- 02 Jun 2022
- 4 Minutes to read
- Updated on 02 Jun 2022
- 4 Minutes to read
API security requires a holistic understanding of the application DNA. The security teams need to understand various factors like the generated events, API metrics, its DNA and how the DNA is changing. Its important to understand these factors to be able to identify anomalies or detect legacy and new threats. Identification of these new threats requires an understanding of the application context and user behavior to differentiate between threat actors and normal users. The API Endpoint details page provides you such detailed and deep level information about your API.
The Overview tab displays a variety of information starting from when the API was created to when it was last updated along with the service and domain it is attached to. This gives you a brief overview about the origin of the API. The overview tab also lets you know whether the API is authenticated or not along with the risk score assigned to it. For more information on risk scoring, see Configure risk score.
The Overview tab also gives important information about the different user roles using your API. Using this information you can quickly identify whether some unauthorized roles are using the API. You can also view the top vulnerabilities identified by Traceable. The Overview tab also displays the top 5 attack types and top 5 blocked attack types. One of the most important information displayed is the Active Attack Requests. Monitoring this information for an API Endpoint can help in quickly blocking such requests.
Traceable through its discovery process learns the API spec and identifies the sensitive data in request and response of the API. You can view as well as download the OpenAPI spec in YAML or JSON format. You can use the downloaded API spec with other applications, like, Postman. Traceable also lists the sensitive data it has discovered with the Open API spec. You can click on a specific sensitive data type, Traceable then highlights it in the Open API spec.
If you wish to download OpenAPI specification for a domain or an environment, you can use the APIs provided by Traceable. For more information, see OpenAPI specification operations.
API DNA is one of the most important and insightful information that Traceable provides. Application DNA is the collection of data that defines what an application is made up of, how those parts interact, how each of those parts behaves, and how the different users of the application interact with each of those parts. In modern applications, this data is continuously changing. Traceable keeps a track of this changing data which in turn helps you with a deeper insight into your API activity.
The API DNA tab provides you information regarding the number of API parameters that are discovered and the one's that are being learnt. It lists the number of:
- Path parameters
- Query parameters
- Body parameters
The API DNA tab also lists the number of sensitive data types Traceable has discovered. The DNA tab also displays a list of parameters that Traceable has discovered or is in the process of being learnt. You can mark any parameter as sensitive by hovering over the API parameter and clicking on the lock icon. If you wish to see more information about an API parameter, click on it. As Traceable continuously keeps monitoring even the learnt APIs, your API DNA may change with time.
Mark datatype as sensitive
You can mark a parameter type as sensitive from the API DNA tab. Hover your mouse on the parameter to mark it as a sensitive datatype and click on the lock icon. A datatype may belong to one or more than one Dataset. Make sure that the Dataset to which you want to add the sensitive datatype is available in the Dataset drop-down list. If it is not listed, then create one from Administration () > API Intelligence > Data Classification page. For more information, see Data Classification.
The Events tab displays all the security events specific to the API Endpoint for the selected time range. The Events tabs displays events from the two events categories, that is, SECURITY and BLOCKED events. For more information on Events, see Security events and Blocked events.
When a user sends a request, it creates a trace in the system. A traces may traverse through multiple services to serve the user request. The Traces tab displays the drill-down information about each request, its response and the attributes associated with the request. Traceable also displays the associated cookies. One of the important information provided by Traces tab is the Exit Calls. Using the Exit Calls information, you can know which backend or third-party services your API is making a call. This can be especially helpful to find any unauthorized third-party calls.
The Metrics tab displays detailed statistical information about the performance of the API Endpoint. You can monitor many different type of API performance information, for example, P50, P95, and P99 latency numbers. You can also view the error rate and error percentage during the selected time period. By monitoring the top status codes, you can infer the health of the API. If you see a large number of error status codes, something may be wrong with the API. The data transfer rate in the time period can also give you insights about the usage of the API. If, for example, you see unexpected data transfer rate for an API for which data transfer rate should be low, it may point to a possible breach in API security.
The Risk score is calculated based on likelihood and impact of a probable security breach. The Risk tab shows the current risk score based on various sub-components of likelihood and impact. For detailed information on the score is calculated, see Configure Risk Score.