Detailed view of APIs

API Catalogue List view and Parameter Catalogue List view only provide the top-level details. More details, such as the vulnerabilities, risk factors, threats, and attacks, are available in the detailed view. 

Here are the API and parameter details seen in the detailed view.

Basic details

Except for tags and the last trained date, the basic details are the same as those in the List view. 

  • Click an API and see the basic details in the Info and Usage tab in the fly panel.

AppSentinels tags APIs based on the service that the API provides. Custom tags can be added to an API by clicking Add new and then adding the tags. 

API Usage

API usage trends over the last seven days or the last 24 hours are available as Time Series graphs for the following: number of API calls, content transfer per call, client errors, and server errors.

  • Click an API and usage trends in the Info and Usage tab in the fly panel.

Risk Meter

Risk Meter is a visual representation of the AppSentinels-assigned Risk Score and the risk factors detected in the API. The risk factors are highlighted in Red. 

See Risk score for how AppSentinels assigns risk scores to APIs.

  • Click an API and see the Risk Meter and risk factors in the Info and Usage tab in the sidebar.

Threats and attacks

 A high-level view of the threats and attacks on an API is seen in the Threats Detected and Top Attacks widgets in the Info and Usage tab in the fly panel.

Vulnerabilities

Vulnerabilities are shortcomings in the way APIs are designed. Threat actors can exploit the vulnerabilities and carry out attacks if the vulnerabilities are not addressed.

  • Click an API and then the Vulnerabilities tab in the fly panel to see the summary and the list of vulnerabilities seen in the API.

Some details listed per vulnerability are severity, category, sub-category, event ID, and vulnerability status. 

See Vulnerabilities for more details about how AppSentinels reports vulnerabilities seen in APIs.

Parameters

Click an API and go to the Parameters tab to see all parameters in the request and the response of the API, including the ones that deal with sensitive or PII data.

  • To see parameters used in headers, set the Show Headers switch to ON.

Some of the details listed per parameter are the location of the parameter, the data type, and the PII type (if applicable). The parameter values of parameters are anonymized.