API Discovery

Overview

API Discovery provides security by visibility to the API passing to the web server.

API Discovery provides, after a learning period, the suggested initial schema for API Schema validation enforcement, and from then on, assists in maintaining that schema across time by suggesting changes to it according to the actual use.

For a full overview of API Discovery's role within API Security, read here:

API Protection

API Discovery supports:

  1. REST API

  2. GraphQL API

How does API discovery work?

API discovery learns the actual behavior of the traffic to the web server's exposed URI paths.

API discovery inspects:

  1. Requests to the internal web server that are accepted by it. i.e. their HTTP return codes are not 4XX/5XX.

  2. Traffic blocked by API Schema Validation if active and set to Prevent - In order to suggest missing APIs to the existing validated schema.

API Discovery Learning engine has 2 stages:

  1. API detection using an iterative Machine Learning A.I. engine that detects usage of APIs (a combination of the method and the endpoint used in the request). Several different endpoints may be joined at this stage to a single API using path parameters.

  2. Schema Builder looks at query parameters and the request body to build the exact schema for each API based on multiple requests. API Discovery saves up to 100 query parameters per API. At this stage, it also detects any use of sensitive data in each API.

Similarly to addition learning mechanisms in CloudGuard WAF, learning levels which track progress.

The Learning mechanism may require the user to decide between several options when the learning result is not conclusive enough.

Where can you see API Discovery Results?

For a full explanation of tracking API Discovery results see:

Track API Discovery Learning

In general, there are 3 locations:

  1. Within each asset, the API Discovery engine shows the detected Schema and its progress across versions. Versions will initially change due to iterative learning as more and more traffic passes through the engine, and later, versions will be created by a change in the behavior of the client requests and the API the web server accepts.

  2. Within each asset, the Learn tab shows a summary of the discovered schema and allows for supervised fine tuning.

  3. An API Dashboard shows cross-asset view of all APIs as well as top APIs (most used, least used, sensitive data APIs, etc.)

Last updated

Was this helpful?