Uploading Your API Specifications ¶

In the API Specifications section of the Wallarm Console UI, you can keep your API specifications which Wallarm uses to uncover the rogue (shadow, orphan and zombie) APIs. This article gives an information on how to use this section.

Administrators and Global administrators can add, remove and download specifications and change settings of the rogue API detection. Users of other roles can only view the list of uploaded specifications.

Revealing shadow, orphan and zombie API¶

With API Discovery in use, your API specifications uploaded at the API Specifications section may be compared with what was automatically detected by API Discovery. As the result of this comparison, Wallarm finds and shows rogue (shadow, orphan and zombie) APIs.

To perform comparison:

1. Navigate to the API Specifications section and click Upload specification.

2. Select a specification to upload. It must be in the OpenAPI 3.0 JSON or YAML format.

3. Set comparison parameters:

   • Application(s) and host(s) - only endpoints related to the selected applications/hosts will be compared. If you select Compare with all current and future discovered applications hosts, all hosts (of the selected applications) known now and all hosts that will be discovered in future will be included into comparison.

     You can change comparison settings at any moment later - after this the comparison will be re-done providing new results.

   • From where to upload: your local machine or URL. For URLs, via the header fields you can specify a token for authentication.

   • Whether the comparison should be performed once after specification upload or every hour (the Perform regular comparison option is selected by default). Hourly comparison allows finding additional rogue APIs as API Discovery discovers more endpoints. Specification uploaded from URL is updated before each comparison.

   

   Note that you can re-start comparison at any moment manually via specification menu → Restart comparison.

4. Start uploading.

   As uploading is finished, the number of rogue (shadow, orphan and zombie) APIs will be displayed for each specification in the list of API Specifications. Also rogue APIs will be displayed in the API Discovery section.

   

Download previously uploaded specifications¶

You can download the previously uploaded specification via API Specifications → specification details window → Download specification.

Was this page helpful?

How can we improve this article? (Optional)

Information is unclear or confusing

Insufficient information

Outdated or incorrect information

0/240

Send