# Risk Focus Blackbox Assessment Now Available via Takumi API [Risk Focus Assessment](/docs/r/202602-takumi-risk-focus), previously available only through the web console, is now supported in [Takumi API](/docs/t/api) blackbox assessments. Risk Focus Assessment lets you **start with the highest-risk areas, review results, and incrementally expand the assessment scope** — all within a credit limit. You can set priorities explicitly or let Takumi prioritize automatically based on risk analysis. When the credit limit is reached, the assessment outputs results up to that point and stops. You can then add more credits and resume where you left off. This is useful when you want predictable credit consumption or need to prioritize critical areas within a budget. ## Usage Examples ### Assess within a Credit Limit {#auto-prioritization} To assess within a credit limit with automatic prioritization, specify `crawl_credit_limit` and/or `scan_credit_limit` when dispatching the workflow. Each can be set independently. The following example sets a crawl credit limit of 20 and a scan credit limit of 50 (consuming at most 70 credits total). ```typescript const { workflow_run_id } = await fetch( `${TAKUMI_API}/v1/o/${TAKUMI_ORG}/workflows/blackbox-assessment/dispatch`, { method: "POST", headers, body: JSON.stringify({ input: { language: "english", target_urls: ["https://app.example/"], crawl_credit_limit: 20, // Credit limit for crawling (optional) scan_credit_limit: 50, // Credit limit for scanning (optional) }, }), }, ).then((r) => r.json()); ``` When `crawl_credit_limit` is set and the limit is reached during crawling, the crawl stops and scanning begins on the features discovered so far. After crawling, Takumi automatically determines the priority of each feature-perspective combination based on risk analysis and scans them in priority order. When `scan_credit_limit` is reached, the assessment outputs the results collected so far and stops. When the assessment finishes, you receive the assessment report and findings, along with a `scan_progress` artifact that shows which feature-perspective combinations were completed. ```js { // Combinations that were scanned "completed": [ { "feature_name": "authentication", "perspective": "Injection" }, { "feature_name": "user_settings", "perspective": "Authorization" }, // ... ], // Combinations skipped because they were deemed unnecessary "skipped": [ { "feature_name": "Apex", "perspective": "CSRF" }, // ... ], } ``` To assess more combinations, see [Resume an Assessment with Additional Credits](#continue-assessment). ### Assess within a Credit Limit with Custom Priorities {#custom-prioritization} You can also set priorities explicitly for each feature-perspective combination. This lets you adjust priorities based on business impact, recent code changes, or other factors. Specify the `priority` field in the `pairs` parameter used for [scoped assessments and retests](/docs/r/202603-takumi-api-blackbox-scoped-assessment). ```typescript const { workflow_run_id } = await fetch( `${TAKUMI_API}/v1/o/${TAKUMI_ORG}/workflows/blackbox-assessment/dispatch`, { method: "POST", headers, body: JSON.stringify({ input: { language: "english", target_urls: ["https://app.example/"], scan_credit_limit: 50, // Credit limit for scanning (optional) // Reuse features discovered by a previous crawl workflow resume: { kind: "assess_crawled_features", assess_crawled_features: { workflow_id: "blackbox-crawl", workflow_run_id: "TWR...", // workflow_run_id of the crawl }, }, pairs: [ // feature_name must match a name from the crawl workflow's `features` artifact { feature_name: "authentication", perspective: "Injection", priority: "high", }, { feature_name: "user_settings", perspective: "Authorization", priority: "medium", }, { feature_name: "product_catalog", perspective: "XSS", priority: "low", }, // When priority is omitted, Takumi assigns one automatically based on risk analysis { feature_name: "checkout", perspective: "BusinessLogic" }, ], }, }), }, ).then((r) => r.json()); ``` When the credit limit is reached, you can check which combinations were completed using the `scan_progress` artifact, as described in [Assess within a Credit Limit](#auto-prioritization). :::info Setting custom priorities requires that features have already been discovered by a Takumi API workflow (`blackbox-crawl` or `blackbox-assessment`). Specify the feature names from the `features` artifact of that workflow in `pairs`, and provide the corresponding `workflow_run_id` in `resume.assess_crawled_features`. ::: ## Resume an Assessment with Additional Credits {#continue-assessment} You can resume an assessment that stopped due to a credit limit or was scoped to a subset of combinations. The resumed assessment inherits the previous results and continues scanning unscanned combinations in priority order. ```typescript const { workflow_run_id: next_workflow_run_id } = await fetch( `${TAKUMI_API}/v1/o/${TAKUMI_ORG}/workflows/blackbox-assessment/dispatch`, { method: "POST", headers, body: JSON.stringify({ input: { language: "english", target_urls: ["https://app.example/"], scan_credit_limit: 50, // Credit limit for the additional scan (optional) resume: { kind: "continue_assessment", continue_assessment: { workflow_id: "blackbox-assessment", workflow_run_id: workflow_run_id, // workflow_run_id of the assessment to resume }, }, // Optionally scope or reprioritize (omit to let Takumi prioritize all remaining combinations) pairs: [ // feature_name must match a name from the resumed assessment's `features` artifact { feature_name: "authentication", perspective: "Injection", priority: "high", }, // ... ], }, }), }, ).then((r) => r.json()); ``` You can optionally specify `pairs` to scope the resumed assessment to specific combinations or adjust priorities. If omitted, Takumi automatically prioritizes all remaining unscanned combinations. You can repeat this cycle — assess, review results, resume — to incrementally expand your assessment scope while reviewing findings along the way. ## Limitations This feature is **only available for assessments dispatched via the Takumi API**. You cannot resume a web console assessment from the API, or vice versa. For details, see [Relationship with the Web Console's "Assessment" Feature](/docs/t/api#relationship-with-existing-features) in the API user guide. ## Getting Started See the [API documentation](/docs/t/api) for full details.