diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
index 937cbd887..9143504a4 100644
--- a/.github/workflows/checks.yml
+++ b/.github/workflows/checks.yml
@@ -107,7 +107,7 @@ jobs:
         uses: zaproxy/action-api-scan@v0.1.1
         with:
           docker_name: 'owasp/zap2docker-stable'
-          target: 'http://localhost:6011/_status'
+          target: 'http://localhost:6011/docs/openapi.yml'
           fail_action: true
           allow_issue_writing: false
           rules_file_name: 'zap.conf'
diff --git a/.github/workflows/daily_checks.yml b/.github/workflows/daily_checks.yml
index 99e47b7db..c0b981b7c 100644
--- a/.github/workflows/daily_checks.yml
+++ b/.github/workflows/daily_checks.yml
@@ -76,7 +76,7 @@ jobs:
         uses: zaproxy/action-api-scan@v0.1.1
         with:
           docker_name: 'owasp/zap2docker-weekly'
-          target: 'http://localhost:6011/_status'
+          target: 'http://localhost:6011/docs/openapi.yml'
           fail_action: true
           allow_issue_writing: false
           rules_file_name: 'zap.conf'
diff --git a/app/__init__.py b/app/__init__.py
index fe4ee6fc3..b70f00c4a 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -134,6 +134,7 @@ def register_blueprint(application):
     )
     from app.billing.rest import billing_blueprint
     from app.complaint.complaint_rest import complaint_blueprint
+    from app.docs import docs as docs_blueprint
     from app.email_branding.rest import email_branding_blueprint
     from app.events.rest import events as events_blueprint
     from app.inbound_number.rest import inbound_number_blueprint
@@ -193,6 +194,9 @@ def register_blueprint(application):
     status_blueprint.before_request(requires_no_auth)
     application.register_blueprint(status_blueprint)
 
+    docs_blueprint.before_request(requires_no_auth)
+    application.register_blueprint(docs_blueprint)
+
     # delivery receipts
     ses_callback_blueprint.before_request(requires_no_auth)
     application.register_blueprint(ses_callback_blueprint)
diff --git a/app/docs/__init__.py b/app/docs/__init__.py
new file mode 100644
index 000000000..2ac289131
--- /dev/null
+++ b/app/docs/__init__.py
@@ -0,0 +1,10 @@
+from os import path
+
+from flask import Blueprint, current_app, send_file
+
+docs = Blueprint('docs', __name__, url_prefix='/docs')
+
+@docs.route('/openapi.yml', methods=['GET'])
+def send_openapi():
+    openapi_schema = path.join(current_app.root_path, '../docs/openapi.yml')
+    return send_file(openapi_schema, mimetype='text/yaml'), 200
diff --git a/docs/testing.md b/docs/testing.md
index ad6c7e62e..cf6639bef 100644
--- a/docs/testing.md
+++ b/docs/testing.md
@@ -37,5 +37,11 @@ This will run an interactive prompt to create a user, and then mark that user as
 2. On your host machine run:
 
 ```
-docker run -v $(pwd):/zap/wrk/:rw --network="notify-network" -t owasp/zap2docker-weekly zap-api-scan.py -t http://dev:6011/_status -f openapi -c zap.conf
-```
\ No newline at end of file
+docker run -v $(pwd):/zap/wrk/:rw --network="notify-network" -t owasp/zap2docker-weekly zap-api-scan.py -t http://dev:6011/docs/openapi.yml -f openapi -c zap.conf
+```
+
+The equivalent command if you are running the API locally:
+
+```
+docker run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-weekly zap-api-scan.py -t http://host.docker.internal:6011/docs/openapi.yml -f openapi -c zap.conf
+```