I'm a security researcher. I deal with a lot of APIs. When it comes to security testing APIs, there aren't many tools for the job.
Most tools were built for web applications, especially for checking security flaws from legacy application server configurations, browser, session, account login, etc. But API has none of these issues.
When it comes to API security testing, a different tool is needed that can go deep into APIs, OAuth 2.0, and business-logic flaws rather than the legacy approach.
We came up with this simple tool that automatically security tests APIs. Please try this tool and get a free API security testing report for your public, mobile, and web APIs.
Here is the URL: