diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/graphql/graphql_3.0.0.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/graphql/graphql_3.0.0.apk-conf
new file mode 100644
index 000000000..824a3fc04
--- /dev/null
+++ b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/graphql/graphql_3.0.0.apk-conf
@@ -0,0 +1,40 @@
+---
+name: "GraphQL API"
+basePath: "/graphql"
+version: "3.0.0"
+type: "GRAPHQL"
+id: "graphql-v3"
+defaultVersion: false
+subscriptionValidation: false
+endpointConfigurations:
+  production:
+    endpoint: "http://graphql-faker-service:9002/graphql"
+operations:
+  - target: "hero"
+    verb: "QUERY"
+    secured: true
+    scopes: []
+  - target: "reviews"
+    verb: "QUERY"
+    secured: true
+    scopes: []
+  - target: "search"
+    verb: "QUERY"
+    secured: true
+    scopes: []
+  - target: "character"
+    verb: "QUERY"
+    secured: true
+    scopes: []
+  - target: "droid"
+    verb: "QUERY"
+    secured: true
+    scopes: []
+  - target: "human"
+    verb: "QUERY"
+    secured: true
+    scopes: []
+  - target: "allHumans"
+    verb: "QUERY"
+    secured: true
+    scopes: []
diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/graphql/graphql_4.0.0.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/graphql/graphql_4.0.0.apk-conf
new file mode 100644
index 000000000..9e6a21d46
--- /dev/null
+++ b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/graphql/graphql_4.0.0.apk-conf
@@ -0,0 +1,40 @@
+---
+name: "GraphQL API"
+basePath: "/graphql"
+version: "4.0.0"
+type: "GRAPHQL"
+id: "graphql-v4"
+defaultVersion: false
+subscriptionValidation: false
+endpointConfigurations:
+  production:
+    endpoint: "http://graphql-faker-service:9002/graphql"
+operations:
+  - target: "hero"
+    verb: "QUERY"
+    secured: true
+    scopes: []
+  - target: "reviews"
+    verb: "QUERY"
+    secured: true
+    scopes: []
+  - target: "search"
+    verb: "QUERY"
+    secured: true
+    scopes: []
+  - target: "character"
+    verb: "QUERY"
+    secured: true
+    scopes: []
+  - target: "droid"
+    verb: "QUERY"
+    secured: true
+    scopes: []
+  - target: "human"
+    verb: "QUERY"
+    secured: true
+    scopes: []
+  - target: "allHumans"
+    verb: "QUERY"
+    secured: true
+    scopes: []
diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/graphql/graphql_rl.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/graphql/graphql_rl.apk-conf
new file mode 100644
index 000000000..8e52eee96
--- /dev/null
+++ b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/graphql/graphql_rl.apk-conf
@@ -0,0 +1,41 @@
+---
+name: "GraphQL API"
+basePath: "/graphql"
+version: "3.14"
+type: "GRAPHQL"
+id: "graphql-rl"
+defaultVersion: false
+subscriptionValidation: false
+endpointConfigurations:
+  production:
+    endpoint: "http://graphql-faker-service:9002/graphql"
+operations:
+  - target: "hero"
+    verb: "QUERY"
+    secured: true
+  - target: "reviews"
+    verb: "QUERY"
+    secured: true
+    scopes: []
+  - target: "search"
+    verb: "QUERY"
+    secured: true
+    scopes: []
+  - target: "character"
+    verb: "QUERY"
+    secured: true
+    scopes: []
+  - target: "droid"
+    verb: "QUERY"
+    secured: true
+    scopes: []
+  - target: "human"
+    verb: "QUERY"
+    secured: true
+    scopes: []
+  - target: "allHumans"
+    verb: "QUERY"
+    secured: true
+rateLimit:
+  requestsPerUnit: 1
+  unit: "Minute"
diff --git a/test/cucumber-tests/src/test/resources/artifacts/apk-confs/graphql/graphql_scopes.apk-conf b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/graphql/graphql_scopes.apk-conf
new file mode 100644
index 000000000..10aad3eff
--- /dev/null
+++ b/test/cucumber-tests/src/test/resources/artifacts/apk-confs/graphql/graphql_scopes.apk-conf
@@ -0,0 +1,39 @@
+---
+name: "GraphQL API"
+basePath: "/graphql"
+version: "3.14"
+type: "GRAPHQL"
+id: "graphql-scopes"
+defaultVersion: false
+subscriptionValidation: false
+endpointConfigurations:
+  production:
+    endpoint: "http://graphql-faker-service:9002/graphql"
+operations:
+  - target: "hero"
+    verb: "QUERY"
+    secured: true
+  - target: "reviews"
+    verb: "QUERY"
+    secured: true
+    scopes: []
+  - target: "search"
+    verb: "QUERY"
+    secured: true
+    scopes: []
+  - target: "character"
+    verb: "QUERY"
+    secured: true
+    scopes: []
+  - target: "droid"
+    verb: "QUERY"
+    secured: true
+    scopes: []
+  - target: "human"
+    verb: "QUERY"
+    secured: true
+    scopes: []
+  - target: "allHumans"
+    verb: "QUERY"
+    secured: true
+    scopes: ["wso2"]
diff --git a/test/cucumber-tests/src/test/resources/tests/api/GraphQL.feature b/test/cucumber-tests/src/test/resources/tests/api/GraphQL.feature
index eb04dd38d..dc3b2502b 100644
--- a/test/cucumber-tests/src/test/resources/tests/api/GraphQL.feature
+++ b/test/cucumber-tests/src/test/resources/tests/api/GraphQL.feature
@@ -18,6 +18,7 @@ Feature: Generating APK conf for GraphQL API
         And I eventually receive 200 response code, not accepting
             | 429 |
             | 500 |
+        And the response body should contain "\"name\":\"string\""
 
