui/index#!/Scanner/Scanner_GetAllAvailableMacros

Or you can upload your Macro prior to running that API-driven scan.

http://localhost:8083/webinspect/swagger/ui/index#!/Scanner/Scanner_UploadMacro

The basic process you might be considering for an automated Workflow-driven scan with Macro Creation is shown below.  I think it would be a good practice to assign a Name Variable for your script/job/build, and then use that name throughout the actions so all the artifacts trace to the script run.  For example, if you set the value to today's date and time, or the build#, then you could use that name for the Proxy Instance, the Macro recorded, the scan, the scan export file, the selected report(s), and so you will know the precise proxy instance or scan name for when you want to check their status.

1.Call the WebInspect API URL to verify the service is operational and running.  The "is it alive" check.

http://localhost:8083/webinspect/api

2. Call the WebInspect API to spawn a Web Proxy listener.  Set the name of the Instance as well as the port.  The WebInspect machine can run numerous Instances, so long as each uses a separate, available port number.

http://localhost:8083/webinspect/swagger/ui/index#!/Proxy/Proxy_CreateProxy

3. Run your functional testing script through that Proxy Instance.  This will depend on the network proxy settings allowed for your testing software.  You could simply use WGET or cURL to make HTTP traffic, but Micro Focus UFT, Selenium, and Jenkins all work as well.

4. Call the WebInspect API to save the captured Proxy data as a Workflow Macro.

Saving it on the WebInspect machine may be preferable to downloading it:  http://localhost:8083/webinspect/swagger/ui/index#!/Proxy/Proxy_UpdateProxy

5. Call the WebInspect API and kill the Proxy Instance.

http://localhost:8083/webinspect/swagger/ui/index#!/Proxy/Proxy_DeleteProxy

6. Start a new Workflow-driven scan, using the Macro you just created.

http://localhost:8083/webinspect/swagger/ui/index#!/Scanner/Scanner_StartScan

Example:

#start a scan using the Default scan settings, change the scan type to a workflow macro scan, use the workflow macro named MyQuickDankWorkflow, and set the scan mode to audit-only.

curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{ "settingsName": "Default", "overrides": { "startOption": "macro", "workflowMacros": ["MyQuickDankWorkflow"], "crawlAuditMode": "auditOnly"} }' http://localhost:8083/webinspect/scanner/scans

7. Monitor the status of the running scan.

http://localhost:8083/webinspect/swagger/ui/index#!/Scanner/Scanner_GetScanStatus

8A. Dump the WebInspect scan to FPR format, then script an upload of it to your SSC Server.

http://localhost:8083/webinspect/swagger/ui/index#!/Scanner/Scanner_ExportScan

8B.  OR FOR THAT FINAL STEP, use the WIE endpoints to upload the WebInspect scan to your WebInspect Enterprise server.

(login)  http://localhost:8083/webinspect/swagger/ui/index#!/WIE/WIE_WIEConnect

(Publish scan)  http://localhost:8083/webinspect/swagger/ui/index#!/WIE/WIE_PublishScan

I hope that helps.  These URLs were copied from WebInspect 19.20 (Fall 2019), so it always possible I have overlooked differences with your 19.10 (Spring 2019).