--- title: "Endpoint Details" slug: "endpoint-details" description: "Explore Traceable’s Endpoint Details page for comprehensive API monitoring. Analyze API behavior, performance, security metrics, and track API DNA for enhanced API security and insights." tags: ["API DNA", "OpenAPI spec"] updated: 2025-12-16T05:17:47Z published: 2025-12-16T05:17:47Z --- > ## Documentation Index > Fetch the complete documentation index at: https://traceabledocs.document360.io/llms.txt > Use this file to discover all available pages before exploring further. # Endpoint Details ##### Updates (April 2025 to June 2025) - *May 2025* — Updated the page to add information about editing roles and scopes in API endpoints. Older Updates - *February 2025* — Updated the page to add information about WSDL API specifications in the [Overview tab](/v1/docs/endpoint-details#understanding-the-endpoint-details). ## What Endpoint Details are Shown? The API endpoint details page provides a comprehensive view of your API, including its activity, performance, and security. The page highlights malicious behaviors observed in the API, its OpenAPI specifications, and detailed trace information. It also provides API performance metrics, such as error and latency rates, along with detailed information about the parameters, which track the API’s behavior and structure over time. ## How does the Endpoint Details Page Help? Using the Endpoint details page, you can monitor your APIs, analyze issues, and take measures to secure them effectively. ## How to Navigate the Page? To view this page, navigate to the **Discovery** → **Inventory** → **API Endpoints** tab and click the API for which you want to view the details. ![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_catalog_inventory_endpoint_details(3).png) Endpoint Details --- ## Understanding the Endpoint Details The following tabs discuss the information displayed for each endpoint. Click the tab according to your requirements to understand about each endpoint. OverviewParametersMalicious BehaviorsTracesMetricsRisk The **Overview**tab shows detailed information about an API using the following sections: - **Details** — This section contains the following information: - Service and domain associated with the API. - The time at which the API was created and last updated. - The auth type, encryption, and type of API. - The source and environment of the API. - The authorized roles and scopes that can access the API. You can also edit these roles and scopes according to your requirements. For more information, see the section below. - The ownership of the API. For more information, see [API ownership](/docs/api-ownership). - **Risk Score** — This section highlights the risk score assigned to the API. This score is calculated based on various contributors. For more information on risk scoring, see [Risk score](/docs/risk-score). The section also highlights the contributors to the risk score. You can expand each contributor to view detailed information about it. You can also create Jira issues to remediate each issue. To do so, click **Create** corresponding to the contributor, specify the details in the pop-up, and click **Create**. > [!NOTE] > Note > > You must integrate Jira with Traceable to be able to create Jira issues. For information on setting it up, see [Jira integration](/docs/jira). - **User Roles** — This section outlines the various user roles that utilize your API. You can use this information to identify any unauthorized roles using the API. The section also displays a chart showing the number of requests per user role and the total number of requests to the API. For more information on how you can capture these roles from APIs, see [User Attribution](/docs/user-attribution). Once you have set up user attribution, you can also assign additional roles or remove existing roles that have access to this API. This ensures that only authorized users can make the API calls. For more information on setting this up, see [Security Scheme](/docs/security-scheme). - **Requests** — This section displays the total number of API requests and includes a time series chart that shows the requests at a specific time. It also displays another time series chart showing active attack requests and blocked requests, along with the top 5 detected attack types and the top 5 blocked attack types listed below. You can use this information to quickly block specific API requests. - **API Documentation** — Traceable learns the API documentation throughout its discovery process and identifies sensitive data (parameters) in API requests and responses. This section provides a detailed overview of the traceable documentation, including sensitive data (parameters). You can click on a sensitive data type from the list, and Traceable highlights it in the documentation. You can also download the documentation in either of the following formats: To do this, click the **Download** (![traceable_download_icon(3)](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_download_icon(3).png)) icon corresponding to the format drop-down. You can use the downloaded documentation with applications such as Postman. ![API Documentation](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_catalog_endpoint_details_api_documentation.gif) If you wish to download the