API Data Relationships
AppSentinels Platform automatically discovers and learns the sequence and data flow relationships between APIs using advanced AI/ML models. The Key use cases are:
- API Penetration Testing: Utilizes the learned API flow and dependencies to identify chained vulnerabilities and misconfigurations.
- Business Logic Attack Detection: Detects anomalies in expected API usage sequences and interdependent data flows.
Automatic & Manual Learning
Automatic Learning
The platform continuously observes live API traffic to identify the sequence of calls and data dependencies.
Manual Configuration
Admins can define custom relationships via:
-
Settings → ML Training & Enforcement → Relationship → Control Params -
API Flypanel → API Relationship tab(for individual APIs)
Adding a Manual API Control Relationship
The "Add New Relationship" form allows users to specify a relationship where one API’s parameter (dependent) is influenced by another API (controller).
| Field | Description |
|---|---|
| Dependent Endpoint | API relying on input controlled by another API |
| Dependent Parameter | Parameter within the dependent API (with location like Body, Path, etc.) |
| Controlling Endpoint | API that controls or influences the dependent parameter |
| Controlling Parameter | Parameter from the controlling API response |
| Relationship | Defines how the values are related (e.g., equals, superset, etc.) |
| Notes | Optional comments describing the logic or reasoning |
API Relationship Summary Metrics
| Metric | Description |
|---|---|
| Total Endpoints | Total number of APIs discovered and monitored by the platform. |
| Total Relations Learned | Number of control/data relationships identified via AI/ML or configured manually. |
| Controlling Endpoints | APIs that act as data sources or controllers for other APIs. |
| Dependent Endpoints | APIs that rely on values from other APIs to complete business logic flows. |
| Endpoints without Relationship | APIs that do not yet have any controlling or dependent relationship mapped. |
Control Params Dashboard Overview
- Total Endpoints – APIs monitored
- Total Relations Learned – AI/ML-detected or user-configured relationships
- Controlling Endpoints – APIs that act as data providers
- Dependent Endpoints – APIs influenced by others
- Endpoints Without Relationship – APIs that may require manual mapping for complete logic flow
Each relationship entry includes:
- Dependent & Controlling Endpoints
- Parameters and their data types
- Relationship type (equals, superset, etc.)
- Enforcement status
- DAST testing status and messages
Confidence and Testing Insights
- DAST Last Tested – Date of last test run
- Confidence Scores – AI-assigned scores based on observed consistency
- Total Occurrences – How frequently the relationship has been seen in real traffic
- Variation Count – Number of unique variations of the relationship
- Training IDs – Identifiers for training cycles when the relationships were discovered or updated
Relationship Management Actions
AppSentinels provides flexible options to manage learned and manually configured API relationships for fine-tuned detection and testing purposes.
- Edit: Modify the dependent or controlling parameter, update relationship type, or add notes.
- Enforce: Apply the relationship so it actively influences DAST behavior and logic validation.
- Delete: Remove a relationship when it is no longer valid or required.
These actions are accessible via the Edit button in the Control Params tab.
Relationship View Filter
| Option | Description |
|---|---|
| All | Displays all relationships regardless of status or source. |
| Enforced | Shows only those relationships currently active and enforced in DAST evaluations. |
| Deleted | Displays relationships that were removed manually or due to policy changes. |
| Manually Added | Filters to display only relationships created by users (not AI/ML learned). |
This dropdown helps teams quickly verify enforcement status or audit custom-configured relationships.
Advanced Filtering Panel
Use the advanced filter panel to search based on various technical and metadata fields.
Download Relationship Data
You can download the entire relationship dataset for reporting or auditing.