Help Center
Release Notes
Indusface
Help Center
Release Notes
Indusface
AppTrana
OverviewOnboarding to AppTranaComparison between Old Portal and New Portal
Dashboard
Groups & Assets
Protection StatusDiscover AssetsDiscover APIsDNS Management
Manage Assets
WAAP
Vulnerability
Attacks
Bandwidth
Actions
Logs & Reports
License & Utilizatiion
Settings
Profile
Others
Indusface WAS
Additional Resources
Zero-Day Vulnerability Reports
Security Bulletins
Vulnerability data
Vulnerabilities 2024
Other Vulnerabilities
AppTrana API Integration
Indusface Partner APIsUpdate Origin Server Address through API Call

Discover APIs

Introduction 

 

API Security Policies play a crucial role in safeguarding the communication between systems and ensuring that APIs are properly managed and protected. These policies are particularly important once a website has been onboarded and successfully accessed, as they provide a framework for discovering, securing, and monitoring APIs. 

In this document, we will explore how API Security Policies facilitate the discovery of APIs. 

  • Navigate to Groups & Assets > Discover & Manage
  • Select the application. 
  • Go to Discovered APIs Section. 


Discovered APIs 

 

All the APIs discovered during onboarding are displayed on the table.  

Attribute Description 
API Endpoint The API endpoint column displays the full URL or path of the API that was discovered during the onboarding process. 
Discovered on This field shows the date and time when the API was discovered 
Method The HTTP method (e.g., GET, POST, PUT, DELETE) indicates the type of requests that can be made to the API. 
Param The header parameters column lists the HTTP headers that are associated with the API. These are typically used for authentication, content-type specification, and other necessary metadata for making requests to the API. 
Tag 

We have three different tags. 

PCI – Payment Card Information 

Deals with payment cards, such as credit cards and debit cards 

PII – Personally Identifiable Information 

Deals with a broad range of personal information. 

PHI – Protected Health Information 

Deals with health-related data.  

Status The action which is applied on the endpoint. 
Action 

Each discovered API has options for further action. These actions allow administrators to manage the API's lifecycle and security posture directly from the table. Available actions typically include: 

Deprecate: Marks the API as deprecated, signaling to users that it is no longer recommended for use. 

Approve: Approves the API for use, confirming that it meets necessary security and operational standards. 

Block: Blocks access to the API, preventing any interactions with it from users or systems. 

 

API Policies and Configuration 

 

  • Go to WAAP > List of rules & Policies > API
  • The approved and deprecated policies are displayed in the API table. 
  • The API section allows users to do various actions, upload APIs, download APIs, enable/disable APIs, configure, and so on. 

 

1. Upload APIs 

 

  • Click Upload APIs
  • A confirmation pop-up opens. Click Confirm to proceed further.

 

  • A new pop-up screen opens that allows customers to upload the swagger file. Click Upload. 

 

  • After the file uploads successfully, the system displays the file's information, including the number of endpoints used, the remaining endpoints for scanning, the file name, and the upload date and time. 

 

2. Download APIs 

 

  • Click Download APIs
  • Once the file is downloaded, customers can edit the JSON file and upload it again. 

 

3. Enable/Disable Policy 

 

  • The checkbox given in Enable/Disable field allows users to enable or disable a policy. 
  • Based on the action taken ( enabled or disabled), security model gets updated accordingly. 

 

4. Positive Security Model 

 

Positive security entails restricting API access to only what the customer explicitly permits, deprecating, or blocking all others. It prioritizes allowing authorized actions and enhancing control over API usage and security. 

  • Click Configure button of any endpoint. 
  • Select the checkbox to enable positive security model. 
  • You can configure the security model for three parameters: body, path, and query. 
  • When an API includes parameters, you can adjust the security model accordingly.  

Example:  If an API has only body parameters and no query or path parameters, enabling the security model will activate only the body actions. 

 

  • Block Action - Access to API is blocked. 
  • Allow Action - Access to API is allowed. 

 

5. Block All requests for this API 

 

When a customer selects the option Block All Requests For This API, the system disables the positive security model for the API and blocks access to API. 

 

 

6. API Classification by Tags 

 

This classification categorizes APIs based on their functionality, such as authentication, Data sensitive like PII or PHI, and more. By understanding the nature of APIs, customers can: 

  • Prioritize vulnerabilities: Focus on the most critical risks to your organization. 
  • Improve security posture: Identify and address potential security gaps more efficiently. 
  • Streamline compliance efforts: Ensure adherence to industry standards and regulations. 

 In Configure API Policy field, Tags section is available. Customers can add multiple tags based on their preference. 

 

7. Un deprecate an API 

 

  • Download the API file. 
  • Open the API file in any notepad. 
  • Enter false in the deprecated field. 
  • Save the API file. 
  • Re-upload the saved file again. 
  • APIs will be un deprecated automatically. 

 

Was this helpful?

Powered by Product Fruits