f:["$","$L17",null,{"module":{"slug":"module-14","title":"API Reconnaissance","description":"Discovering and mapping undocumented API endpoints (Swagger/GraphQL).","order":14,"sections":[{"id":"docs","title":"Swagger / OpenAPI","type":"content","content":"\n

\n Developers often leave documentation public.\n

/api/docs
/swagger-ui.html
/v2/api-docs

These paths list every single API endpoint, expected parameters, and data types.

\n "},{"id":"graphql","title":"GraphQL Introspection","type":"content","content":"\n

One Endpoint to Rule Them All

\n GraphQL usually has one endpoint: `/graphql`.\n
\n If Introspection is enabled, you can query the schema to see all data the database holds.\n

\n "},{"id":"quiz","title":"API Quiz","type":"quiz","quizQuestions":[{"id":1,"type":"true-false","question":"Swagger UI provides a list of API endpoints and allows you to test requests directly in the browser.","options":["True","False"],"correct":"True"}]}]},"courseSlug":"web-reconnaissance","nextModuleSlug":"module-15"}]