DocsICP FilingConsole
官方文档
首页

API security

更新时间:
复制 MD 格式
产品详情
我的收藏

The API Security module automatically discovers and catalogs the API assets of services protected by Web Application Firewall (WAF). It detects risks such as sensitive data leaks and exposed internal APIs, analyzes security events, provides remediation suggestions, and supports API lifecycle management. This helps you achieve comprehensive API security.

Features

The API Security module provides the features described in the following table.

Feature

Description

API asset overview and lifecycle management

API Security analyzes service access logs offline to automatically detect all APIs in your traffic. Based on API characteristics, it also identifies the business purpose of each API.

On the API Overview page, you can view a list of your API assets and their details, including request examples, parameter structures, and call volumes over the last 30 days. You can also analyze API call trends, query call distribution by IP address, client type, geographic location, or Referer, and monitor newly discovered or inactive APIs.

Note

API Security does not actively probe your APIs or impact your services.

API risk detection

Detects various security risks in your APIs, such as unauthorized access and sensitive data exposure, and provides detailed risk analysis and remediation suggestions.

API security event detection

Monitors and analyzes API call behavior to promptly detect abnormal access patterns and attack behaviors.

Click the following questions to learn more about the capabilities of API Security:

  • How does API Security classify the business purpose of an API?

    • Login and authentication

    • Mobile verification code authentication

    • Data saving

    • Data query

    • Data export

    • Data sharing

    • Data update

    • Data deletion

    • Data addition

    • Decommission or deactivation

    • Information sending

    • Information verification

    • Email sending

    • Email verification code authentication

    • Account and password authentication

    • Account registration

  • What types of sensitive data can API Security detect?

    Sensitivity level

    Sensitive data type

    Non-sensitive data (N)

    Not applicable.

    Critical sensitivity (L0)

    Same as Level 1 (L1) or Level 2 (L2) sensitive data.

    • The sensitivity level is upgraded to Critical (L0) if a single response contains a large amount of Level 1 (L1) sensitive data.

    • The sensitivity level is upgraded to Level 1 (L1) or Critical (L0) if a single response contains a large amount of Level 2 (L2) sensitive data.

    Level 1 sensitivity (L1)

    ID card, debit card, mobile number, passport number, Exit-Entry Permit for Hong Kong and Macao, license plate number, military officer ID, Hong Kong ID card, Malaysian ID card, Singaporean ID card, credit card, SSN, JDBC connection string, PEM certificate, KEY private key, Linux passwd file, Linux shadow file.

    Level 2 sensitivity (L2)

    Name (Simplified Chinese), address (Chinese mainland), email address, phone number (Chinese mainland), name (Traditional Chinese), name (English), U.S. phone number, religious belief, IP address, MAC address, IPv6 address, GPS location, IMEI, business license number, tax registration number, organization code, unified social credit code, vehicle identification number (VIN).

    Level 3 sensitivity (L3)

    Gender, ethnicity, province (Chinese mainland), city (Chinese mainland), unverified ID card number, Swift code, date, URL.

  • What types of API risks can API Security detect?

    Risk type

    Description

    Suspected exposure of an internal API

    An internal API, such as one for internal office, development, testing, or operational management, is exposed on the internet.

    Missing rate-limiting mechanism

    The API lacks a security mechanism to handle high-frequency access, making it vulnerable to brute-force attacks and malicious web scraping.

    Excessive sensitive data exposure

    The API exposes an excessive amount of sensitive data, which may lead to large-scale data breaches.

    Missing exception handling mechanism

    Program error messages are detected, which may indicate risks such as SQL injection or the leakage of application configuration.

    Missing access control mechanism

    The API lacks a mechanism to control access that deviates from the established baseline, such as access from unusual regions.

    Sensitive data API lacks authentication

    The API lacks an authentication mechanism, allowing unauthorized visitors to access it and obtain sensitive data.

  • What types of abnormal events can API Security detect?

    Event type

    Description

    API calls from an unusual location

    For example, if an API is typically accessed from Beijing, a call from the United States would be considered unusual.

