API analytics helps find and manage open APIs and gather data for analysis and reporting on security events and traffic. Users are provided with risk mitigation recommendations and API lifecycle data to secure APIs.
API analytics only supports 3 domain names in beta.
Enabling API Analytics
1. Log in to the WAF console and enable API analytics in the following ways.
On the domain name list page, view domain names that have API analytics activated and toggle on the API analytics switch
. After a second confirmation is made, the switch will be turned on.
On the API assets page, select a domain name and click the switch  in the API protection overview.
2. After the API analytics switch is toggled on for the domain name, you can analyze the API traffic.
Viewing API Assets
When API analytics is on, API security will discover and capture traffic data, analyze and sort out business items, and display them on the API assets page.
The API overview section displays total APIs, active/inactive APIs in the past 7 days and sensitive APIs under the current domain name, as well as WoW changes, so that you can keep track of your APIs.
Field description
Total APIs: The total number of API assets identified.
7-day active APIs: : The number of APIs with active traffic in the past 7 days.
7-day inactive APIs: The number of APIs with no active traffic in the past 7 days, which may potentially become zombie APIs.
Sensitive APIs: The number of APIs that contain sensitive fields.
WoW: Compares the API count 7-day period to the previous 7-day period.
The API security section displays the number of use cases covered by the domain name, recommended actions and the API analysis content.
Field description
Use cases: The number of use cases covered by the current API.
Recommended actions: The actions recommended for API protection.
In the API list, you can view information related to the API, including the request method, domain name, use case, sensitive fields, status in the last 7 days, recommended action, and the time when the API was discovered, and the time when the API parameters were last updated. To learn more details about the API, click View details.
Field description
API: The API content identified after normalization.
Request method: HTTP request method.
Domain name: The domain name of the current API.
Use case: The usage scenario identified by API control, such as verification codes and callbacks. If the result is inaccurate, corrections can be made in API details.
Sensitive fields: The sensitive content detected by API control during parameter transmission, such as bank card number and ID. If the result is inaccurate, corrections can be made in API details.
Active in the past 7 days: Whether the traffic was active in the past 7 days.
Latest update: The time that the fields of the API were last updated.
Detection time: The time when the API was first discovered by the API analytics module.
View details: The details of the corresponding API.
API Details
To view details of the API, click View details in the Operation column. On the page that appears, you can view the following information:
API information: Displays the domain name, request method, tag, sensitive fields, whether the API is active, and the API content after normalization.
API overview: Displays the total requests and request trend of the corresponding API, distribution of access sources, and the most visited URLs and UA types in the last 7 days.
API attacks: Displays the attack trend and attack distribution of the API in the last 7 days, including the IP type and source, URL, UA, and attack type.
Request parameter sample: Displays the abstracted data of the API.
Parameter list: Displays the content and location of each parameter transmitted by the API. You can add marks to the information manually.
Yes
No
Was this page helpful?