> ## Documentation Index
> Fetch the complete documentation index at: https://docs.apyguard.com/llms.txt
> Use this file to discover all available pages before exploring further.

# ApyGuard: API Security Platform for Modern Teams

> ApyGuard is an API security and posture management platform that helps teams discover, assess, and continuously monitor API risk across their environments. It connects to API assets and collections, analyzes authentication and exposure, runs security scans, and helps identify vulnerabilities, sensitive data risks, and authorization weaknesses before they become incidents.

## What ApyGuard does

ApyGuard helps teams understand, test, and improve the security of their APIs from one platform. Instead of relying on manual checks alone, security and engineering teams can use ApyGuard to organize API assets, configure authentication, run scans, and review prioritized findings with clear remediation context.

<CardGroup cols={2}>
  <Card title="Asset discovery" icon="folder">
    Organize API assets, collections, and environments in one place so teams can manage API security coverage with clarity.
  </Card>

  <Card title="Authentication-aware testing" icon="key">
    Configure token, login-based, OIDC, and OAuth2 authentication so protected endpoints can be tested correctly.
  </Card>

  <Card title="Security scanning" icon="shield-check">
    Run API security scans to identify vulnerabilities, exposure risks, and weak API protections.
  </Card>

  <Card title="Authorization analysis" icon="lock">
    Evaluate role-based access patterns and detect authorization weaknesses across endpoints and user roles.
  </Card>

  <Card title="Sensitive data detection" icon="file-warning">
    Detect exposed sensitive data and response patterns that may create privacy or compliance risk.
  </Card>

  <Card title="Risk visibility" icon="chart-bar">
    Review findings, risk scores, and remediation context so teams can prioritize the issues that matter most.
  </Card>
</CardGroup>

## How it works

ApyGuard supports a practical API security workflow:

1. **Create an asset** to represent the API environment you want to monitor.
2. **Import an API collection or specification** so ApyGuard can understand the available endpoints.
3. **Configure authentication** using the method that matches your API.
4. **Choose scan settings** such as endpoints, security options, and testing scope.
5. **Run scans** against the API surface you want to validate.
6. **Review findings** including vulnerabilities, authorization issues, and sensitive data risks.
7. **Improve posture** by fixing issues and repeating scans as your API evolves.

## Who ApyGuard is for

* Security teams that want continuous visibility into API risk
* Developers who need actionable feedback during validation and release workflows
* Platform and engineering teams responsible for API governance
* Organizations managing multiple APIs across different environments

## Next steps

<CardGroup cols={2}>
  <Card title="Quick Start" icon="rocket" href="/get-started/quick-start">
    Create your first asset, configure authentication, and prepare your first scan.
  </Card>

  <Card title="Authentication Setup" icon="book-open" href="/authentication/overview">
    Learn how to configure token, login URL, OIDC, and OAuth2 authentication.
  </Card>
</CardGroup>
