📊GraphQL API Vulnerabilities

Enumerate GraphQL Endpoints

Universal Queries

Request

query{__typename}

Response

{"data": {"__typename": "query"}}

Common Endpoints

/graphql
/api
/api/graphql
/graphql/api
/graphql/graphql

Request Methods

• GET: use a content-type of x-www-form-urlencoded

• POST: have a content-type of application/json