Platform API
Last updated: Mar 24, 2026
The Fluid Attacks API is built as a GraphQL service where you can consume data using a common query language. GraphQL provides a single endpoint (app.fluidattacks.com/api) for making requests using queries (to fetch data) and mutations (to create, update, or delete data).
If you are already familiar with GraphQL, feel free to jump ahead to "Learn the basics of the Fluid Attacks API".
Recommendations for new GraphQL users
Here are some recommendations for developers unfamiliar with GraphQL:
- Understand what GraphQL is: Gain foundational knowledge of GraphQL, including its functionalities and how to construct queries for a GraphQL endpoint. It is advisable to refer to the official GraphQL introduction.
- Learn to make queries and mutations: Before diving into the API, grasp the concepts of queries and mutations as they form the core operations over any GraphQL endpoint.
- Explore the Fluid Attacks API with the help of this documentation: Once you have grasped basic GraphQL concepts (queries, mutations, fields, and arguments), proceed to explore the API at app.fluidattacks.com/api following the examples below and then those in "Learn the basics of the Fluid Attacks API".
Examples
Retrieving user role
This example is to retrieve your role in the Fluid Attacks platform. Before proceeding, you should log in to app.fluidattacks.com.
query {
me {
role
}
}Retrieving groups
This example enhances the previous query to retrieve information about your groups. Since groups are a list of projects (which are GraphQL entities), you must specify the desired information from them (in this case, their names).
query {
me {
organizations {
groups {
name
}
}
}
}Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.