    API calls from an unusual source IP address

    For example, if an API is typically accessed from IP addresses in the 192.0.XX.XX range, a call from 192.1.XX.XX would be considered unusual.

    API calls from an unusual client

    For example, if an API is typically accessed from a web browser, a call from a Python script would be considered unusual.

    API calls during an unusual time period

    For example, if an API is typically active between 09:00 and 17:00, a call at 03:00 would be considered unusual.

    Brute-force attack against a login API

    An attacker is attempting to guess account credentials through a brute-force attack.

    Credential stuffing attack against a login API

    An attacker is attempting to log in with a large number of stolen credentials.

    Unauthorized access to sensitive information

    A caller accesses an API and obtains sensitive data without authorization.

    Excessive retrieval of sensitive data

    A caller retrieved an unusually large amount of sensitive data from the API.

    Unusual bulk registration behavior

    A large number of accounts have been registered through the API, suggesting spam registrations.

    Unusual bulk export behavior

    A large number of file downloads or exports have occurred through the API.

    Unusually high-frequency access

    The API is being called at a much higher frequency than normal.

    Verification code brute-force attack

    A brute-force attack against verification codes is detected on the API.

    SMS API resource abuse

    The SMS sending API is called at a high frequency, which maliciously consumes SMS resources.

    Email API resource abuse

    The email sending API is called at a high frequency, suggesting a potential email bomb attack.

    Iterative data scraping from an API

    A client scrapes the API at a high frequency, iterating through a specific parameter to retrieve data.

    Non-compliant API call

    A parameter in a request does not comply with the API specification. For example, if parameter A is expected to be an integer, but a request uses a string for parameter A.

Prerequisites

You have a subscription WAF instance deployed in Chinese Mainland.

View API security analysis data

Important

API Security inspects the content of requests and responses that meet specific criteria to identify potential data leaks. By enabling API Security, you authorize WAF to perform this analysis.

You can use API Security immediately after enabling it, as no extra configuration is required. You can view the analysis results on the API Security page.

  1. Log on to the Web Application Firewall console. In the top navigation bar, select the resource group and region (Chinese mainland) for your WAF instance.

  2. In the left navigation pane, choose Scenario-Based Protection > API Security.

  3. On the API Security page, click the Overview tab to view API security analysis data.

    Data type

    Purpose and description

    Supported actions

    API security event

    View statistics on the total number of API security events and new events today. Events are categorized by high, medium, and low risk.

    None.

    API risk

    View statistics on the total number of API risks and their trend compared to the previous day. Risks are categorized as high, medium, or low.

    None.

    API asset overview

    View statistics about your API assets, including:

    • Total number of API assets, trend compared to the previous day, and 7-day trend

    • Active APIs, trend compared to the previous day, and 7-day trend

    • Inactive APIs

    • Newly discovered APIs

    None.

    API asset list

    View a list of all open APIs discovered by WAF to understand the scope and usage of your APIs.

    The API asset list contains the following information:

    • API: The API endpoint URL.

    • Domain name: The domain name to which the API belongs.

    • Request method: The request method used to call the API.

    • Call volume in the last 30 days: The total number of requests in the last 30 days.

    • Service target: Based on access pattern analysis, APIs are categorized as:

      • Internal use: APIs that serve internal employees.

      • Third-party partners: APIs provided to third-party ecosystem partners.

      • Public services: APIs that are open to the internet.

    • Business purpose: API Security assigns functional tags to discovered APIs based on their business type. For more information, see Features.

    • Sensitive data tag: A sensitive data tag is assigned based on the sensitivity level. For more information, see Features.

    • Sensitive data type: Different sensitivity levels correspond to different types of sensitive data. For more information, see Features.

    • Risks/Events: The vulnerabilities and attack events identified for this API.

    • Search for API information:

      • In the search box above the API asset list, click the 下拉 icon, select API or Domain name, and enter the corresponding API endpoint URL or domain name.

      • In the upper-right corner of the API asset list, click Advanced Search to search for APIs by Request method, Service target, Business purpose, Call volume in the last 30 days, Sensitive data tag, Sensitive data type, or Active Status.

