Tracking changes in API ¶

If changes occur in your API, API Discovery updates the built API inventory, highlights the changes and gives you information on when and what has changed.

Overview¶

The company may have several teams, disparate programming languages, and a variety of language frameworks. Thus changes can come to API at any time from different sources which make them difficult to control. For security officers it is important to detect changes as soon as possible and analyze them. If missed, such changes may hold some risks, for example:

• The development team can start using a third-party library with a separate API and they do not notify the security specialists about that. This way the company gets endpoints that are not monitored and not checked for vulnerabilities. They can be potential attack directions.

• The PII data begin to be transferred to the endpoint. An unplanned transfer of PII can lead to a violation of compliance with the requirements of regulators, as well as lead to reputational risks.

• Important for the business logic endpoint (for example, /login, /order/{order_id}/payment/) is no longer called.

• Other parameters that should not be transferred, for example is_admin (someone accesses the endpoint and tries to do it with administrator rights) begin to be transferred to the endpoint.

Highlighting changes in API¶

In the Status column for endpoints and parameters, API Discovery provides data about changes in your API for the last week:

• New for the endpoints discovered within a week.

• Changed for the endpoints that have newly discovered parameters or parameters that obtained the Unused status within the period. In the details of the endpoint such parameters will have a corresponding mark.

  • A parameter gets the New status if is is discovered within the last week.
  • A parameter gets the Unused status if it does not pass any data for a week.
  • If later the parameter in the Unused status passes data again it will lose the Unused status.

• Unused for the endpoints not requested (with the code 200 in response) within the last week or longer.

  • If later the endpoint in the Unused status is requested (with the code 200 in response) again it will lose the Unused status.

Use Changed since filter to only see endpoints changed in specific time period, for example, today.

Was this page helpful?

How can we improve this article? (Optional)

Information is unclear or confusing

Insufficient information

Outdated or incorrect information

0/240

Send