Can we use the API /api/2.0/fo/asset/host/vm/detection/ to get the vulnerabilities identified in Web application scanning?
No, that API call is part of the VM module. You would need to use the WAS API. Take a look at the WAS API User Guide, which you can download from the "Resources" page under Help in the Qualys platform.
Retrieving data ...