Third Party

A Third Party is a service provided by an external organization or individual that you use to add specific features or integrate within your application. Traceable discovers the third parties being used in your application. Detailed information about these third parties is also provided, for example, the APIs in the service, the sensitive information flowing from your system to the APIs, or the number of calls made in a day, and so on.

Dashboard

Navigate to Catalog → API Discovery → Third Party to access third-party services in your application.

The following table describes the different columns on the page:

You can view the data for a specific environment and time duration by selecting them from their respective drop-downs in the top right corner of the page. You can also download this data by clicking the Download () icon on the page.

Mark backends

A backend may have been misidentified as a third-party backend. You can mark such a misidentified third-party backend as a normal backend. Click the ellipse icon corresponding to a row and click Mark As Backend to move that domain to the Backend page. Similarly, you can mark a backend as a third-party domain from API Catalog → API Discovery → Backend.

Flow map

The Third Party dashboard also provides a flow map that depicts traffic flow to the third-party service. The flow map displays the level of sensitive data that flows to the third-party and the caller services that connect to it. Click on the flow map icon, as shown in the screenshot above, to access the flow map.

The above screenshot shows that one caller service calls two third-party endpoints. It also shows that highly sensitive data is flowing through the third-party service. You can click API Endpoints in the flow map to view the APIs in that service that are calling the third-party endpoints. For example, the following screenshot shows two APIs calling the third-party APIs.

Sensitive data in third-party

You can view the sensitive data flowing through the third-party services by navigating to API Catalog → API Risk → Sensitive Data, and clicking the Third Party tab.

You can also filter the data shown on this page based on multiple attributes, for example:

• The third-party service

• The caller service

• The data types are the type of sensitive data identified by Traceable, for example, credit card CVV, social security number, etc.

• Data sets, such as PII data, PCI data, and so on.

• Filter based on sensitivity, such as critical, high, medium, or low.

To filter the data, click the Filter () icon as shown in the screenshot above. For more information on sensitive data flow in your application, see Sensitive data.