Skip to main content

🔎 Start your first scan

In its most simple form, an API endpoint is everything we need to start scans on a GraphQL API.

Application creation stepper

  1. Go to your applications list and click on Secure a new app
  2. Enter your GraphQL endpoint and click on Next
  3. Add an authorization header if desired or click on Skip
  4. Select a name for the application, and select if you want the scan to send queries and mutations (read-write mode), or only queries (read-only, safe for production). Click on Start scanning.
  5. You are all set!

Common pitfalls

My endpoint is not a GraphQL endpoint

It might occur that we cannot detect if an API endpoint is powered by a GraphQL engine. In the case it is legit not a GraphQL endpoint and you might want to discuss with us to be early testers of non-graphql APIs security tests.

My endpoint is a GraphQL endpoint but requires authentication

A common reason for our test to fail is also that the endpoint requires authentication parameters, whether it be a firewall protecting the server, or an application layer ensuring authentication for the query we use in order to fingerprint the API (query { __typename }). In this case, you are offered to provide authorization headers, that will be attached to the HTTP requests we send.