ZAP can import the API definition by a local file or URL Taking the PetStore API as an example, we provide the URL for swagger.json in the CURL importUrl command options. Please be aware that the following command should be in one line without any line break, although it may look like two lines due to the layout formatting:

CURL "http://localhost:8090/JSON/openapi/action/importUrl/?zapapiformat=JSON&formMethod=GET&url=https://petstore.swagger.io/v2/swagger.json&hostOverride="

It may take a while to import the APIs. Once it's done, you will see the API list in the ZAP console as shown in the following diagram:

Alternatively, you can also import the API by browser using the following URL:

http://localhost:8090/UI/openapi/action/importUrl/