- 01 Dec 2021
- 2 Minutes to read
- Updated on 01 Dec 2021
- 2 Minutes to read
This topic explains the API discovery process at a high-level, discovered, under-discovery, and updated API details.
Traceable discovers edge APIs as well as internal APIs or services in your infrastructure. The API endpoint discovery is a multi-step process in which Traceable builds a learning model by observing URLs, headers, request and response bodies in the span.
Traceable starts the API endpoint discovery process when it detects a non-error (for example 2xx and 3xx) message response, for example, 200-OK from the backend server. API endpoint discovery process on a valid response from the backend server is necessary because hackers scan the system with random invalid URLs. API creation based on non-existent URLs would lead to a large number of incorrect APIs leading to unnecessary data on the UI.
API discovery is a multi-stage process. When Traceable completes the discovery process, it identifies an API as a combination of a method and a valid path. For example,
GET /products/catalog is a different API than
POST /products/catalog. Following are high-level stages of the discovery process:
- A non-error code API response is detected. The API discovery process starts.
- Traceable starts learning about the API and names it based on the method and URLs that it detects. The API at this stage is said to be discovered.
- APIs are categorized based on the types of users and the user requests.
- Traceable continues to learn about the newly discovered APIs and starts detecting attacks and anomalies on them. During this period of learning, Traceable calculates and sets the thresholds for attack and anomaly detection.
The APIs move through the following three states:
- Under discovery - Displayed with a purple dot on the API Endpoints page. You can view them under discovery APIs, by selecting Show Undiscovered APIs by clicking on the gear ()icon.
- New - Displayed with a green dot on the API Endpoints page.
- Updated - Displayed with a blue dot on the API Endpoints page.
On the API Endpoints page, you can filter the endpoints based on:
- Status of discovery, either new or updated API
- The tags applied - critical, external, sensitive, or sentry
- Level of risk associated with the API - high, medium, or low risk
- Discovered domains for APIs
Updated API details
You can view the updates to an existing API by clicking on it. When you click on an API that is marked with a blue dot, it opens a window to display the new parameters that Traceable has discovered. The new parameters are marked with a green dot as shown in the screenshot below.
You can also view the updates in the DNA tab from the API Endpoint details page.