API Protection

  • Published on Mar 14, 2025
  • 2 minute(s) read

The API Protection Policy enables you to monitor and disable threats for a pre-defined set of threat types meant to target your APIs. This policy helps your security teams protect your application ecosystem from API attacks such as JWT Anomaly, Session Violation, Account Takeover, etc.

API Protection Policies

API Protection Policy

Key Features

The following are the features of the API Protection Policy tab:

Features

Description

Threat Type/Threat Rule List

It shows pre-defined API Protection rules categorized by Threat Types by default—for example, Session Violation.

Rule Information

Shows the following details for each rule:

  • Info — Click the Info () icon to view the Description, Impact, Mitigation, and References of a Threat Rule/Type.

  • Labels — Threat classification based on the OWASP API Security and CWE references.

Severity Levels

Shows the severity assigned to a rule indicating the impact of the threat it detects.

Actions

It shows the action that Traceable should take regarding the threat detected by the rule. You can configure the following actions for a rule:

  • Monitor — Logs and monitors the threat, but does not block the request.

  • Disable — Turns the rule off, which means no monitoring.

While you can configure the above action for each threat rule, each Threat Type row shows the count of threat rules categorized by the configured action.

Status

Shows the current status of a Threat Type, Enabled or Disabled.

Note

Disabling a threat type disables all threat rules under it.

Filtering and Grouping

You can filter and/or group rules using the Filter () icon and Group By drop-down.

Policy Management

Policy management follows a hierarchical structure in Traceable, meaning enabling or disabling policies at an environment level or granular levels. You can manage the components within the API Protection policy tab at the following levels:

API Protection Policy Management

API Protection Policy Management

  • Environment Level — You can select the environment from the page’s top right corner and enable or disable the policy from the Status drop-down at the top of the tab. This enables or disables all the threat types collectively on the selected environment.

    Note

    Aggressive rules are disabled by default.

  • Threat Type Level — You can use the Toggle next to the Threat Type to enable or disable the threat rules under it. This enables or disables all the threat rules under it.

  • Threat Rule Level — You can use the Action drop-down next to a Threat Rule to enable (Monitor or Block) or disable (Disable) it.

While enabling the WAF policy at the environment level enables all threat types, you can also enable or disable the individual threat types/rules as required. Similarly, when you enable a threat type, you can manage the rules independently.

Overrides in Threat Type/Rule Actions

Modifying the action (enable or disable) for a threat type/rule in a specific environment overrides the default action set at the Environment Level. If you switch back to viewing the actions across All Environments, Traceable shows an Override () icon corresponding to the modified threat, which upon hovering, shows the environments in which the action has been customized.

For example, let’s say you set a Threat Rule to Block at the All Environments level, and you navigate to the Sandbox environment and change the action for the same rule to Monitor. Now, when you switch to All Environments from the Environment drop-down, Traceable, through the override icon shows that the global action has been overridden in the Sandbox environment.

Traceable, through the Override icon, ensures visibility into the environment-specific configurations, allowing you to track and manage threat types/rules effectively.