# API Scanning

> API Scanning discovers and tests REST and GraphQL APIs for security weaknesses.

Source: https://fmcybersecurity.com/en/products/aikido/api-scanning/
Locale: English
Other locale: https://fmcybersecurity.com/products/aikido/api-scanning/

API Scanning focuses on the APIs an application exposes. It finds these endpoints and tests them for security problems.

## What it is

This is security testing aimed at REST and GraphQL APIs. It discovers the endpoints that an application offers, then probes each one for weaknesses. The result is a clearer view of where APIs are at risk.

## Key capabilities

- Discovers REST and GraphQL API endpoints.
- Tests APIs for common security weaknesses.
- Covers both internal and public-facing APIs.
- Reports the issues it finds per endpoint.

## Who it's for

It suits teams that build or depend on APIs. It helps developers and security staff make sure endpoints are not left exposed. It fits applications that rely heavily on API traffic.

---

For the full documentation index, see https://fmcybersecurity.com/llms.txt
For the complete corpus as a single document, see https://fmcybersecurity.com/llms-full.txt