APIs overview

Created:
August 8, 2023
Updated:
December 9, 2024

All discovered APIs and any APIs you have created are listed in the APIs section of the platform.

When viewing APIs you can choose grid or list view. Toggle between grid and list to change the view.

In the API section, you get an overview of the:

  • API name
  • Source
  • Creation date
  • Application
  • Associated findings
  • Associated tags - A daily scan adds relevant tags to the API card, reflecting activity from the last 90 days.

Filters

Use the filter function to filter for specific APIs. You can select to filter by:

  • Application
  • API
  • Cloud Platform
  • Code Repository Platform
  • API Type
  • AWS Account ID
  • Azure Subscription ID
  • Google Cloud Project Number
  • AWS Region
  • Endpoint
  • Azure Resource Type
  • Resource Type
  • Custom Tags
  • Owner
  • Name
  • Created By
  1. Click Add Filter, select the filter type from the dropdown.
  2. Select an option from the is one of dropdown.
  3. Select the appropriate Value.
  4. Click Submit.

Note: Multiple filters can be added.

Download

Click Download to download a CSV file of the API data. Learn more about how to download.

Sort by

You can sort the API inventory by Risk score or Date created. Click the arrow to toggle between ascending and descending order.

API Information

In the API information you can view the associated:

  • Dashboard
  • Requests
  • Tokens
  • Specifications
  • Findings
  • Actions
  • Linked Resources
  • Details

API Risk Scoring

FireTail's API Risk Scoring system categorizes APIs based on open findings to determine risk scores. Scores are divided into bands: critical (80-100), high (60-80), medium (40-60), and low (below 40), with higher severity findings impacting the score more significantly. The presence of critical findings results in the highest scores, followed by high, medium, and low findings. Learn more about API risk scoring.

Click the API card or title to view more information about that API.

API Dashboard

The API dashboard provides an overview of the API:

  • The graph displays the aggregate of API requests grouped by apps. Hover over the graph to get a breakdown of the API requests for that time.
  • The map indicates the API requests grouped by the top 1000 locations.
  • The donut chart in the dashboard displays the total number of API requests. These API requests are grouped by status codes. Hover over the chart to get API request total of a particular status code.
  • The findings overview displays the number of findings that have been discovered. These are broken down by severity. Click View findings to be directed to the Findings page on the platform. Learn more about Findings here.

Requests

In the Requests tab, you can view the incoming requests and their details. The requests table can be filtered by time. Select from:

  • Last hour
  • Last day
  • Last month
  • Last 3 months
  • Custom

Select Custom and enter a Start date and an End date to filter by a specific date and time.

The Polling Interval indicates how often the page data reloads from the API, in minutes. Select the polling interval from the dropdown.

Tokens

In the Tokens tab, you can view or create tokens for that API. Learn how to Create an API token. 

Specifications

In the Specifications tab, you can view or create any specifications for that API. Specifications can be used to group information for an API. Creating a specification on the platform enables you to view the inventory data. Learn more about Specifications

Findings

In the Findings tab, you can view any findings for that API. Learn more about Findings.

Actions

Actions are automated tasks performed on the API, which can be triggered by events or scheduled times. Click the Actions tab to view existing Actions or create new ones. Learn more about Actions.

Linked Resources

Linked Resources can be connected to code repositories with APIs either manually or automatically. When done automatically, the system scans the code to find and link relevant resources in the background. For manual setup, you can click Create Link and select the appropriate code repository or API. FireTail identifies the correct cloud API corresponding to the one in the code and creates a linked resource between them

Details

In the Details tab, you can view further details about the API, including:

  • UUID
  • Creation time
  • Status
  • Created by
  • Owners
  • Custom Tags

To modify the API, click 'Edit API'. View more information on making changes to the API.