Auth Session Attribution
Auth Session Attribution is used to determine whether an API request is part of an authenticated user session. This helps in classifying APIs as Authenticated or Unauthenticated based on the presence of valid authentication information in the request.
Why it Matters
Identifying authenticated traffic is essential to:
- Detect exposed APIs that should require authentication.
- Monitor sensitive functionality access.
- Track session misuse or replay attempts.
- Map API posture for threat modeling.
How it Works
The AppSentinels platform uses header values, cookies, or JWT tokens to detect the presence of authentication information. This can be done using default fields or by configuring custom fields.
Default Auth Session Attribution
Out-of-the-box, AppSentinels supports common fields such as:
req.header.authorization
req.header.authentication
req.header.cookie.jsessionid
req.header.x-access-token
-
req.header.cookie.cftoken
,cfid
,aspsessionid
, etc.
You can simply check the required fields to activate them.
Custom Auth Session Attribution
You can define custom logic to identify authenticated requests by specifying your own fields and formats. Click + New Custom Attribution to configure:
Field | Description |
---|---|
Field Location |
Where to look for the auth token (e.g., Req.Header ,
Req.Cookie , Resp.Body ).
|
Field sublocation |
The specific header or key name (e.g., authorization ,
x-auth-token ).
|
Type (optional) |
Format of the token such as bearer.jwt , which allows
parsing JWT claims.
|
Field to extract session identifier |
For JWT, specify the claim to extract as the identifier (e.g.,
sub , userId ).
|
Regex (optional) |
Enable this if:
|
APIs | Select APIs this rule applies to or define a URI pattern using regex. |
Once added, AppSentinels will apply this rule to incoming traffic and mark those APIs as authenticated if the configured token is present.
Example Configuration
Field | Example Value |
---|---|
Field Location | Req.Header |
Field sublocation | authorization |
Type | bearer.jwt |
Field to extract identifier | sub |
Regex | Off |
APIs | POST /user/login, GET /profile |
This will tell AppSentinels to inspect the Authorization header for a
JWT and extract the sub
claim to identify whether the API
request is authenticated.