DAST

Coding custom integrations with GraphQL API

• Last updated: April 7, 2026

• Read time: 2 Minutes

If Burp Suite DAST doesn't have a built-in integration for the platform where your APIs are stored, you can use the GraphQL API to push API definitions into API finder from any source. You can use this to discover OpenAPI and SOAP WSDL definitions, and Postman Collections.

When to use a custom integration

Burp Suite DAST provides a built-in connector for Amazon API Gateway. If your APIs are managed there, you can connect directly to API finder without any scripting.

Use a custom integration if your APIs are stored somewhere that doesn't have a built-in connector. For example:

• API definitions stored in Git repositories alongside application code.
• Internal service catalogs or custom-built API registries.
• Any other source that your team maintains separately from an API management platform.

Creating a custom integration

To create an integration using the GraphQL API:

1. Create an API user. For more information, see Creating API users.

2. Add the API user to the API Uploaders group. For more information, see Role-based access control.

3. Write a script using the GraphQL API, to push APIs into API finder. For more information, see Getting started with the GraphQL API.

4. Use API finder to review APIs, and create sites for them. For more information, see Creating sites for added APIs.

5. When your APIs change, run your script again with the same unique_id. This tells Burp Suite DAST to update the API, instead of creating a new one.