    • Sort APIs: Click the 排序图标 icon next to the Call volume in the last 30 days or Risks/Events column header.

    • View Risks/Events details: Click the number in the Risks/Events column of the target API address.

    • View API details. For more information, see View API details.

    • Export API data. For more information, see Export API security report data.

View API risk detection data

Your WAF instance automatically detects API risks such as unauthorized access, excessive sensitive data exposure, and exposed internal APIs, and provides risk analysis and remediation suggestions.

On the API Security page, click the Risk Detection tab to view API risk detection data.

Data type

Purpose and description

Supported actions

API risk overview

View statistics about the total number of API risks and the change compared to the previous day. Statistics are available for high-risk, medium-risk, and low-risk counts.

Click View Now next to the high-risk, medium-risk, or low-risk count to view risk details.

API risk trend

View a trend chart of high-risk, medium-risk, and low-risk APIs over the last 30 days.

None.

API risk details

View details of all API risks discovered by WAF, including the risk name and level. For more information about risk types, see Features.

The API risk list contains the following information:

  • Risk ID

  • Risk name

  • Risk level

  • API

  • Domain name

  • Security event

  • Operation

  • Search for API risks:

    • In the search box above the API asset list, click the 下拉 icon, select API, Domain name, or Risk ID, and enter the corresponding information.

    • Search for API risk information by Risk name, Risk level, or Ignore level.

  • Sort API risks: Click the 排序图标 icon next to the Risk level or Security event column header.

  • View API risk details: In the API risk details list, find the target risk ID and click Details in the Operation column.

  • Ignore an API risk: In the API risk details list, find the target risk ID and click Ignore Risk in the Operation column.

  • View API details. For more information, see View API details.

  • Export API data. For more information, see Export API security report data.

View API security event data

Your WAF instance uses intelligent behavior analysis algorithms to establish an API call baseline and promptly detect attacks such as credential stuffing, resource abuse, and bulk registrations.

On the API Security page, click the Security Event tab to view API security event data.

Data type

Purpose and description

Supported actions

API security event overview

View statistics about the total number of API security events and the number of new events today. Statistics are available for high-risk, medium-risk, and low-risk event counts.

Click View Now next to the high-risk, medium-risk, or low-risk event count to view event details.

API security event trend

View a trend chart of high-risk, medium-risk, and low-risk API security events over the last 30 days.

None.

API security event details

View details of all API security events discovered by WAF, including the event name and level. For more information about security event types, see Features.

The API security event list contains the following information:

  • Event ID

  • Event name

  • Event level

  • Event time

  • API

  • Domain name

  • Attack source

  • Associated risk

  • Operation

  • Search for API security events:

    • In the search box above the API asset list, click the 下拉 icon, select API, Domain name, or Event ID, and enter the corresponding information.

    • Search for API security event information by Event name, Attack source, or Event level.

  • View API security event details: In the API security event details list, find the target event ID and click Details in the Operation column.

  • View API details. For more information, see View API details.

  • Export API data. For more information, see Export API security report data.

View API details

In the API asset list, click an API to open its API details panel.

Type

Description

API request example

Shows detailed information about requests to this API, including the request and parameter characteristics.

Call volume in the last 30 days

Shows the API's call volume trend over the last 30 days.

Access source statistics

Shows statistics for the API's access sources, including IP, Client type, Geolocation, and Referer, sorted by access count in descending order.

Export API security report data

  1. In the upper-right corner of the API asset list, click the 导出数据 icon to export API data.

    API Security creates an export task for the API assets.

    Important

    • If you have set query conditions above the API asset list, the exported file will only contain the queried data. Otherwise, it will contain all data.

    • The exported file is stored in the WAF console and expires after three days. Download the file before it expires, as expired files cannot be retrieved.

  2. In the upper-right corner of the API Security page, click Export History.

  3. Find the file that you want to download and click Download in the Operation column.

    The exported file is downloaded to your browser's default download location.

Previous:Configure account securityNext:System Management