API insights
  • 01 Dec 2021
  • 3 Minutes to read

API insights

API Endpoint details page is the page that is displayed when you click on an API. The topic explains the different tabs of the API Endpoint details page.

API security requires a holistic understanding of the application DNA. The security teams need to understand various factors like the generated events, API metrics, its DNA and how the DNA is changing. Its important to understand these factors to be able to identify anomalies or detect legacy and new threats. Identification of these new threats requires an understanding of the application context and user behavior to differentiate between threat actors and normal users. Traceable's API insight provides you such detailed and deep level information about your API.

The API Endpoint page and the subsequent pages provide rich information about the APIs. When you click on an API in the API Endpoints page, it displays the API details page with information on the following.

Overview (API performance)The Overview tab displays the API performance details, like, P99 and P50 latency, errors/second, calls/second for the last 1-hour. The Overview tab also provides Endpoint Properties. The Endpoint property displays whether the API is external or internal, authenticated or not, whether the API request and response have sensitive data or not.
EventsThe Events tab displays all the security events specific to the API. For more information on Events, see Security events.
TracesWhen a user sends a request, it creates a trace in the system. A traces may traverse through multiple services to serve the user request. The Traces tab displays the drill-down information about each request, its response and the attributes associated with the request.
MetricsThe Metrics tab displays detailed statistical information about the performance of the API

 See the next section for API DNA.

API insights


Application DNA is the collection of data that defines what an application is made up of, how those parts interact, how each of those parts behaves, and how the different users of the application interact with each of those parts. In modern applications, this data is continuously changing. Traceable keeps a track of this changing data which in turn helps you with a deeper insight into your API activity. 

The DNA tab displays many other important details about an API in addition to the risk score. These are:

Status codeTraceable displays all the detected status codes for an API along with the percentage of occurrence of each status code. By looking at the percentage number, you can assess the nature of requests on your API. For example, if you see a high percentage of error codes, you can investigate and take corrective actions for the API.

Displays whether an API is an authenticated API or not.

User RoleDisplays the kind of actions performed by the user, for example, purchasing, browsing, generic, and so on.

Displays the category of the API. During the discovery process, the API is assigned to a family based on the source of the request. The API can be part of any of the following types of family:

  • Requests are received from a diverse set of user IDs.
  • Requests are received from a diverse set of IP addresses.
  • Requests are received from a limited set of IP addresses.

 The DNA tab also displays the updates to a discovered API. The new API parameters are identified with a green dot in front of them.


API tags

You can add tags to discovered APIs from the API Endpoints details page as shown in the screenshot above. Tags help you to classify the APIs in different categories. Based on your design and definition of API, you can tag them in the following four categories. You These are example definitions of the tag and may depend on how your organization defines them. 

  • Critical
  • Sensitive
  • External
  • Sentry

API tags

You can apply more than one tag to the same API.

Rate limiting

You can also set rate limits for each API from the API Endpoint details page. For more information, see Rate limiting.

Was this article helpful?

What's Next