From 419ab9e4ecc049ba7a8edc0db392d7e9cf777ee4 Mon Sep 17 00:00:00 2001
From: SachinAditya <98205043+SachinAditya@users.noreply.github.com>
Date: Sat, 27 Dec 2025 16:15:08 +0530
Subject: [PATCH 01/11] Clarify alertFilter API documentation

Expanded the description for the addAlertFilter endpoint to include additional notes and requirements.

Signed-off-by: SachinAditya <98205043+SachinAditya@users.noreply.github.com>
---
 openapi.yaml | 28 +++++++++++++++++++---------
 1 file changed, 19 insertions(+), 9 deletions(-)

diff --git a/openapi.yaml b/openapi.yaml
index 0f02877..ac5ffcc 100644
--- a/openapi.yaml
+++ b/openapi.yaml
@@ -1359,15 +1359,25 @@ paths:
       description: ""
       schema:
         type: "string"
-  /JSON/alertFilter/action/addAlertFilter/:
-    get:
-      description: "Adds a new alert filter for the context with the given ID."
-      operationId: "alertFilterActionAddAlertFilter"
-      tags:
-      - "alertFilter"
-      responses:
-        default:
-          $ref: "#/components/responses/ErrorJson"
+/JSON/alertFilter/action/addAlertFilter/:
+  get:
+    description: |
+      Adds a new alert filter for the context with the given ID.
+
+      This filter only applies to alerts raised within the specified context.
+
+      Notes:
+      - 'contextId' is required and must refer to an existing context.
+      - 'ruleId' must match the alert rule ID from ZAP.
+      - Set 'enabled=true' for the filter to take effect.
+      - Parameters passed via curl must be URL-encoded.
+    operationId: "alertFilterActionAddAlertFilter"
+    tags:
+    - "alertFilter"
+    responses:
+      default:
+        $ref: "#/components/responses/ErrorJson"
+
     parameters:
     - name: "contextId"
       in: "query"

From 7413e47d8d0e12943096579c7883cd8a6efe724d Mon Sep 17 00:00:00 2001
From: Sachin Vishwakarma <98205043+SachinAditya@users.noreply.github.com>
Date: Fri, 2 Jan 2026 21:07:55 +0530
Subject: [PATCH 02/11] Add general guidance for using the ZAP API with curl

This pull request adds general guidance on using the ZAP API with curl,
focusing on common usage details such as parameter encoding, boolean
parameters, and typical pitfalls when constructing API requests.

The documentation is added at a general level (welcome/introduction),
without modifying any generated or endpoint-specific API definitions.

This change follows the feedback provided on PR #244 and Issue #88,
by keeping endpoint documentation unchanged while improving overall
API usability for users interacting with the ZAP API via curl.


Signed-off-by: Sachin Vishwakarma <98205043+SachinAditya@users.noreply.github.com>
---
 source/includes/welcome.md | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/source/includes/welcome.md b/source/includes/welcome.md
index 54c76f9..0dc193e 100755
--- a/source/includes/welcome.md
+++ b/source/includes/welcome.md
@@ -47,13 +47,25 @@ The API documentation is divided into nine main sections.
 The examples show some usages with the minimal required arguments. However, this is not a reference, and not all APIs 
 nor arguments are shown. View the API catalogue to see all the parameters and scope of each API.
 </aside>
-
 ## Basics on the API Request
 
-ZAP APIs provide access to most of the core features of ZAP such as the active scanner and spider. ZAP API is enabled by default
-in the daemon mode and the desktop mode. If you are using ZAP desktop, then the API can be configured by visiting the following screen: 
+The ZAP API is a REST based API.
+It can be accessed via HTTP/HTTPS and supports JSON, XML and other formats.
+...
+
+## Using the ZAP API with curl
+
+When interacting with the ZAP API using curl, keep the following points in mind:
 
-`Tools -> Options -> API`.
+- All parameter values must be URL-encoded.
+- Boolean parameters (for example `enabled`) must be explicitly provided.
+- Special characters such as `:` or `*` must be URL-encoded.
+- API actions generally apply to newly raised alerts, not existing ones.
+- Use the appropriate API view endpoints to verify applied changes.
+
+```bash
+curl "http://zap/<format>/<component>/<operation>/<operation-name>/?param1=value1&param2=value2"
+```
 
 ![zap_desktop_api](../images/zap_desktop_api.png)
 

From 4a50947b4e8a406bade28ea7f74f6fad49b2eae1 Mon Sep 17 00:00:00 2001
From: Sachin Vishwakarma <98205043+SachinAditya@users.noreply.github.com>
Date: Fri, 2 Jan 2026 21:11:39 +0530
Subject: [PATCH 03/11] Add general guidance for using the ZAP API with curl

This pull request adds general guidance on using the ZAP API with curl,
focusing on common usage details such as parameter encoding, boolean
parameters, and typical pitfalls when constructing API requests.

