diff --git a/.github/workflows/mapi.yml b/.github/workflows/mapi.yml
new file mode 100644
index 0000000..1229173
--- /dev/null
+++ b/.github/workflows/mapi.yml
@@ -0,0 +1,52 @@
+name: 'Mayhem for API'
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+    steps:
+    - name: Set up Go 1.x
+      uses: actions/setup-go@v2
+      with:
+        go-version: ^1.18
+
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v2
+
+    - name: Get dependencies
+      run: go get
+
+    - name: Build
+      run: GO111MODULE=on go build -v .
+
+    - name: start wakapi
+      run: ./wakapi --config config.default.yml &
+
+    - name: create a trivial testing user
+      run: sqlite3 wakapi_db.db "insert into users (id, api_key) values ('mapi', 'test-api-key')"
+
+    - name: Run Mayhem for API
+      uses: ForAllSecure/mapi-action@v1
+      continue-on-error: true
+      with:
+        mapi-token: ${{ secrets.MAPI_TOKEN }}
+        api-url: http://localhost:3000/api/
+        api-spec: static/docs/swagger.yaml
+        target: mayhemheroes/wakapi
+        duration: 1min
+        sarif-report: mapi.sarif
+        run-args: |
+          --header-auth
+          Authorization: Basic dGVzdC1hcGkta2V5
+
+    - name: Upload SARIF file
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: mapi.sarif