Skip to main content

12 docs tagged with "api-discovery"

View all tags

API Discovery Overview

A traffic-derived API inventory built from Envoy access logs — confirmed endpoint catalog, risk scoring, PII/auth detection, OpenAPI export, and a bridge to Shield policies.

Collector Configuration

The elchi-collector runtime config document — header policy, ingest exclusions, path normalization, and detector thresholds, hot-reloaded from MongoDB.

Collector Reference

Complete reference for the elchi-collector — bootstrap environment variables, ports, Prometheus metrics, ClickHouse and MongoDB schema, and Envoy ALS wiring.

Discovery Dashboards

The tabbed dashboards at /api-discovery — listeners, new APIs, auth coverage, bots, PII, zombies, risk, security score, transport, errors, drift, and consumers.

Exploring Endpoints

The per-listener endpoints view — confirmed vs attack surface, flat vs path-grouped, the full filter set, two-axis columns, and the endpoint detail page.

OpenAPI Export

Turn the traffic-derived API inventory into an OpenAPI 3.x document — and feed it into Shield's positive-security enforcement.

Path Normalization

How API Discovery templates high-cardinality request paths into stable operations, the built-in detectors, operator rules, and the normalization-gap workflow.

PII, Auth & Consumers

How API Discovery detects PII in paths, infers auth schemes and consumers, and the metadata-only privacy model that keeps raw data out of storage.

Risk Flags Reference

The complete catalog of API Discovery risk flags — grouped by class, with severity, OWASP API Top-10 mapping, meaning, and remediation for every flag.

Risk Scoring: Threat vs Exposure

The two-axis risk model — Threat (active attack/abuse) vs Exposure (standing config hygiene), severity weights, current-vs-lifetime scoring, the A–F security grade, and how to prioritize.

Suggest a Shield Policy

Turn a discovered API inventory into a draft Shield SecurityPolicy — the bridge from API Discovery to API Security.

Threat Intelligence & GeoIP

The elchi-collector enrichment chain — GeoIP, User-Agent classification, and Mongo-backed threat-intel feeds that add geo, reputation, and bot context to API Discovery.