With external API host discovery, the Cequence Unified API Protection (UAP) platform assembles a comprehensive inventory of API hosts in use within your organization, then presents that information in a Discovery dashboard, along with detailed sub-screens for further investigation.
What External API Host Discovery can tell you
The External API host discovery dashboard summarizes the following information:
- How many hosts have been discovered that are found to expose APIs publicly over the internet.
- The type of provider that hosts the API, including edge, infrastructure, and application.
- A summary of all domains crawled, listing how many hosts have been discovered at each domain, and the number of analysis findings for each domain, categorized by severity.
From the dashboard, you can drill down into the details for a given domain or subdomain in your organization, launch new crawls to update the findings, or investigate a particular category of finding to display further details.
The Cequence UAP platform performs external API discovery on a per-domain basis. When you provide an apex-level domain such as exampledomain.com, Cequence starts a crawl to perform the discovery process.
What is a domain crawl?
A crawl is a Cequence-proprietary mechanism that discovers all the internet-facing hosts under a particular root-level domain. During a crawl, Cequence discovers the published DNS entries for hosts under the domain. For example, hosts under exampledomain.com might include the following:
- api.exampledomain.com
- api-stg.exampledomain.com
- api-dev.exampledomain.com
- www.exampledomain.com
After discovering the DNS information for the hosts, Cequence begins the process of discovering the subset of hosts that expose APIs. Cequence checks several well-known API endpoint paths by sending synthetic traffic in API payloads to the discovered hosts.
Note: The synthetically generated traffic can cause a traffic spike for the domain being crawled. However, the traffic is benign and doesn't typically trigger any WAF rules or alerts.
These API endpoint paths can include paths similar to the following examples:
- /login
- /admin
- /admin/login
- /graphql
A crawl can take anywhere from a few minutes to up to a couple of hours, depending on the number of hosts exposed under the domain Cequence is crawling. A large domain that exposes hundreds or thousands of hosts can take a long time to crawl. Conversely, Cequence can crawl a relatively small domain with a few dozen hosts in a few minutes.
Discovery example
After a successful crawl, the External API Host Discovery dashboard shows the API hosts that the crawl discovered, as in the following excerpt.
You can click on a host type, such as Cloudflare or Akamai, to display a list of hosts on that provider, summary information for each host, and findings for each host, ranked by severity. You can then explore detailed information for each host, including security findings.
Cequence External API Host Discovery presents multiple levels of summary and detailed information, enabling you to make informed decisions about the state of API risk in your organization.