API Discovery
AppTrana’s API Discovery feature provides complete visibility into all APIs operating within your application environment. By continuously monitoring traffic, AppTrana automatically discovers known, unknown, shadow, and orphaned APIs, helping security teams validate exposure, review configurations, and assign protection controls.
Go to API Security and select the API Discovery option
Summary
This section summarizes your API landscape and highlights what needs attention at a glance.
| Metrics | Description |
| Total Discovered APIs | Number of APIs automatically identified from live traffic. |
| Pending Discovery APIs | APIs detected but not yet fully categorized or processed. |
| APIs Awaiting Review | APIs requiring manual assessment, tagging, or configuration. |
| Total Reviewed APIs | APIs already validated by the user. |
| Sensitive APIs | APIs flagged for handling critical or sensitive data (e.g., PII, financial info). |
Discovered APIs
A detailed view of all identified API endpoints, their methods, status, and metadata. This is the core working area where all discovered APIs are listed.
Key Sections
Import History
This dropdown shows previous import actions if users uploaded an API spec (OpenAPI/Swagger) to compare or validate.
Allows searching APIs by: Name, Label or Type
Filters
Three filter types help refine the list:
- Method: GET, POST, PUT, DELETE, etc.
- Type: Sensitive APIs, Authenticated APIs
- Status: Pending Review, Pending Discovery, Approved, etc
Upload APIs
- Users can upload API specification files to compare with discovered endpoints and detect undocumented or missing APIs.
- Click Upload APIs
- A pop-up opens to upload a swagger file.
- Once the file is added, click open.
After the file uploads successfully, the system displays the file's information, including the number of endpoints used, the remaining endpoints for scanning, the file name, and the upload date and time.
Discovered APIs Table
All the APIs discovered during onboarding are displayed on the table, giving users clarity on how every endpoint is identified, classified, and monitored.
| Parameters | Description |
| Endpoint | The discovered API path grouped hierarchically to show related endpoints. |
| Methods | HTTP methods observed for the endpoint, such as GET, POST, PUT, |
| Authenticated | Indicates whether authentication was required (locked = Yes, authenticated, unlocked = No, unauthenticated). |
| API Status | Current review or security state of the API (Pending Review, Approved, Sensitive, Protected, Not Configured). |
| Actions | Options to configure, protect, tag, or classify the API. |
| Tag | Custom labels assigned to categorize APIs The APIs that consist of tags are considered as sensitive APIs. (PII_Address)
|
| Discovered On | Timestamp showing when the API was first detected from live traffic. |
Configure Discovery Policy
- The Configure Discover Policy panel helps you review and control every API that AppTrana discovers. It ensures each endpoint is validated, classified, and protected based on how it behaves in your live traffic.
- Click Configure
AppTrana opens the Configure Discover Policy panel. The panel is organized into three tabs:
1. General Tab
This tab helps you define the identity and purpose of the API.
What you can configure:
Field | Description |
| End Point | The discovered API path captured from live traffic. |
| Status | Sets the API’s review category—Approved, Deprecated, Blocked |
| Auth Required | Specifies whether the API should be accessible only with authentication (Yes / No). |
| Tags | Add custom labels to group APIs based on business or functional categories. You can add multiple tags to an API. Click the + icon to add a new tag. Use the edit icon to rename an existing tag. Use the delete icon to remove a tag.
|
2. Details Tab
This tab provides a traffic-driven breakdown of how the API is being used. These insights help validate whether the API is behaving as expected.
Information shown:
Section | Description |
| Methods Identified | HTTP methods seen in real traffic for this endpoint. |
| Path Parameters | URL path variables automatically extracted from requests. |
| Query Parameters | Query string parameters observed during discovery. |
| Body Parameters | Fields identified within request payload bodies. |
3. Policy Enforcement Tab
This tab lets you enforce strict control over how the API is allowed to function.
Policies available:
Policy | Description |
| Block this API | Fully restricts access to the endpoint. |
| Block new methods | Only permits previously observed HTTP methods. |
| Enforce Path Parameters | Blocks requests containing unknown URL patterns. |
| Enforce Query Parameters | Allows only known query fields based on discovered traffic. |
| Enforce Body Parameters | Ensures only recognized body attributes are permitted. |
All enforcement rules apply across all detected methods for the endpoint.
Approve, Block or Download
The API Discovery page allows you to perform bulk actions on multiple APIs at once. This helps you quickly manage API states, apply restrictions, or export data when working with a large set of endpoints.
Selecting APIs
- Use the checkboxes next to each API to select one or more endpoints.
- Once APIs are selected, the bulk action bar becomes active.
Available Bulk Actions
Bulk Action | Description |
| Approve | Approves the selected APIs and marks them as trusted/allowed. |
| Block | Blocks the selected APIs, preventing further access or traffic. |
| Download | Downloads the selected APIs’ metadata, logs, or related configuration details (based on product capability). |