The documentation is added at a general level (welcome/introduction),
without modifying any generated or endpoint-specific API definitions.

This change follows the feedback provided on PR #244 and Issue #88,
by keeping endpoint documentation unchanged while improving overall
API usability for users interacting with the ZAP API via curl.


Signed-off-by: Sachin Vishwakarma <98205043+SachinAditya@users.noreply.github.com>

From 0103c9477acc6ad82f6bcb28abf9243bc074fc13 Mon Sep 17 00:00:00 2001
From: Sachin Vishwakarma <98205043+SachinAditya@users.noreply.github.com>
Date: Sat, 3 Jan 2026 22:00:34 +0530
Subject: [PATCH 04/11] docs: move curl usage guidance under Access the API

This change moves the general curl usage guidance under the
"Access the API" section, where the API URL format and access
details are already introduced.

The content remains general and avoids modifying any
generated or endpoint-specific API documentation, following
maintainer feedback.

This improves the structure and readability of the
documentation for users interacting with the ZAP API via curl.


Signed-off-by: Sachin Vishwakarma <98205043+SachinAditya@users.noreply.github.com>
---
 source/includes/welcome.md | 33 ++++++++++++++-------------------
 1 file changed, 14 insertions(+), 19 deletions(-)

diff --git a/source/includes/welcome.md b/source/includes/welcome.md
index 0dc193e..5cd7a28 100755
--- a/source/includes/welcome.md
+++ b/source/includes/welcome.md
@@ -53,22 +53,6 @@ The ZAP API is a REST based API.
 It can be accessed via HTTP/HTTPS and supports JSON, XML and other formats.
 ...
 
-## Using the ZAP API with curl
-
-When interacting with the ZAP API using curl, keep the following points in mind:
-
-- All parameter values must be URL-encoded.
-- Boolean parameters (for example `enabled`) must be explicitly provided.
-- Special characters such as `:` or `*` must be URL-encoded.
-- API actions generally apply to newly raised alerts, not existing ones.
-- Use the appropriate API view endpoints to verify applied changes.
-
-```bash
-curl "http://zap/<format>/<component>/<operation>/<operation-name>/?param1=value1&param2=value2"
-```
-
-![zap_desktop_api](../images/zap_desktop_api.png)
-
 <aside class="notice">
 ZAP requires an API Key to perform specific actions via the REST API. The API key must be specified on all API 'actions' and some 'other' operations. 
 The API key is used to prevent malicious sites from accessing ZAP APIs. It is strongly recommended that you set a key 
@@ -100,17 +84,28 @@ browsing the [API Catalogue](#api-catalogue).
 
 ### Access the API
 
+...
 The REST API can be accessed directly or via one of the [client implementations](#client_sdk) detailed below.  
 A simple web UI is also available to explore and use the APIs via the browser. This web UI can be accessed via [http://zap/](http://zap/) 
 when you are proxying through ZAP, or via the host and port ZAP is listening on, e.g. [http://localhost:8080/](http://localhost:8080/). 
 
-![zap_api_ui](../images/zap_api_ui.png)
-
 By default only the machine ZAP is running on is able to access the APIs. You can [allow other machines](https://www.zaproxy.org/faq/how-can-i-connect-to-zap-remotely/), 
 that are able to use ZAP as a proxy, access to the API.
 
-### Client SDKs
+### Using the ZAP API with curl
+
+When interacting with the ZAP API using curl, keep the following points in mind:
+
+- All parameter values must be URL-encoded.
+- Boolean parameters (for example `enabled`) must be explicitly provided.
+- Special characters such as `:` or `*` must be URL-encoded.
+- API actions generally apply to newly raised alerts, not existing ones.
+- Use the appropriate API view endpoints to verify applied changes.
 
