Content & Accessibility Check n°110 / 120

API endpoint security

This check tests common API paths (/api/, /api/v1/, /graphql) without authentication to see if data is returned. An API that returns data wi…

Analyse my site for free
← All checks
How it works

How TheSiteFuse checks "API endpoint security"

This check tests common API paths (/api/, /api/v1/, /graphql) without authentication to see if data is returned. An API that returns data without any valid token or session potentially exposes sensitive information to anyone. A 401 or 403 response indicates authentication is working correctly.

Why it matters

Real-world impact of "API endpoint security"

Unprotected APIs are often the cause of massive data breaches. A route that returns a user list, orders, or personal data without authentication is a critical flaw. It's not always intentional — sometimes the developer forgets to protect a test or staging endpoint.

Does your site pass this check?

Run the free full audit (120 checks) and instantly discover what needs fixing.

Previous Form field labels Next Technology / CMS detected

Other Content & Accessibility checks

Site accessible (HTTP 200)
Mobile compatibility (responsive)
Language declared
Favicon present
Continue with Google
or