OpenAPI or WSDL specifications for a domain, service, label, or environment, you can use the APIs provided by Traceable. For more information, see [Downloading API Documentation](/docs/download-api-spec). > [!NOTE] > Note > > API documentation is not generated for third-party APIs. - Open API YAML - Open API JSON - WSDL (for *SOAP* API types only) --- ### Editing Authorized Roles and Scopes If you have already configured the authorized roles and/or scopes, or if Traceable has automatically learned them from the incoming API traffic, these details are shown in the **Overview** tab. > [!NOTE] > Note > > If you have not yet set up the authorized roles and scopes, see [Security Scheme](/docs/security-scheme). In the **Overview** tab, you can edit existing roles and scopes according to your requirements. To do so, click the **Edit** (![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_edit_icon.png)) icon corresponding to the **Authorized Roles**/**Scopes** field, and in the pop-up window, perform either of the following actions: ![Editing Authorized Roles/Scopes](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_catalog_endpoint_details_edit_roles_scopes.png) Editing Authorized Roles/Scopes - **Add Roles/Scopes** 1. Click the **+** icon in the top right corner. 2. In the **Manage Roles/Scopes** pop-up, click the drop-down, and select/deselect the check-box corresponding to the roles/scopes you wish to update. You can also create a new role/scope by specifying the name in the **Search** field and clicking **+ type to create new role/scope**. - **Mark Auto-Learned Roles/Scopes as User-Defined** > [!NOTE] > Note > > Traceable represents Auto-Learned roles and scopes using the ![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_auto_learned_icon.png) icon. 1. Click the **Ellipse** (![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_catalog_posture_events_ellipse_icon.png)) icon corresponding to the role/scope you wish to update. 2. Click **Mark as User-defined**. - **Delete Roles/Scopes** 1. Click the **Ellipse** (![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_catalog_posture_events_ellipse_icon.png)) icon corresponding to the role/scope you wish to delete. 2. Click **Delete**. This tab provides an overview and details of the various parameters used in an API as well as their location and sensitivity. The Parameters tab also includes information about the datatypes and datasets associated with a parameter. This is useful for gaining in-depth insights into your API activity and understanding the criticality of parameters. > [!NOTE] > Note > > Parameters are not generated for third-party APIs. ![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_catalog_inventory_parameters(1).png) Parameters The visualization section in the tab provides information about the following: - **Parameters by Location** — Displays a chart showing the total number of parameters discovered in different sections of an API request or response, with each location represented in a different color. - **Parameters by Sensitivity** — Displays a chart showing the total number of parameters discovered in an API request or response, grouped by sensitivity and represented in different colors. > [!NOTE] > Note > > Parameters that are not associated with a datatype are not assigned a sensitivity (None) as shown above. The tab also displays a list of parameters that Traceable has discovered in the API request and response. By default, Traceable displays the list of parameters that it has learned. The following details are shown for each parameter: - **Parameter** — The name of the parameter discovered by Traceable. Objects containing multiple child parameters or objects are represented by *{}*. You can click the **Expand** (![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_expand_icon.png)) icon corresponding to an object to view the parameters under it. The icon next to a parameter name indicates the type of value sent in that parameter. You can hover over the icon to view the type, for example, *ABC*, which represents a *String*. ![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_catalog_parameter_objects.gif) - **Is Required** — Highlights whether the parameter is required or not. Traceable marks a parameter as required if it appears in 99% of API calls. Required parameters are highlighted with an asterisk (*) as shown above. - **Location** — The location within the request or response of the API where Traceable observed the parameter, for example, body, header, etc. - **Datatypes** — The Traceable datatype(s) associated with the parameter, for example, *password* and *Email* as shown above. You can also hover over a datatype to view its basic details. You can add or edit datatypes for each parameter according to your requirements by clicking the **Ellipse**(![traceable_ellipse_icon](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_ellipse_icon.png)) icon corresponding to a row and selecting **Add Datatype** or **Manage Datatype**, respectively. Specify or modify the datatype details in the respective pop-up window according to your requirements. For detailed information on these fields, see [Data Classification](/docs/data-classification). > [!NOTE] > Note > > - You can add or edit datatypes only at a parameter level and not at an