Your WhiteHat Portal Profile

If you prefer to view/print in PDF format, click: Getting Started - The Basics, which includes Logging On, WhiteHat Portal Supported Browsers, and Your WhiteHat Portal Profile.

To view your profile, click on My Profile in the upper right of your WhiteHat Portal interface.

my profile link2

The My Profile page is displayed.

my profile main1

Field No. Field Name Description


User Details

Here you can use Edit My Profile to edit information, such as name, title, email, etc. You can also use Update Password.


Public Key

Edit your Public Key encryption information



View, create or regenerate your web API Key information

My Profile

To edit information in your profile, click User Details > Edit My Profile.

edit profile

The My Profile editing screen is displayed.

edit profile screen View or make changes to your profile, as follows:

  1. The First name and Last name fields must be populated.

  2. Type your Title (e.g. IT Security Manager), Mobile number, and Telephone number. Then select your appropriate timezone from the Timezone drop-down menu.

  3. From the Email frequency drop-down, select one of the following:

    • Daily

    • Weekly

    • Monthly

    If you require more granular email frequency, please contact
  4. Choose your email triggers and select whether or not to see hostnames in DAST-related emails, if that is available to you.

  5. Click Save.

Changing Your Password

Password guidelines are determined by your WhiteHat Portal Administrator. Your organization may have adopted single sign-on or multi-factor authentication. If you are using single sign-on, you will not need to enter your WhiteHat Portal password; instead simply log on via your SSO. If you are not using single sign-on and you need to change your password, click User Details > Update Password.

update password

The Update Password editing window is displayed.

update password 2

  1. Type your Old password.

  2. Type your New password and repeat it in the Confirm new password field. Both entries must match to proceed.

  3. Click Save.

Password Format and Guidance

By default, the WhiteHat Portal will require that your password contain at least six characters, including at least one number and at least one letter. Additionally, password restrictions may be in place, which enforces that your password adopts some or all of the following:

  • Uppercase letters

  • Lowercase letters

  • Numerals

  • Special characters

  • Excludes all/part of username

  • Excludes all/part of email

Always protect your password. If someone else obtains your password, they may gain access to your vulnerability information. Synopsys Support will never ask for your password.

Public Key

If your server uses Pretty Good Privacy (PGP), you can use your public key to send secure data across potentially insecure networks. You can enter or delete your public key here. If you have questions about PGP, see your network administrator.

  1. Click Public Key to display the Public Key editing page.

    public key 3

  2. Type your key into the free text field.

  3. Click Save, or Cancel to cancel the operation.


Each user account may generate a unique 32-character Web API Key, which is used to authenticate your API requests. The Web API key is intended for use inside the applications that are accessing the API. It is not intended for accessing the API through your browser.

If You Have a WhiteHat Portal Password:

To view the API key, or to create a new one:

  1. Click API Key.

    api key 2

  2. When prompted for your WhiteHat Portal password, type your password into the text field.

  3. Click Authenticate

Your key will now be displayed. If you have never requested your API key before, a key will be generated for you.

If You Access the WhiteHat Portal Using Single Sign-On (SSO)

To view the API key, or to create a new one:

  1. Click API Key.

    api key

  2. Your account requires additional authentication. Choose either Request Code by SMS or Request Code by Call. Your authentication code will be provided via the option selected.

    request sso code for api key

  3. Ensure that the confirmation banner is displayed at the top of the screen, which confirms if the code has been sent.

  4. Once the code is received, type it into the Code field.

  5. Ensure that your key is displayed in the API key field. If you have never requested your API key before, a key will be generated for you.

Protect your web key. Your key is the equivalent of a user name and password that gives access to all your vulnerability data. Treat it as carefully as any other password. Synopsys strongly recommends that you never use your Web API Key in your browser. It is only intended for use when accessing the API programmatically. If you do use it directly in a URL, it is logged to your browser history. Therefore, if you must use your Web API Key in your browser, you are strongly encouraged to clear your browser history/cache automatically every time you log out of WhiteHat Dynamic. Otherwise, your key will be visible to anyone who gets physical or electronic access to your browser history.

Regenerating Your API Key

From time to time, it may be necessary to regenerate your existing API key.

To regenerate your API key, perform the following steps:

  1. Type your password into the text field.

    api key regenerate 4

  2. Click Authenticate.

  3. Click Regenerate API Key.

    api key regenerate 5

  4. Click Confirm.

    api key regenerate 6

  5. A confirmation banner is displayed at the top of the screen, which confirms the API Key has been regenerated.

    api key regenerate 7

  6. The regenerated API Key is displayed in the API key field.

Regenerating Your API Key Using Single Sign-On (SSO)

If you access WhiteHat Dynamic using Single Sign-On (SSO), perform the following steps to regenerate your API Key:

  1. On the My Profile page, select API Key.

  2. View your existing API key:

    1. Click Request Code by SMS or Request Code by Call to request an authentication code. A confirmation banner confirms that the code was sent.

    2. Enter your code in the Code field and then click Submit. If the code was accepted, your existing API key is displayed at the bottom of the page under API key:

      api key regenerate sso 1

  3. Regenerate your API key:

    1. First, you must request another authentication code by SMS or phone.

    2. Enter your new code in the Code field (replacing the previous code) and then click Submit.

    3. Click Regenerate API Key.

    4. In the confirmation dialog, click Confirm to proceed.

      api key regenerate 2

      A confirmation banner confirms that the API key was successfully regenerated. The new API key is displayed under API key:

      api key regenerate sso 2 success