Parameter catalogue

Parameter catalogue provides complete visibility into the sensitive data exposure in the APIs discovered for the protected application.AppSentinels PII detector catalogs the parameters in the APIs that deal with sensitive or PII data.

Parameter catalogue is accessible from the Parameter Catalogue tab in the left navigation menu. API catalogue is displayed in two views: Summary view and Parameters List view.

Summary view is a collection of widgets with Context, Sensitive Parameter Count, Sensitive Data Distribution, and Sensitive Data Type Distribution.

Parameters List view is a listing of the parameters with sensitive data with their data type and PII type, location of sensitive data, and other operational data.

In the Parameters List view, the parameters are listed with the following data:

Parameter Name

The name of the parameter in the API. For example, password.

The parameter values of parameters that deal with sensitive data are anonymized.

Endpoint

The URL for the service offered by the API for the relevant parameter. For example, POST /rest/user/reset-password.

Data Type

The data type of the parameter.

Location

The location in the API request or response where the parameter is found. For example, Response.body for the parameter found in the body of the response.

Auth

Whether the service offered through the relevant API uses authentication methods— No, Unknown (to AppSentinels), and Yes (for example, bearer.jwt)

Sensitive

Whether the relevant parameter deals with sensitive or PII data— Yes or No.

PII Type

The type of sensitive or PII data the parameter deals with. For example, Password or Pin.

First Discovered

The time and date when the API was discovered.

Direction

The origin of the relevant API request— Public or Internal.

Shadow

Whether the relevant API is a Shadow API— Yes or No.

Privilege

Whether the relevant API is a Privileged API— Yes or No.

Action

Options to change the AppSentinels-assigned PII data type for the parameter