Table of Contents

API Discovery Feature

Rama Sadhu Updated by Rama Sadhu

We've released a new feature in AppTrana called "API Discovery, " which will help you quickly identify all your API resources.  

Here's a 5-min walkthrough video:  

The API Security Policies are useful to discover the APIs once the website is onboarded and accessed successfully. 

  1. Select Protect > Select website > API Security Policies. 
  2. Select any time span such as Last 24Hrs (or) Last 7 Days (or) Last 30Days to study the overall performance. 

 (or) 

  1. Set time span – Click on the “From Date” field and “To Date” field to select date along with the time and click Apply.
  2. Once the time span selected, the total number of APIs, Discovered APIs, Blocked APIs, and Deprecate APIs.

Policies Performance 

Top APIs 

The top 5 APIs data, based on hits, along with the request count is displayed in descending order.

 

Total Requests/ API 

The following graph displays the total number of requests received from the top 5 APIs along with the date. 

Click an API from Top API section to display the total request per API. 

Discovered APIs 

Once an API application is onboarded successfully, the APIs associated with the application are displayed in this table. 

 The table displays the total list of APIs, time of APIs discovered, and API’s Path. 

  • Click checkboxes to select the multiple APIs or API. 
  • Once APIs/API selected click on Approve or Deprecate button.

Actions

Descriptions

Approve

The discovered API is approved to apply the positive security model

Deprecate

The discovered API s deprecated from customer’s point of view and can either be in log mode or completely blocked

APIs discovered under API Discovery are not protected by default with WAF rules. Confirmation from customers is required to determine which APIs should be protected.

  • When the user clicks Deprecate button, a confirmation pop-up appears to only deprecate or also to block the APIs/API. 
Only Deprecate or Block actions take effect after clicking "Deprecate." This means APIs marked as deprecated from the customer's perspective can operate in log mode or be entirely blocked.
  • The approved and deprecated APIs/ API list shown in the Policies table. 
  • The deprecated APIs will have a symbol beside their name.

Positive Security Model

Positive security entails restricting API access to only what the customer explicitly permits, deprecating, or blocking all others. It prioritizes allowing authorized actions and enhancing control over API usage and security. 

How to Undepreciate the API? 

 

  1. Download the API file. 
  2. Go to the API and enter false in the deprecated field.
  3. Save the API file. 
  4. Re-upload the saved file again. 
  5. API will be undeprecated automatically. 

Policies 

The approved and deprecated APIs will be displayed. From the below table users can take action against the APIs/API. 

  1. The HTTP Method of the API, API path, query, body, and so on are displayed. 
  2. Click Enable Now to enable the policy and a confirmation pop-up appears to enable or not. Click Yes to enable the policy.
  3. In Action field, users have the option to Edit the policy or Block the policy. 
  4. Click Edit API Policy to allow or block the path. Select the Path Action and click Save to update changes.
  5. Click the block icon to block the API policy.

    Download APIs 

    Click on the Download APIs button. 
     A confirmation pop-up appears and click Confirm to download.
    Once the API file is downloaded, the user can edit the APIs and upload again. 

    Upload APIs 

    Click the Upload APIs button. A confirmation pop-up appears and click Confirm to upload the API file. 
    In Swagger File field click Choose File button.

    Action Trend

    The following pie chart displays the total percentage of Allowed and Blocked APIs separately. 

     Time Trend 

    The following trend displays the total count of API Requests Allowed and Blocked with respect to time.

    Request Details 

    The following table explains the requests received from the APIs along with the time, origin of the country request received, and IP address. 
    Select any parameter in Title field and enter the respective value in search bar to filter the request details. 
    • Payload is an input entered in the Area.  
    • Example: for GET API, Area will be Path parameter and for POST API, Area will be body parameter. 
    Action field represents the request API allowed or blocked. 

How did we do?

API Request to Purge CDN Data

Contact

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.