Secure GraphQL APIs using Akto


You can use Akto to help you secure your GraphQL APIs in CI/CD pipeline

API Inventory

Akto can automatically prepare an API Inventory for GraphQL APIs. Use one of our traffic connectors. Akto will right away start populating APIs in the dashboard. You will see a separate entry for each Query, Mutation etc. You can see an example here.

Click on the API to see the schema for the query.

Sensitive data exposure

Go to Sensitive Data to check if your APIs are sending sensitive or PII data in the API response. You can also configure Slack/Webhook alerts for the same.

Run OWASP Top 10 tests

Click on the Run Test button to start testing your APIs for all OWASP Top 10 and Hackerone Top 10 vulnerabilities.

Custom GraphQL security tests

Using Akto's unique test editor, you can also write your own security tests for GraphQL APIs. See instructions for custom tests here. There are a few GraphQL-specific instructions that you can use -

  • add-

  • delete-

  • modify-

Run tests in CI/CD

You can also automate GraphQL Security Testing by using our GitHub action or pre-deployment hook to trigger tests in your CI/CD pipeline.

Feel free to write us at for any help.

Last updated