diff --git a/content/docs/1.getting-started/05.api-scan/2.creating-a-collection.md b/content/docs/1.getting-started/05.api-scan/2.creating-a-collection.md
index 46cd255..38435a0 100644
--- a/content/docs/1.getting-started/05.api-scan/2.creating-a-collection.md
+++ b/content/docs/1.getting-started/05.api-scan/2.creating-a-collection.md
@@ -34,7 +34,7 @@ Once your target is set up:
## Step 3: Select Your API Source Type
-ZeroThreat offers many options for importing your API collection:
+ZeroThreat offers multiple methods to create or import your API collection. In Step 3, choose any one method based on how your APIs are available, such as uploading an existing collection, importing from a cloud source, or recording API requests using ZeroThreat API Recorder.
| Source Type | Description |
| ---------------------- | ----------------------------------------------------------------------------- |
@@ -131,7 +131,15 @@ If your APIs are managed in **MuleSoft Anypoint Platform**, you can connect Zero
::fiqure-img{source="/Images/image (385).png"}
::
-2. **Set Up Integration**
+2. **Required MuleSoft Scope**
+
+ Before connecting MuleSoft with ZeroThreat, make sure your MuleSoft connected app has the required access scope.\
+ In MuleSoft Anypoint Platform, go to **Access Management > Connected Apps**, open your connected app, then click **Add Scopes** and assign the **Exchange Viewer** scope.
+
+ ::fiqure-img{source="/Images/image (506).png"}
+ ::
+
+3. **Set Up Integration**
* Enter a **Connection Name**.
* Provide your **Client ID** and **Client Secret** from your MuleSoft Anypoint account.
* ZeroThreat will validate the credentials before proceeding.
@@ -139,7 +147,7 @@ If your APIs are managed in **MuleSoft Anypoint Platform**, you can connect Zero
::fiqure-img{source="/Images/image (386).png"}
::
-3. **Fetch APIs**
+4. **Fetch APIs**
* Once validated, ZeroThreat fetches your available organizations and API assets.
* Choose the **Connection** (newly created or previously saved).
@@ -295,6 +303,62 @@ Your Postman Cloud APIs will be added as a Collection in ZeroThreat. You can opt
+#### ZeroThreat API Recorder
+
+ZeroThreat API Recorder lets you create an API collection by browsing your web application and capturing the API requests triggered during normal user actions. This is useful when you do not already have an API collection ready, when API inventory is missing, or when new APIs have been added and need to be discovered through frontend workflows. Instead of manually uploading a specification file, you can let ZeroThreat collect in-scope API requests as you interact with the application.
+
+**Prerequisite:** You must have the ZeroThreat Chrome Extension installed.
+
+Steps to create a collection using ZeroThreat API Recorder
+
+1. Click **ZeroThreat API Recorder**.
+
+::fiqure-img{source="/Images/image (501).png"}
+::
+
+2. Enter a **Collection Name** and the **Web Application URL**.
+
+::fiqure-img{source="/Images/image (502).png"}
+::
+
+The Web Application URL is the frontend application where the recorder will open. As you browse the application, ZeroThreat captures API requests that belong to the target scope.
+
+::hint{ style="background-color:#f7fcff; border:1px solid #07405a33; color:#1e6995;" icon="circle-info" iconClass="text-sky-600"}
+###### If your frontend and APIs use the same domain or subdomain, you can use that application URL directly.
+
+###### If your frontend and APIs use different subdomains, create the ZeroThreat target using the API domain, then enter the frontend URL as the Web Application URL.
+
+###### For example, if your API is hosted on `api.example.com` and your frontend is hosted on `app.example.com`, create the target for `api.example.com` and enter `app.example.com` as the Web Application URL. The recorder will open the frontend, and API requests made to the target API domain will be collected.
+::
+
+::hint{ style="background-color:#fff4e6; color:#f97316; border:1px solid #f6d2b0;" icon="triangle-exclamation" iconClass="text-[#f97316]"}
+###### **Note:** API requests outside the configured target scope will not be included in the collection.
+::
+
+3. Click **Open Extension to Record API Requests**. This opens the web application in a new tab and launches the ZeroThreat Chrome Extension on that page.
+4. In the extension, click **Start Recording**.
+
+::fiqure-img{source="/Images/image (503).png"}
+::
+
+5. Browse the application and perform the user actions that trigger the APIs you want to include in the collection.
+6. When you are done, click **Stop Recording** in the extension and click **Save** to store the API collection.
+
+::fiqure-img{source="/Images/image (504).png"}
+::
+
+7. Return to the ZeroThreat portal and click **Next**.
+
+::fiqure-img{source="/Images/image (505).png"}
+::
+
+The captured APIs will be added to the collection and can be used for scanning.
+
+
| Plan | Pricing | Hosts | Parallel Scans | Re-Tests | CI/CD Integration | Issue Tracking Integration | Notification Integration | Static IP | Production-Safe Testing | Agentic AI Pentesting | Complex UI Flow Automation (Playwright) | Custom Attack Templates | White-Label Reports | CVE Based Attack Coverage (Scan Profile) | Open Attack Coverage (Scan Profile) | Popular CVE's (Scan Profile) | Quick Test | Delay Days for latest CVE's |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Free Plan | $0/month – 5 scans on signup with limited report view, then 1 scan/month with limited report view | Unlimited | 1 per host | No | No | No | No | No | No | Yes | No | No | No | Preview | Preview | No | No | Not Applicable |
| Professional Cloud | $100/month for the first host, $75/month for each additional host up to 10. 20% off annual upfront payment | 1–10 | 1 per host | Unlimited | No | No | Yes | No | No | Yes | No | No | No | Yes | Preview | No | Yes | 30 |
| Professional Pay-Per-Scan | $25 per scan. Minimum purchase: $125 for 5 credits | Unlimited | Usage-based | Free 1-week Re-Rest | No | No | No | No | No | Yes | No | No | No | Preview | Preview | Yes | No | 30 |
| Enterprise Cloud | Contact Sales | 10+ | 3 per host | Unlimited | Yes | Yes | Yes | Yes – Extra | Yes | Yes | Yes | Yes – Nuclei + Burp + Faster Updates | Yes | Yes | Yes | No | Yes | 0 |
| Enterprise Pay-Per-Scan | Contact Sales | Unlimited | Usage-based | Free 1-week Re-Test | No | No | Yes | Yes – Extra | No | Yes | No | Yes – Nuclei + Burp + Faster Updates | Yes | Yes | Yes | No | No | 0 |
| Enterprise On-Prem | Contact Sales | Unlimited | 2 per instance | Unlimited | Yes | Yes | Yes | Not Applicable | Yes | Yes | Yes | Yes – Nuclei + Burp + Faster Updates | Yes | Yes | Yes | No | Yes | 0 |