Onboarding Applications

The following steps guide you through onboarding your applications into the AppSentinels platform for API discovery, monitoring, and protection.

Summary of Onboarding Steps

1. Deploy the AppSentinels Controller using Docker or Kubernetes.
2. Integration with your API environment (API Gateway, Ingress, Load Balancer, or Web Server).
3. Upload the License under Organization → Settings → License Usage.
4. Add Applications by adding its name, domain, and assigning users.
5. Deployment Validation by generating traffic and checking the API Catalog.
6. Define API Attributes for accurate discovery and threat detection.

🚀 Deployment of Controller

The AppSentinels Controller must be deployed as the first step in onboarding any application onto the platform. It plays a critical role by:

• Receiving and analyzing live API traffic from Sensors and Plugins.
• Anonymizing Personally Identifiable Information (PII) locally and forwarding structured metadata to the Cloud Platform.
• Acting as the first line of defense against API attacks such as BOLA, BFLA, and data exposures.

After deployment, confirm successful registration by navigating to System Health → Controller Health in the dashboard.

🔗 Integration with API Environment

After deploying the Controller, integrate it with your API infrastructure. Supported integration points:

• API Gateways: Kong, Apigee, Azure APIM, etc.
• Ingress Controllers: Kubernetes Ingress (NGINX, Istio).
• Load Balancers: F5 BIG-IP, VMware AVI, etc.
• Web Servers: NGINX, Tomcat, IIS, etc.

Integration Modes:

• Out-of-Band (OOB) Mode: Passive monitoring with optional enforcement.
• Inline/Service Chaining Mode: Real-time inspection and blocking.

🔐 Upload License

AppSentinels Platform license for your organization must be uploaded to enable access to protected applications. To upload the license, navigate to Organization → Settings → License Usage and select Upload Licenses.

Once uploaded, license usage details will be visible under the License Usage page. The details include:

• Subscribed on: 03/06/2024
• License Expiry: 03/06/2025 (20 days remaining)
• APIs Discovery Limits: 250
• API Calls Limit: Up to 3,000,000 API Calls / Month
• DAST Scan Limits: Up to 2 DAST Scans / Month
• Number of Applications: 3
• Data Retention Period: 30 Days
• Users Limit: 5

🛠️ Add Applications

Once the Controller is deployed and integrated, onboard your application by adding:

• Application Name
• Application Domain
• Assigned Users

Applications are automatically linked based on the domain configured in the Controller, enabling traffic discovery and security policy application.

✅ Post-Deployment Validation

Follow these steps to validate successful onboarding:

• Generate API requests from the application (UI interactions or test scripts of application).
• In AppSentinels dashboard, switch to Application View and select your app from Organization Dashboard.
• Navigate to API Catalogue and ensure APIs are listed.

🧩 Defining API Attributes

AppSentinels uses key API attributes to enable accurate discovery and threat detection:

• Authentication Attributes: Identify unauthenticated APIs.
• Session Attributes: Track user sessions across APIs.
• User Attributes: Correlate API requests to users.

Default attributes are provided, but if your application uses custom headers, tokens, or keys, update the configurations.

You can configure these under Settings → Session & User Attribution in the dashboard.