Detectify API Scanning is a dynamic API security testing solution that scans APIs for vulnerabilities and misconfigurations. The tool uses OpenAPI specification files to configure scan profiles and supports authentication setup for testing protected endpoints. The scanner employs a dynamic fuzzing engine that randomizes and rotates payloads with each scan rather than using fixed test conditions. For prompt injection testing, the engine can generate over 922 quintillion payload permutations, while command injection testing leverages a library of over 330,000 payloads. This approach provides ongoing assessment of API security posture. The platform tests for vulnerabilities including the OWASP API Top 10, such as Broken Object Level Authorization (BOLA), as well as SQL injection, cross-site scripting, server-side request forgery, command injection, XML external entities, and prompt injection. Additional coverage includes certificate issues, path traversal, remote file inclusion, server-side template injection, and various other injection types. Detectify incorporates research from Crowdsource, a community of over 400 ethical hackers who contribute vulnerability detection methods. New security checks can be implemented into the platform within 15 minutes of discovery. The tool provides unified API inventory and asset discovery capabilities, including detection of shadow APIs and undocumented endpoints. All testing is payload-based to reduce false positives. Scan scheduling and customization options allow teams to configure testing parameters based on their requirements.