+```bash
+curl "http://zap/<format>/<component>/<operation>/<operation-name>/?param1=value1&param2=value2"
+```
+### Client SDKs
 API clients are available for the following languages:
 
 | **Language** | **Download links** | **Notes** |

From 7d9d186a805577d8f07e6e6c6231cbd400012d21 Mon Sep 17 00:00:00 2001
From: Sachin Vishwakarma <98205043+SachinAditya@users.noreply.github.com>
Date: Thu, 15 Jan 2026 16:28:35 +0530
Subject: [PATCH 05/11] Clarify curl API parameter guidance and remove
 redundancy

Signed-off-by: Sachin Vishwakarma <98205043+SachinAditya@users.noreply.github.com>
---
 source/includes/welcome.md | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/source/includes/welcome.md b/source/includes/welcome.md
index 5cd7a28..790136f 100755
--- a/source/includes/welcome.md
+++ b/source/includes/welcome.md
@@ -97,10 +97,7 @@ that are able to use ZAP as a proxy, access to the API.
 When interacting with the ZAP API using curl, keep the following points in mind:
 
 - All parameter values must be URL-encoded.
-- Boolean parameters (for example `enabled`) must be explicitly provided.
-- Special characters such as `:` or `*` must be URL-encoded.
-- API actions generally apply to newly raised alerts, not existing ones.
-- Use the appropriate API view endpoints to verify applied changes.
+- Some boolean parameters (for example `enabled`) may need to be explicitly provided when deviating from default values.
 
 ```bash
 curl "http://zap/<format>/<component>/<operation>/<operation-name>/?param1=value1&param2=value2"

From 2cfa97f77bf4c6d00ab045362fd4f00837ae566a Mon Sep 17 00:00:00 2001
From: Sachin Vishwakarma <98205043+SachinAditya@users.noreply.github.com>
Date: Thu, 15 Jan 2026 16:50:18 +0530
Subject: [PATCH 06/11] Remove unrelated API basics text and keep PR focused on
 curl usage

Signed-off-by: Sachin Vishwakarma <98205043+SachinAditya@users.noreply.github.com>
---
 source/includes/welcome.md | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/source/includes/welcome.md b/source/includes/welcome.md
index 790136f..85b347c 100755
--- a/source/includes/welcome.md
+++ b/source/includes/welcome.md
@@ -49,10 +49,6 @@ nor arguments are shown. View the API catalogue to see all the parameters and sc
 </aside>
 ## Basics on the API Request
 
-The ZAP API is a REST based API.
-It can be accessed via HTTP/HTTPS and supports JSON, XML and other formats.
-...
-
 <aside class="notice">
 ZAP requires an API Key to perform specific actions via the REST API. The API key must be specified on all API 'actions' and some 'other' operations. 
 The API key is used to prevent malicious sites from accessing ZAP APIs. It is strongly recommended that you set a key 

From e4d94b7a2ca30ddda9c92429bffab7378c298b90 Mon Sep 17 00:00:00 2001
From: Sachin Vishwakarma <98205043+SachinAditya@users.noreply.github.com>
Date: Sat, 17 Jan 2026 00:07:25 +0530
Subject: [PATCH 07/11] Revert alertFilter endpoint description to original

Signed-off-by: Sachin Vishwakarma <98205043+SachinAditya@users.noreply.github.com>
---
 openapi.yaml | 21 ++++++---------------
 1 file changed, 6 insertions(+), 15 deletions(-)

diff --git a/openapi.yaml b/openapi.yaml
index ac5ffcc..ec0b8f5 100644
--- a/openapi.yaml
+++ b/openapi.yaml
@@ -1361,27 +1361,18 @@ paths:
         type: "string"
 /JSON/alertFilter/action/addAlertFilter/:
   get:
-    description: |
-      Adds a new alert filter for the context with the given ID.
-
-      This filter only applies to alerts raised within the specified context.
-
-      Notes:
-      - 'contextId' is required and must refer to an existing context.
-      - 'ruleId' must match the alert rule ID from ZAP.
-      - Set 'enabled=true' for the filter to take effect.
-      - Parameters passed via curl must be URL-encoded.
+    description: "Adds a new alert filter for the context with the given ID."
     operationId: "alertFilterActionAddAlertFilter"
     tags:
-    - "alertFilter"
+      - "alertFilter"
     responses:
       default:
         $ref: "#/components/responses/ErrorJson"
-
     parameters:
-    - name: "contextId"
-      in: "query"
-      required: true
+      - name: "contextId"
+        in: "query"
+        required: true
+
       description: "The numeric ID of the context for which the filter should be added."
       schema:
         type: "string"

From 77600aed48e77901e13a5c0481d32964f4cb990d Mon Sep 17 00:00:00 2001
From: Sachin Vishwakarma <98205043+SachinAditya@users.noreply.github.com>
Date: Sat, 17 Jan 2026 00:14:57 +0530
