API inventory

Akto needs traffic to create API inventory. You can create API inventory by integrating with Burp, AWS traffic Mirroring, HAR file upload, Postman. Your API inventory will look like below.
You will find all the API endpoints with rich metadata

API metadata:

  • Request and Response: Click on any endpoint to see the request and response parameters. All the endpoints marked red are sensitive endpoints passing sensitive data in parameters while all green endpoints are good endpoints with no sensitive params.
  • Method : This is the API method used - GET, POST, PUT, DELETE.
  • Sensitive params: You can see all the sensitive params that are present in the the endpoint once you click the endpoint.
  • Access Type: You can check if the endpoint is public or private. See below. This information helps you discover private endpoints which are accidentally publicly accessible.
  • Auth type 🔑 : You can check what auth token type is detected in the endpoint.
  • Sample Values: You can check sample values of each API. Only last ten sample values are shown here for each endpoint. You can click on next to see other values.
  • Traffic trend: You can also see traffic trend of each API endpoint.
  • Discovered: You can see when was the endpoint first discovered
  • Last seen: You can see when was the API endpoint hit last.
  • Changes: You can see how many new params got added.