Skip to content

API Discovery Overview

Wallarm's API Discovery builds your application REST and GraphQL API inventory based on the actual API usage. The module continuously analyzes the real traffic requests and builds the API inventory based on the analysis results.

Supported protocols

API Discovery is capable of finding and representing hosts and endpoints utilizing different protocols. The following protocols are supported:

Protocol Core entity Required NGINX Node version Required Native Node version
REST Endpoint Any Any
GraphQL Operation (query, mutation, subscription) 6.1.0 NA

Your API inventory

API inventory is a picture of your active APIs automatically built by Wallarm's API Discovery based on traffic going through Wallarm nodes. It includes:

  • API hosts and their endpoints

  • Required and optional parameters and headers of requests and responses including:

    • Type and format of data sent in each parameter
    • Date and time when parameter information was last updated

  • Request methods (GET, POST, and others) for REST

  • GraphQL operations (queries, mutations, subscriptions)

  • GraphQL schema

API Discovery - built API inventory

Issues addressed by API Discovery

Building an actual and complete API inventory is the main issue the API Discovery module is addressing.

Keeping API inventory up-to-date is a difficult task. There is a high chance that one API is used by multiple teams and clients and it is a common case that different tools and processes are used to produce the API documentation. As a result, companies struggle in both understanding what APIs they have, what data they expose and having up-to-date API documentation.

Since the API Discovery module uses the real traffic as a data source, it helps to get up-to-date and complete API documentation by including to the API inventory all endpoints that are actually processing the requests.

As you have your API inventory discovered by Wallarm, you can:

  • Have a full visibility into the whole API estate.

  • See what data (REST, GraphQL) is going into and out of the APIs.

  • Get a list of the threats that occurred over the past 7 days per any given API endpoint.

  • Filter APIs that consume and carry sensitive data.

  • Understand which endpoints are most likely to be an attack target.

  • Track changes in API that took place within the selected period of time.

  • Provide your developers with access to the built API inventory reviewing and downloading.

How does API Discovery work?

API Discovery relies on request statistics and uses sophisticated algorithms to generate up-to-date API specs based on the actual API usage.

Traffic processing

API Discovery uses a hybrid approach to conduct analysis locally and in the Cloud. This approach enables a privacy-first process where request data and sensitive data are kept locally while using the power of the Cloud for the statistics analysis:

  1. API Discovery analyzes legitimate traffic locally. Wallarm analyzes the endpoints to which requests are made and what parameters are passed and returned.

  2. According to this data, statistics are made and sent to the Cloud.

  3. Wallarm Cloud aggregates the received statistics and builds an API description on its basis.

    Noise detection

    Rare or single requests are determined as noise and not included in the API inventory.

Noise detection

The API Discovery module bases noise detection on the endpoint stability - at least 5 requests must be recorded within 5 minutes from the moment of the first request to the endpoint.