Skip to content

Tracking changes in API

If changes occur in your API, API Discovery updates the built API inventory, highlights the changes and gives you information on when and what has changed.

API Discovery - track changes

Overview

The company may have several teams, disparate programming languages, and a variety of language frameworks. Thus changes can come to API at any time from different sources which make them difficult to control. For security officers it is important to detect changes as soon as possible and analyze them. If missed, such changes may hold some risks, for example:

  • The development team can start using a third-party library with a separate API and they do not notify the security specialists about that. This way the company gets endpoints that are not monitored and not checked for vulnerabilities. They can be potential attack directions.

  • The PII data begin to be transferred to the endpoint. An unplanned transfer of PII can lead to a violation of compliance with the requirements of regulators, as well as lead to reputational risks.

  • Important for the business logic endpoint (for example, /login, /order/{order_id}/payment/) is no longer called.

  • Other parameters that should not be transferred, for example is_admin (someone accesses the endpoint and tries to do it with administrator rights) begin to be transferred to the endpoint.

Highlighting changes in API

In the Status column for endpoints and parameters, API Discovery provides data about changes in your API for the last week:

  • New for the endpoints discovered within a week.

  • Changed for the endpoints that have newly discovered parameters or parameters that obtained the Unused status within the period. In the details of the endpoint such parameters will have a corresponding mark.

    • A parameter gets the New status if it is discovered within the last week.
    • A parameter gets the Unused status if it does not pass any data for a week.
    • If later the parameter in the Unused status passes data again it will lose the Unused status.

  • Unused for the endpoints not requested (with the code 200 in response) within the last week or longer.

    • If later the endpoint in the Unused status is requested (with the code 200 in response) again it will lose the Unused status.

Unused endpoints are removed after 35 days

Endpoints that receive no qualifying requests for 35 days since their last update are automatically removed from your API inventory, together with their parameters, sensitive-data history, authentication coverage, and risk-score evolution. Removed entries cannot be restored. If traffic to such an endpoint resumes later, the endpoint reappears as New and discovery starts over from scratch — past parameter information and history are not recovered.

API Discovery - track changes

Use Changed since filter to only see endpoints changed in specific time period, for example, today.

Notifications

You can set up API Discovery notifications to be sent to your personal email (the one you use to log in) and to any additional emails:

  • Daily endpoint changes

  • Hourly endpoint changes

The notification will include both changed and new endpoints. By default, the notification is disabled.