I want to run security scans for few REST APIs. These APIs use OAuth and are divided into two sets each using different Grant Type.

I want to run security scan using ZAP tool and I am not able to automate the process of getting OAuth Token used by the requests.

I am using SoapUI to record the APIs in ZAP which works very fine. But when the token expires, I have to re-record or edit token manually after retrieving it using SoapUI or PostMan.

A kind request to provide steps in little bit detail.

Please let me know if more details are required.

Any help will be really appreciated

I was able to find the solution for this. Posting the solution here as well, please refer following URL:

https://groups.google.com/forum/#!searchin/zaproxy-users/Sam%7Csort:relevance/zaproxy-users/HJZ8gxk17M8/5WQuD7t3AAAJ