Subject: [PATCH 08/11] Restore API basics sections and revert endpoint docs

Signed-off-by: Sachin Vishwakarma <98205043+SachinAditya@users.noreply.github.com>
---
 source/includes/welcome.md | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/source/includes/welcome.md b/source/includes/welcome.md
index 85b347c..0f20229 100755
--- a/source/includes/welcome.md
+++ b/source/includes/welcome.md
@@ -46,13 +46,19 @@ The API documentation is divided into nine main sections.
 <aside class="notice">
 The examples show some usages with the minimal required arguments. However, this is not a reference, and not all APIs 
 nor arguments are shown. View the API catalogue to see all the parameters and scope of each API.
-</aside>
-## Basics on the API Request
+</a![zap_api_ui](../images/zap_api_ui.png)
+Basics on the API Request
+
+ZAP APIs provide access to most of the core features of ZAP such as the active scanner and spider. ZAP API is enabled by default
+in the daemon mode and the desktop mode. If you are using ZAP desktop, then the API can be configured by visiting the following screen:
+
+`Tools -> Options -> API`.
+
+![zap_desktop_api](../images/zap_desktop_api.png)
 
 <aside class="notice">
-ZAP requires an API Key to perform specific actions via the REST API. The API key must be specified on all API 'actions' and some 'other' operations. 
-The API key is used to prevent malicious sites from accessing ZAP APIs. It is strongly recommended that you set a key 
-unless you are using ZAP in a completely isolated environment.
+ZAP requires an API Key to perform specific actions via the REST API. The API key must be specified on all API 'actions' and some 'other' operations.
+The API key is used to prevent malicious sites from accessing ZAP APIs. It is strongly recommended that you set a key unless you are using ZAP in a completely isolated environment.
 </aside>
 
 <aside class="warning">
@@ -60,9 +66,10 @@ Also make sure that you have installed the necessary add-ons while invoking feat
 For example, if you receive "no_implementor error" in relation to Ajax Spider calls, perhaps the Ajax Spider add-on isn't installed.
 </aside>
 
-Please note that not all the operations which are available in the desktop interface are available via the APIs. 
+Please note that not all the operations which are available in the desktop interface are available via the APIs.
 Future versions of ZAP will increase the functionality/scope available via the APIs.
 
+
 ### API URL Format
 
 The API is available via `GET` and `POST` endpoints and the response is available in `JSON`, `XML`, `HTML`, and `OTHER` (custom formats, e.g. HAR) formats. 

From 2e42ca1699a5572d41254bf77e9b712b99a6c838 Mon Sep 17 00:00:00 2001
From: Sachin Vishwakarma <98205043+SachinAditya@users.noreply.github.com>
Date: Sat, 17 Jan 2026 00:53:32 +0530
Subject: [PATCH 09/11] Revert openapi.yaml to upstream

Signed-off-by: Sachin Vishwakarma <98205043+SachinAditya@users.noreply.github.com>
---
 openapi.yaml | 25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/openapi.yaml b/openapi.yaml
index ec0b8f5..0f02877 100644
--- a/openapi.yaml
+++ b/openapi.yaml
@@ -1359,20 +1359,19 @@ paths:
       description: ""
       schema:
         type: "string"
-/JSON/alertFilter/action/addAlertFilter/:
-  get:
-    description: "Adds a new alert filter for the context with the given ID."
-    operationId: "alertFilterActionAddAlertFilter"
-    tags:
+  /JSON/alertFilter/action/addAlertFilter/:
+    get:
+      description: "Adds a new alert filter for the context with the given ID."
+      operationId: "alertFilterActionAddAlertFilter"
+      tags:
       - "alertFilter"
-    responses:
-      default:
-        $ref: "#/components/responses/ErrorJson"
-    parameters:
-      - name: "contextId"
-        in: "query"
-        required: true
-
+      responses:
+        default:
+          $ref: "#/components/responses/ErrorJson"
+    parameters:
+    - name: "contextId"
+      in: "query"
+      required: true
       description: "The numeric ID of the context for which the filter should be added."
       schema:
         type: "string"

From 30304e5608f81ae4b8f156cbe43b589c9a4b6bf9 Mon Sep 17 00:00:00 2001
From: Sachin Vishwakarma <98205043+SachinAditya@users.noreply.github.com>
Date: Sat, 17 Jan 2026 01:16:02 +0530
Subject: [PATCH 10/11] Add curl usage guidance section

Signed-off-by: Sachin Vishwakarma <98205043+SachinAditya@users.noreply.github.com>
---
 source/includes/welcome.md | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/source/includes/welcome.md b/source/includes/welcome.md
