Auth Session Attribution

Auth Session Attribution is used to determine whether an API request is part of an authenticated user session. This helps in classifying APIs as Authenticated or Unauthenticated based on the presence of valid authentication information in the request.

Why it Matters

Identifying authenticated traffic is essential to:

Detect exposed APIs that should require authentication.
Monitor sensitive functionality access.
Track session misuse or replay attempts.
Map API posture for threat modeling.

How it Works

The AppSentinels platform uses header values, cookies, or JWT tokens to detect the presence of authentication information. This can be done using default fields or by configuring custom fields.

Default Auth Session Attribution

Out-of-the-box, AppSentinels supports common fields such as:

req.header.authorization
req.header.authentication
req.header.cookie.jsessionid
req.header.x-access-token
req.header.cookie.cftoken, cfid, aspsessionid, etc.

You can simply check the required fields to activate them.

Custom Auth Session Attribution

You can define custom logic to identify authenticated requests by specifying your own fields and formats. Click + New Custom Attribution to configure:

Field	Description
Field Location	Where to look for the auth token (e.g., `Req.Header`, `Req.Cookie`, `Resp.Body`).
Field sublocation	The specific header or key name (e.g., `authorization`, `x-auth-token`).
Type (optional)	Format of the token such as `bearer.jwt`, which allows parsing JWT claims.
Field to extract session identifier	For JWT, specify the claim to extract as the identifier (e.g., `sub`, `userId`).
Regex (optional)	Enable this if: You want to match API URIs using regex (e.g., `/api/v1/.*`). You want to extract auth token using a regex pattern.
APIs	Select APIs this rule applies to or define a URI pattern using regex.

Once added, AppSentinels will apply this rule to incoming traffic and mark those APIs as authenticated if the configured token is present.

Example Configuration

Field	Example Value
Field Location	Req.Header
Field sublocation	authorization
Type	bearer.jwt
Field to extract identifier	sub
Regex	Off
APIs	POST /user/login, GET /profile

This will tell AppSentinels to inspect the Authorization header for a JWT and extract the sub claim to identify whether the API request is authenticated.

⯇ Session Attribution User ID Attribution ⯈