The only automated NLP-based API security platform that protects enterprise applications at scaleLearn More »
Actual API traffic is a great source of insight into the APIs that are published and used by your organization. However, as different teams have different goals, it’s likely that you won’t get the same answer to this question twice. For example, your product teams might be more interested in the customer usage of your APIs, while engineering teams will look into performance or stability—and will use different tools built for each purpose.
Still, this question can uncover the traffic that actually flows through your networks, helping you discover the APIs that no one tells you about and understand how they are used, by who, and for what. This can be the basis for subsequent anomaly detection, as well as for investigation purposes in case of a breach.
One API can be deployed with multiple versions and, depending on the changes that happened in every version, could offer a different set of functionalities. The problem is that older versions tend to be less maintained and documented, which may introduce security vulnerabilities.
First, find out your teams’ deprecation policies and then the versioning schema they use. This may not not reveal the older versions that exist directly, but it will point you in the right direction to begin your search.
API discovery is crucial for every modern company. That’s because while APIs create tremendously powerful synergies, they can also become a liability. Every API can potentially be compromised and leak its data to bad actors.
But API discovery isn’t just a technicality. Teams can be very protective of their APIs if they think those APIs give them leverage in company decisions. Therefore, discovery isn’t just about asking questions, but also about seeing the context in which those questions are asked —and navigating the related complexities.