AppCheck API Scanner is a dynamic application security testing tool designed to identify vulnerabilities in APIs. The scanner supports multiple API types including REST (JSON), SOAP (WSDL), and GraphQL, providing comprehensive security coverage across different API architectures. The tool performs endpoint discovery through SPA crawling and GraphQL introspection, automatically generating fixture data from Swagger and GraphQL schemas. It includes advanced authentication support, maintaining active sessions and handling various authentication mechanisms such as TOTP and OAuth. The scanner implements request signing capabilities, including HMAC support and AWS v4 request signing, with chainable rules for complex custom signature requirements. It conducts contextual probing of individual API methods and performs payload-based testing to confirm real vulnerabilities. The platform identifies authorization flaws, permission issues such as IDOR (Insecure Direct Object References), and provides comprehensive OWASP vulnerability coverage including injection attacks, XSS, and remote code execution. It supports multi-domain scanning, covering both backend APIs and frontend single-page applications within the same scan. AppCheck provides detailed diagnostic output for manual review and offers remediation guidance based on best practices from OWASP, MITRE, and in-house experts. The scanner can be integrated into the application lifecycle from development through production environments.