The Cequence Unified API Protection (UAP) platform discovers the APIs your organization uses, catalogs those APIs, assesses threats to your business that might be coming from users of those APIs, and takes action to mitigate those threats. Cequence is unique in having a two-phased discovery process, one designed to discover API hosts from an external perspective, and another to discover a comprehensive list of API endpoints by integrating with the customer's applications and/or network environments.

API discovery overview

Cequence approaches API discovery in two phases. The external API discovery phase crawls your exposed attack surface, and provides a context to build on for the run-time API discovery phase.

External API host discovery

Cequence Security can quickly discover your public API attack surface, including public-facing API hosts, the environments of those hosts, and TLS certificate-related vulnerabilities. When you request external API discovery from Cequence, you specify a set of organization domains. Cequence then looks into those domains for hosts that have live API endpoints, assembling an attacker-level view of those hosts for you.

This type of discovery doesn't need you to install any software or change any configurations in your organization.

Read more about what kinds of information you can expect from external API discovery.

Runtime API inventory

Runtime API discovery continuously discovers all API endpoints, internal, external or third party, and generates specifications for those APIs. For runtime API inventory, Cequence integrates with your environment passively or inline, and is available in on-premises and SaaS configurations.

Cequence integrations can provide insight into APIs working with public-facing deployments, such as CDNs or API gateways, internal deployments such as microservice ingress gateways, or third-party APIs that use outbound connections such as firewalls or web proxies.

Installing a Cequence API integration can take a few hours to a day, depending on your specific change control processes, and for most business cases a complete set of integrations can be ready in approximately two weeks.

Read more about what Runtime API can do for your organization.

Complete coverage across architectural environments

Cequence can discover API endpoints in any of these environments:

• External internet-facing APIs at the network edge, including APIs hosted in cloud CDNs or behind load balancers.
• External and internal APIs in public cloud environments such as AWS, GCP, Azure or OCI by integrating with API gateways and Application load balancers in those environments.
• Internal APIs deployed in microservices environments or exposed by one or more application servers.

Taken together, these approaches provide full coverage of both internal and external APIs. As a customer, you are in complete control of phasing this process in your environment, either starting from external API inventory moving to internal, or vice-versa as your use-cases dictate.