API Security gives you full visibility into your entire API estate through continuous discovery and real-time analysis. Discover all APIs, even shadow APIs, identify common vulnerabilities, and analyze API behavior to detect threats and logic abuse within this fast-growing attack surface.
Get complete visibility into your APIs and detect threats others miss
Eliminate a common security blind spot
Discover your complete API estate
Identify vulnerable APIs
Mitigate business logic abuse
How API Security works
Discover
Discover
Continuous deep API discovery generates an updated API inventory and risk audit
Detect
Detect
Big data AI and behavioral analytics detect and alert for anomalies in your API estate
Respond
Respond
Automated responses via written policies push actions to your inline components, such as Jira, texts, or emails
Pursue
Pursue
Proactively query data for threat hunting or investigate alerts by viewing API activity using entity timelines
Report: The API Security Disconnect
Inform your API security strategy by learning what your peers say about key trends, top attack vectors, and operational risks. Read the research.
Features
Discover all APIs, domains, and related issues for these API types: HTTP, RESTful, GraphQL, SOAP, XML-RPC, and JSON-RPC
Quickly identify sensitive data accessible via API and track user access to those APIs
Assess APIs and broader infrastructure for misconfigurations and vulnerabilities by reviewing log files, replays of historical traffic, configuration files, and more
Identify and prioritize potential posture vulnerabilities, including the OWASP API Top 10, and reduce remediation costs
Continuously monitor for compliance with regulatory requirements, industry standards, and internal policies
Use AI/ML detection to identify API vulnerabilities in real time, including data leakage, data tampering, data policy violations, suspicious behavior, and API security attacks
Automatically run 150+ dynamic tests that simulate malicious traffic, including against the OWASP API Top 10
Detect and block API attacks with real-time traffic analysis, out-of-band monitoring, and workflow integrations to increase SOC effectiveness
Integrate remediation into your existing workflow management systems with manual, semiautomated, or fully automated remediation for alert types
Fully integrate with existing CI/CD pipelines using RBAC so only the right teams can access APIs for testing
Get dynamic API visibility by importing APIs from a wide range of sources with dynamic updates and comparing Swagger files to assess conformance
Automatically scan your external attack surface at regular intervals to find and eliminate vulnerabilities before they are exploited
Frequently Asked Questions (FAQ)
What Akamai products do I need to use API Security?
API Security is a vendor-neutral API threat protection solution that does not require the use of other Akamai solutions. It complements existing Akamai API security solutions and ensures customers get comprehensive protection as attacks on APIs have become much more sophisticated, requiring new detection techniques and automated responses.
How is API Security different from Akamai App & API Protector?
API Security and App & API Protector are two different solutions that Akamai offers to protect your business.
- App & API Protector discovers and mitigates API threats for all your web apps and APIs that are run through Akamai Connected Cloud. It is capable of blocking any in-line traffic containing potential threats to your business.
- API Security is platform-agnostic and provides comprehensive discovery and visibility to all API endpoints enterprise-wide. It provides real-time traffic analysis of API activity and determines specific responses that you should take to mitigate newly exploited API traffic.
When deployed together, App & API Protector and API Security work in-line and offer the most comprehensive and continuous visibility into APIs. They allow you to discover, audit, detect, and respond to API concerns across your full estate. Moreover, the integration between API Security and App & API Protector will enable the most robust and simple implementation of API Security.
Do you offer a shift-left option like API Testing?
Yes, our API Testing solution focuses on finding and remediating API security vulnerabilities during the development phase of the SDLC, before they can be exploited. Empower developers with best-in-class usability such as simple setup and automation, in-line test results, and contextual guidance for request failure mitigation.
Does API Security protect east-west traffic?
API Security monitors and protects both east-west and north-south traffic, reviewing all the APIs across your enterprise for anomalies that could indicate a security risk.
How does API Security manage sensitive data?
API Security identifies which APIs contain personally identifiable information (PII), internal documentation, intellectual property, and more, so you can automate protections for those APIs specifically.
Does API Security protect APIs that don’t pass through a CDN?
API Security is platform-agnostic and works in all environments, SaaS, hybrid, and on-prem, including those that are complex and have multiple CDNs, WAFs, gateways, and widely distributed APIs across the enterprise (both north-south and east-west). API Security provides enterprise-wide visibility into your API behavior, regardless of where the APIs are discovered.
Does API Security cover every OWASP API Top 10 vulnerability?
API Security covers all the OWASP API Top 10 vulnerabilities.