     Scenario: Undeploy API
         Given The system is ready
@@ -25,6 +26,90 @@ Feature: Generating APK conf for GraphQL API
         When I undeploy the API whose ID is "graphql-without-sub"
         Then the response status code should be 202
 
+    Scenario: Deploying GraphQL API with scopes
+        Given The system is ready
+        And I have a valid subscription
+        When I use the APK Conf file "artifacts/apk-confs/graphql/graphql_scopes.apk-conf"
+        And the definition file "artifacts/definitions/graphql_sample_api.graphql"
+        And make the API deployment request
+        Then the response status code should be 200
+        Then I set headers
+            | Authorization | bearer ${accessToken} |
+        And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ allHumans { name } }\"}"
+        And I eventually receive 403 response code, not accepting
+            | 429 |
+            | 500 |
+        Given I have a valid subscription with scopes
+            | wso2 |
+        Then I set headers
+            | Authorization | bearer ${accessToken} |
+        And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ allHumans { name } }\"}"
+        And I eventually receive 200 response code, not accepting
+            | 429 |
+            | 500 |
+
+    Scenario: Undeploy API
+        Given The system is ready
+        And I have a valid subscription
+        When I undeploy the API whose ID is "graphql-scopes"
+        Then the response status code should be 202
+
+    Scenario: Deploying a ratelimited GraphQL API
+        Given The system is ready
+        And I have a valid subscription
+        When I use the APK Conf file "artifacts/apk-confs/graphql/graphql_rl.apk-conf"
+        And the definition file "artifacts/definitions/graphql_sample_api.graphql"
+        And make the API deployment request
+        Then the response status code should be 200
+        Then I set headers
+            | Authorization | bearer ${accessToken} |
+        And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ allHumans { name } }\"}"
+        And I eventually receive 200 response code, not accepting
+            | 429 |
+            | 500 |
+        And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ allHumans { name } }\"}"
+        Then the response status code should be 429
+
+    Scenario: Undeploy API
+        Given The system is ready
+        And I have a valid subscription
+        When I undeploy the API whose ID is "graphql-rl"
+        Then the response status code should be 202
+
+    Scenario: Deploying multiple versions of a GraphQL API
+        Given The system is ready
+        And I have a valid subscription
+        When I use the APK Conf file "artifacts/apk-confs/graphql/graphql_3.0.0.apk-conf"
+        And the definition file "artifacts/definitions/graphql_sample_api.graphql"
+        And make the API deployment request
+        Then the response status code should be 200
+        When I use the APK Conf file "artifacts/apk-confs/graphql/graphql_4.0.0.apk-conf"
+        And the definition file "artifacts/definitions/graphql_sample_api.graphql"
+        And make the API deployment request
+        Then the response status code should be 200
+        Then I set headers
+            | Authorization | bearer ${accessToken} |
+        And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.0.0" with body "{\"query\":\"{ allHumans { name } }\"}"
+        And I eventually receive 200 response code, not accepting
+            | 429 |
+            | 500 |
+        And the response body should contain "\"name\":\"string\""
+        And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/4.0.0" with body "{\"query\":\"{ allHumans { name } }\"}"
+        And I eventually receive 200 response code, not accepting
+            | 429 |
+            | 500 |
+
+    Scenario Outline: Undeploy API
+        Given The system is ready
+        And I have a valid subscription
+        When I undeploy the API whose ID is "<apiID>"
+        Then the response status code should be <expectedStatusCode>
+
+        Examples:
+            | apiID      | expectedStatusCode |
+            | graphql-v3 | 202                |
+            | graphql-v4 | 202                |
+
     Scenario: Deploying APK conf using a valid GraphQL API definition with mTLS mandatory and valid certificate
         Given The system is ready
         And I have a valid token with a client certificate "config-map-1.txt"
@@ -39,6 +124,7 @@ Feature: Generating APK conf for GraphQL API
         And I eventually receive 200 response code, not accepting
             | 429 |
             | 500 |
+        And the response body should contain "\"name\":\"string\""
 
     Scenario: Undeploy API
         Given The system is ready
@@ -81,12 +167,14 @@ Feature: Generating APK conf for GraphQL API
         And I eventually receive 200 response code, not accepting
             | 429 |
             | 500 |
+        And the response body should contain "\"name\":\"string\""
         Then I set headers
             | Authorization | bearer ${accessToken} |
         And I send "POST" request to "https://default.gw.wso2.com:9095/graphql/3.14" with body "{\"query\":\"{ allHumans { name } }\"}"
         And I eventually receive 200 response code, not accepting
             | 429 |
             | 500 |
+        And the response body should contain "\"name\":\"string\""
         And I have a valid token with a client certificate "invalid-cert.txt"
         Then I set headers
             | Authorization             | bearer ${accessToken} |
@@ -113,6 +201,7 @@ Feature: Generating APK conf for GraphQL API
         And I eventually receive 200 response code, not accepting
             | 429 |
             | 500 |
+        And the response body should contain "\"name\":\"string\""
 
     Scenario: Undeploy API
         Given The system is ready
@@ -134,7 +223,7 @@ Feature: Generating APK conf for GraphQL API
         And generate the APK conf file for a "GRAPHQL" API
         Then the response status code should be 400
 
-    Scenario Outline: Undeploy API
+    Scenario: Undeploy API
         Given The system is ready
         And I have a valid subscription
         When I undeploy the API whose ID is "graphql-with-sub"