# Secure SOAP APIs using Akto

### Introduction

You can use Akto to help you secure your SOAP APIs in the CI/CD pipeline:

* Automate SOAP [API Inventory](#api-inventory)
* Identify [Sensitive data exposure](#sensitive-data-exposure)
* [Run test](#run-owasp-top-10-tests) for OWASP API top 10 vulnerabilities
* Write your own [custom tests for SOAP APIs](#custom-soap-security-tests)
* [Run tests in CI/CD](#run-tests-in-ci-cd)

### API Inventory

Akto can automatically prepare an API Inventory for SOAP APIs. Use one of our [traffic connectors](/traffic-connector/traffic-data-sources.md) or upload WSDL files directly. Akto will populate the dashboard with all detected SOAP operations and their request/response structures.

You will see a separate entry for each SOAP action (operation) along with its endpoint. Click on an API to view its detailed request and response XML schema.

### Sensitive data exposure

Go to [Sensitive Data](/api-inventory/concepts/sensitive-data.md) to check if your APIs are sending sensitive or PII data in the API response. You can also [configure Slack/Webhook alerts](/api-inventory/concepts/alerts.md) to get notified in real-time when sensitive data is detected.

### Run OWASP Top 10 tests

Click on the **Run Test** button to start testing your SOAP APIs for OWASP Top 10 and HackerOne Top 10 vulnerabilities.

Akto will automatically generate security tests tailored to SOAP, including testing for XML injection, weak authentication, and insecure deserialization vulnerabilities.

### Custom SOAP security tests

Using Akto’s test editor, you can write your own security tests for SOAP APIs. See instructions for custom tests [here](/test-editor/concepts/custom-test.md).

Here are a few SOAP-specific test instructions you can use:

* add/modify SOAP headers
* inject payloads into XML body
* tamper SOAPAction value
* remove/alter XML nodes

### Run tests in CI/CD

You can automate SOAP API Security Testing by using our [GitHub action](/api-security-testing/how-to/run-test.md) or [pre-deployment hook](/api-security-testing/how-to/run-tests-in-cli-using-akto.md) to trigger tests in your CI/CD pipeline.

Feel free to write us at <support@akto.io> for any help.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.akto.io/api-security-testing/how-to/secure-soap-apis-using-akto.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.