object (![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_object_icon.png)) level. Therefore, you must expand objects to be able to add or edit datatypes. For example, in the above screenshot, the object level is represented by *{}* in the first row, and upon expanding, the parameter level is represented by the child rows *password* and *email*. > - A datatype can belong to one or more datasets. Make sure that the dataset to which you want to add the datatype is available in the **Dataset** drop-down list. If it is not listed, then create a dataset from **Settings**(**![image-1638268402925](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/image-1638268402925.png)**)**→ Discovery → Data Classification → Datasets** tab. For more information, see [Data Classification](/docs/data-classification). - **Datasets** — The Traceable dataset(s) associated with the parameter, for example, *Generic Auth* and *HIPAA* as shown above. You can also hover over a dataset to view the corresponding datatypes under it. - **Is Learnt** — Highlights whether the parameter is learned or not. While Traceable shows learned parameters by default, you can remove the **Is Learnt** filter at the top of the tab to view both learned and under-learning parameters. The learned and under-learning parameters are highlighted using the ![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_learned_icon.png) and ![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_under_learning_icon.png) icons respectively. - **Identified In** — The API component (request or response) where Traceable observed the parameter. > [!NOTE] > Note > > As Traceable keeps monitoring both learned and under-learning APIs continuously, the parameters visible in the tab may change with time. You can also do the following in the tab: - Search for a specific parameter using the **Search** bar. - Filter data to view parameters based on certain conditions by clicking the **Filter** (![traceable_filter_icon](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_filter_icon.png)) icon. This tab highlights the malicious activities observed in the API within your selected time duration. The page contains the following information: - The type of malicious behavior observed in the API. - The description of the malicious behavior. - The category to which the behavior belongs. - The timestamp at which the behavior was observed. You can click on a specific behavior to view its details. Traceable redirects you to the **Threat Activity** page under **Protection,** where you can view information such as event details, description, mitigation, impact, etc. When a user sends a request, it creates a trace in the system. A trace may traverse through multiple services to fulfill the user’s request. The **Traces**tab displays detailed information about each request, including its response and associated attributes. Traceable also shows the related cookies. One crucial piece of information the Traces tab provides is the **Exit Calls.**This information lets you identify the backend or third-party services your API is calling, which can be especially helpful for detecting unauthorized third-party calls. You can also click on the **+** icon corresponding to a row to view more details about the trace. The **Metrics**tab displays detailed statistical information about the API endpoint's performance. By default, this information is shown for the past 5 minutes; however, you can change it to view data for up to 6 hours. The following information is displayed for an API: - Performance information, such as P50, P95, and P99 latency numbers. These metrics help identify the API performance for different user groups. If you encounter unexpected latency numbers, consider checking the APIs for resource consumption, performance bottlenecks, and network issues. - The error rate and error percentage during the selected time period. The error rate is the number of failed requests per second, while the error percentage is the number of failed requests relative to the total number of requests, expressed as a percentage. These values help detect issues and monitor the API’s reliability. If you encounter unexpected numbers, consider checking the APIs for network issues, security problems, and configuration errors. - The number of calls per minute to the API during the selected period. If you notice an unusually high number of calls to an API, it may indicate API abuse or a DDoS attack. - The data transfer rate during the selected period can also provide insights into the API’s usage. If you encounter an unexpected data transfer rate for an API that should have a low rate, it may indicate a potential breach in API security. - The top status codes that you can monitor to infer the health of the API. You may want to check the API for issues if you see many error status codes. The **Risk**score is calculated based on the likelihood and impact of a probable security breach. The Risk tab displays the current risk score, calculated based on various sub-components of likelihood and impact. For detailed information on how Traceable calculates the score, see [Risk Score](/docs/risk-score). ## Related - [Data Classification](/data-classification.md) - [Sensitive data](/sensitive-data.md) - [Downloading API Documentation](/download-api-spec.md)