Endpoint details

API security requires a holistic understanding of the application DNA. The API endpoint details page provides you with a comprehensive view of your API, including its activity, performance, and security. The page highlights malicious behaviors observed in the API, its OpenAPI specifications, and detailed trace information. It also provides APIs performance metrics, such as, error and latency rates, along with detailed information about the API DNA, which tracks the API’s behavior and structure over a period of time. Using the Endpoint details page, you can monitor your APIs, analyze issues, and take measures to secure them effectively.

To view this page, navigate to the Catalog → Inventory → API Endpoints tab and click the API for which you want to view the details.

Overview

The Overview tab shows a variety of information using the following sections:

• Details — This section contains the following information:

  • Service and domain associated with the API.

  • The time at which the API was created and last updated.

  • The auth type, encryption, and type of API.

  • The source and environment of the API.

  • The ownership of the API.

• Risk Score — This section highlights the risk score assigned to the API. This score is calculated based on various contributors. For more information on risk scoring, see Risk score. The section also highlights the contributors to the risk score. You can expand each contributor to view detailed information about it. You can also create Jira issues to remediate each issue. To do so, click Create corresponding to the contributor, specify the details in the pop-up, and click Create.

  Note

  You must integrate Jira with Traceable to be able to create Jira issues. For information on setting it up, see Jira integration.

• User Roles — This section highlights the different user roles using your API. You can use this information to identify any unauthorized roles using the API. The section also displays a chart with the number of requests per user role and total requests to the API. For more information, see User Attribution.

• Requests — This section highlights the total number of API requests and include a time series chart showing the requests at a particular time. It also shows another time series chart with the active attack requests and blocked requests, along with the top 5 detected attack types and top 5 blocked attack types listed below it. You can use this information to block specific API requests quickly.

• Open API Spec — Traceable learns the API spec throughout its discovery process and identifies sensitive data in API requests and responses. This section shows the sensitive data along with spec in detail. You can click on a sensitive data type from the list, and Traceable highlights it in the Open API spec. You can also download the spec in YAML or JSON format by clicking the Download () icon corresponding to the format drop-down. You can use the downloaded spec with applications such as Postman.
  

  
  If you wish to download OpenAPI specification for a domain, service, label, or an environment, you can use the APIs provided by Traceable. For more information, see OpenAPI specification operations.

  Note

  API specs are not generated for third-party APIs.

Malicious Behaviors

This tab highlights the malicious activities observed in the API within your selected time duration. The page contains the following information:

• The type of malicious behavior observed in the API.

• The description of the malicious behavior.

• The category to which the behavior belongs.

• The timestamp at which the behavior was observed.

You can click on a specific behavior to view its details. Traceable redirects you to the Threat Activity page under Protection where you can view information such as event details, description, mitigation, impact, etc.

Traces

When a user sends a request, it creates a trace in the system. A trace may traverse through multiple services to fulfill the user’s request. The Traces tab displays detailed information about each request, its response, and it’s associated attributes. Traceable also displays the related cookies. One important information the Traces tab provides is the Exit Calls. This information allows you to identify the backend or third-party services your API is calling, which can be especially helpful for detecting unauthorized third-party calls. You can also click on the + icon corresponding to a row to view more details about the trace.

Metrics

The Metrics tab displays detailed statistical information about the performance of the API Endpoint. By default, this information is shown for the past 5 minutes; however, you can change it to view data for up to 6 hours. The following information is displayed for an API:

• Performance information, such as P50, P95, and P99 latency numbers. These metrics are helpful in identifying the API performance for different user groups. If you see unexpected latency numbers, you may want to check the APIs for resource consumption, performance bottlenecks, and network issues.

• The error rate and error percentage during the selected time-period. The error rate is the number of failed requests per second, while the error percentage is the number of failed requests relative to the total number of requests converted into a percentage format. These values are helpful for detecting issues and monitoring API’s reliability. If you see unexpected numbers, you may want to check the APIs for network problems, security, and configuration issues.

• The number of calls per minute to the API during the selected period. If you see an unexpected number of calls for an API, it may indicate API abuse or a DDoS attack.

• The data transfer rate in the selected period can also give you insights about the API’s usage. If you see an unexpected data transfer rate for an API for which the rate should be low, it may point to a possible breach in API security.

• The top status codes that you can monitor to infer the health of the API. If you see many error status codes, you may want to check the API for issues.

Risk

The Risk score is calculated based on the likelihood and impact of a probable security breach. The Risk tab shows the current risk score based on various sub-components of likelihood and impact. For detailed information on how Traceable calculates the score, see Risk Score.

API DNA

API DNA is one of the most important and insightful information that Traceable provides. It is a snapshot of the API structure, behavior, and its interaction with the different parts of the application. Traceable tracks this data over time, which in turn helps you gain a more in-depth insight into your API activity.

Note

API DNA is not generated for third-party APIs.

The Statistics section in the tab provides information about the following:

• API parameters — This list includes the parameters that have been discovered or are under learning. It also lists the number of API headers, path, query, and body parameters.

• Cookies — This list includes the total and required number of cookies in the API.

• Sensitive Data — Shows a chart with the total number of sensitive datatypes discovered, with each datatype highlighted in a different color.

The DNA tab also displays a list of parameters that Traceable has discovered or is in the process of learning. By default, Traceable displays the list of parameters in the API request; however, you can view the parameters in the response by clicking Response in the section’s top right corner. You can also click on any parameter to view additional information about it.

Note

As Traceable continuously keeps monitoring even the learned APIs, your API DNA may change with time.

Traceable allows you to classify any datatype as sensitive directly from the API DNA tab. To do so, hover your mouse in the Classification column corresponding to a parameter and click the Lock ()icon. In the Create datatype pop-up window, specify the datatype details according to your requirements. For detailed information on these fields, see Data Classification.

Note

A datatype can belong to one or more datasets. Make sure that the dataset to which you want to add the datatype is available in the Dataset drop-down list. If it is not listed, then create a dataset from Settings () → API Catalog → Data Classification → Datasets tab. For more information, see Data Classification.

You can also do the following in the API DNA tab:

• View the list of parameters based on their type by clicking the Parameter Type drop-down in the section’s top left corner.

• Search for a specific parameter using the Search bar.

• View the list of parameters based on the type of sensitive data discovered, by clicking the Sensitive Data drop-down.

• Filter data to view parameters based on certain conditions, by clicking the Filter () icon.

• Expand or collapse all parameters.

• View Traces for the API.