# API Security

## API Security Module Overview

#### This provides organizations with comprehensive visibility into their API ecosystem, allowing for detailed analytics and enhanced security measures.

### **1. Continuous API Discovery:**

* The API Security Module constantly monitors your environment, discovering new APIs and tracking various API types, including edge APIs.
* Continuous discovery ensures that any new or previously unknown APIs are identified in real time, reducing the risk of shadow APIs going unnoticed.

### 2. Dashboard and Analytics:

* The dashboard provides a centralized view of all API endpoints and offers detailed analytics to monitor API performance and security.

<figure><img src="/files/2TseJzprCCOYYiNNT0uV" alt=""><figcaption></figcaption></figure>

* The dashboard visualizes data, making it easier to identify trends, analyze traffic, and assess security issues across different API endpoints. This aids in proactive security management.

### 3. Detailed Examination of API Actions:

* You get detailed insights into the actions performed by APIs, such as headers, query parameters, and body parameters.

<figure><img src="/files/XGwSoSSUtWF2XwK3cUYv" alt=""><figcaption></figcaption></figure>

* This granular level of visibility helps security teams understand how APIs are being used and pinpoint potential vulnerabilities based on the data being transmitted.

### 4. Analytics:

#### a.)Endpoint Information:

Shows the method used (e.g., GET, POST) for each endpoint, the number of attacks detected, and traffic data. This helps monitor which endpoints are most vulnerable or most accessed.

&#x20;**b.)Attack Analytics:**

Tracks attempted and successful attacks on APIs, helping to refine security policies.

<figure><img src="/files/VTwhM7bj02JoAKJbPABV" alt=""><figcaption></figcaption></figure>

**c.)Traffic Analytics:**

Monitors traffic to identify usage patterns or anomalies, which could indicate an attack or unusual behavior.

**d.)Top IP Addresses/Countries:**

Identifies the origin of traffic, helping you recognize potential threats from specific IPs or geographical locations.

**e.)Status Codes:**

Shows HTTP response codes, which help to understand if endpoints are functioning correctly or are facing issues (e.g., too many 404 errors).

<br>

### **Two Methods for Activation:**

* Onboarding Configuration: API security can be set up during the initial onboarding process to ensure security is embedded from the start.
* Domain Settings: API security can also be activated or modified later through the domain settings, providing flexibility for adjustments as needed.

<br>

The API Security offers comprehensive tools to monitor, analyze, and secure your APIs. With continuous discovery, detailed analytics, and the ability to customize rules, it ensures that your APIs are protected against evolving threats, all while providing deep visibility into API performance and security.

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.prophaze.com/user-manual/api-security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.