# Secure GraphQL APIs using Akto

## Introduction

You can use Akto to help you secure your GraphQL APIs in CI/CD pipeline

* Automate GraphQL [API Inventory](#api-inventory)
* [Sensitive data exposure](#sensitive-data-exposure)
* [Run test](#run-owasp-top-10-tests) for OWASP API top 10 vulnerabilities
* Write your own [custom tests for GraphQL APIs](#custom-graphql-security-tests)
* [Run tests in CI/CD](#run-tests-in-ci-cd)

## API Inventory

Akto can automatically prepare an API Inventory for GraphQL APIs. Use one of our [traffic connectors](https://docs.akto.io/traffic-connector/traffic-data-sources). Akto will right away start populating APIs in the dashboard. You will see a separate entry for each `Query`, `Mutation` etc. You can see an example here.

Click on the API to see the schema for the query.

## Sensitive data exposure

Go to [Sensitive Data](https://docs.akto.io/api-inventory/concepts/sensitive-data) to check if your APIs are sending sensitive or PII data in the API response. You can also [configure Slack/Webhook alerts](https://docs.akto.io/api-inventory/concepts/alerts) for the same.

## Run OWASP Top 10 tests

Click on the **Run Test** button to start testing your APIs for all OWASP Top 10 and Hackerone Top 10 vulnerabilities.

## Custom GraphQL security tests

Using Akto's unique test editor, you can also write your own security tests for GraphQL APIs. See instructions for custom tests [here](https://docs.akto.io/test-editor/concepts/custom-test). There are a few GraphQL-specific instructions that you can use -

* add-
* delete-
* modify-

## Run tests in CI/CD

You can also automate GraphQL Security Testing by using our [GitHub action](https://docs.akto.io/api-security-testing/how-to/run-test) or [pre-deployment hook](https://docs.akto.io/api-security-testing/how-to/run-tests-in-cli-using-akto) to trigger tests in your CI/CD pipeline.

Feel free to write us at <support@akto.io> for any help.