index 0f20229..9bcdadb 100755
--- a/source/includes/welcome.md
+++ b/source/includes/welcome.md
@@ -46,19 +46,21 @@ The API documentation is divided into nine main sections.
 <aside class="notice">
 The examples show some usages with the minimal required arguments. However, this is not a reference, and not all APIs 
 nor arguments are shown. View the API catalogue to see all the parameters and scope of each API.
-</a![zap_api_ui](../images/zap_api_ui.png)
-Basics on the API Request
+</aside>
+
+## Basics on the API Request
 
 ZAP APIs provide access to most of the core features of ZAP such as the active scanner and spider. ZAP API is enabled by default
-in the daemon mode and the desktop mode. If you are using ZAP desktop, then the API can be configured by visiting the following screen:
+in the daemon mode and the desktop mode. If you are using ZAP desktop, then the API can be configured by visiting the following screen: 
 
 `Tools -> Options -> API`.
 
 ![zap_desktop_api](../images/zap_desktop_api.png)
 
 <aside class="notice">
-ZAP requires an API Key to perform specific actions via the REST API. The API key must be specified on all API 'actions' and some 'other' operations.
-The API key is used to prevent malicious sites from accessing ZAP APIs. It is strongly recommended that you set a key unless you are using ZAP in a completely isolated environment.
+ZAP requires an API Key to perform specific actions via the REST API. The API key must be specified on all API 'actions' and some 'other' operations. 
+The API key is used to prevent malicious sites from accessing ZAP APIs. It is strongly recommended that you set a key 
+unless you are using ZAP in a completely isolated environment.
 </aside>
 
 <aside class="warning">
@@ -66,10 +68,9 @@ Also make sure that you have installed the necessary add-ons while invoking feat
 For example, if you receive "no_implementor error" in relation to Ajax Spider calls, perhaps the Ajax Spider add-on isn't installed.
 </aside>
 
-Please note that not all the operations which are available in the desktop interface are available via the APIs.
+Please note that not all the operations which are available in the desktop interface are available via the APIs. 
 Future versions of ZAP will increase the functionality/scope available via the APIs.
 
-
 ### API URL Format
 
 The API is available via `GET` and `POST` endpoints and the response is available in `JSON`, `XML`, `HTML`, and `OTHER` (custom formats, e.g. HAR) formats. 
@@ -87,11 +88,12 @@ browsing the [API Catalogue](#api-catalogue).
 
 ### Access the API
 
-...
 The REST API can be accessed directly or via one of the [client implementations](#client_sdk) detailed below.  
 A simple web UI is also available to explore and use the APIs via the browser. This web UI can be accessed via [http://zap/](http://zap/) 
 when you are proxying through ZAP, or via the host and port ZAP is listening on, e.g. [http://localhost:8080/](http://localhost:8080/). 
 
+![zap_api_ui](../images/zap_api_ui.png)
+
 By default only the machine ZAP is running on is able to access the APIs. You can [allow other machines](https://www.zaproxy.org/faq/how-can-i-connect-to-zap-remotely/), 
 that are able to use ZAP as a proxy, access to the API.
 
@@ -106,6 +108,7 @@ When interacting with the ZAP API using curl, keep the following points in mind:
 curl "http://zap/<format>/<component>/<operation>/<operation-name>/?param1=value1&param2=value2"
 ```
 ### Client SDKs
+
 API clients are available for the following languages:
 
 | **Language** | **Download links** | **Notes** |

From 3bfc4777541cda11c67ee0d1e51239d93c7b1e5d Mon Sep 17 00:00:00 2001
From: Sachin Vishwakarma <98205043+SachinAditya@users.noreply.github.com>
Date: Sat, 17 Jan 2026 18:50:51 +0530
Subject: [PATCH 11/11] fix: add blank line before Client SDKs heading

Added a new section for Client SDKs in the welcome documentation.

Signed-off-by: Sachin Vishwakarma <98205043+SachinAditya@users.noreply.github.com>
---
 source/includes/welcome.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/source/includes/welcome.md b/source/includes/welcome.md
index 9bcdadb..ab55070 100755
--- a/source/includes/welcome.md
+++ b/source/includes/welcome.md
@@ -107,6 +107,7 @@ When interacting with the ZAP API using curl, keep the following points in mind:
 ```bash
 curl "http://zap/<format>/<component>/<operation>/<operation-name>/?param1=value1&param2=value2"
 ```
+
 ### Client SDKs
 
 API clients are available for the following languages: