API Security Router

This is the routing entry point for API security testing.

Use this skill first to decide whether the API issue is mostly recon/docs, object authorization, token trust, or GraphQL/hidden parameters, then route to a deeper topic skill.

When to Use

The target exposes REST APIs, mobile backends, or GraphQL endpoints
You need to define API testing order before going into specific topics
You want to handle object authorization, JWT, GraphQL, and hidden fields as separate tracks

Skill Map

API Recon and Docs: OpenAPI, Swagger, version drift, hidden documentation
API Authorization and BOLA: BOLA, BFLA, method abuse, hidden writable fields
API Auth and JWT Abuse: bearer token, header trust, claim abuse, rate-limit bypass
GraphQL and Hidden Parameters: introspection, batching, undocumented fields, hidden parameters

Related skills

More from yaklang/hack-skills

Installs

523

Repository

yaklang/hack-skills

GitHub Stars

620

First Seen

Apr 8, 2026

Security Audits

Gen Agent Trust HubPass

SocketPass

SnykPass

api-sec

API Security Router

When to Use

Skill Map

More from yaklang/hack-skills

hack

xss-cross-site-scripting

sqli-sql-injection

ssrf-server-side-request-forgery

api-auth-and-jwt-abuse

api-recon-and-docs