API Catalogue

The API Catalogue in the AppSentinels platform provides centralized, real-time visibility into all APIs discovered within protected applications. By automatically identifying, classifying, and monitoring APIs, the platform empowers security teams to manage posture, detect risks, and respond effectively.

API Discovery Mechanisms

AppSentinels discovers APIs using multiple mechanisms across environments:

• Passive Traffic Inspection: Non-intrusive real-time monitoring without code changes.
• Schema-Based Imports: Ingest OpenAPI (Swagger) and Postman Collection definitions.
• Gateway Integrations: Auto-discovery via Kong, Apigee, AWS API Gateway, and more.

All discovered APIs are continuously updated in the catalogue with contextual metadata, behavioral patterns, and associated risks.

API Classification

AppSentinels automatically classifies APIs into categories to help govern and manage their usage:

• Shadow: APIs not found in defined schema documents.
• Sensitive: APIs that handle PII or critical business data.
• Privilege: APIs performing critical operations like login, reset, etc.
• Public / Internal: Classification based on request origin.
• Authenticated / Unauthenticated: Based on presence of auth tokens/headers.
• New / Unused: Newly discovered or inactive APIs.
• Non-Conforming: APIs that deviate from the defined schema.

API Risk Distribution

APIs are assigned a Risk Score based on multiple factors including authentication, sensitivity, privileges, HTTP methods, and associated vulnerabilities:

• Critical: Exploited successfully by threat actors.
• High: Detected vulnerabilities via passive or active scans.
• Medium: Presence of multiple risk attributes.
• Low: Minimal or no detectable risks.

API Operational Statistics

AppSentinels tracks various metrics to assess API performance and stability:

• API call volume
• Data/content transferred
• Client error rates (4xx)
• Server error rates (5xx)
• P90 latency (90th percentile response time)

APIs List View

A comprehensive table lists every discovered API, with the following attributes:

• Characteristics: Tags like Shadow, Sensitive, Privilege.
• Endpoint: API URI pattern (e.g., /api/products).
• Host: Domain where the API is observed.
• First/Last Seen: Discovery and latest usage timestamps.
• Auth: Authentication type (e.g., JWT, None).
• Risk Score: Risk level (Critical, High, Medium, Low).
• DAST Coverage: Dynamic scan coverage status.
• Calls / Transfer: Usage count and data transferred.
• Error Stats: Client/server-side error counts.
• Latency (P90): Millisecond response delay at 90th percentile.
• Notes: Custom annotations by users.

API Catalogue Export Options

Users can download the full API inventory from the catalogue in the following formats:

• CSV: Download ➜ API Catalogue
• OpenAPI Schema (3.0): Download ➜ OpenAPI Schema

Catalogue Filters

The API Catalogue supports advanced filtering to narrow down API lists based on:

• Endpoint
• Method
• Host
• Risk Score
• Tags/Characteristics
• Authentication status
• Request origin
• Date range
• New or Unused status