Skip to main content

API Protection

API Protection samples your API request/response traffic to discover endpoints, then watches them for threats, data loss and vulnerabilities. It's a plan feature — if your plan doesn't include it, the pages show an upgrade prompt.

Enable it

API Protection — not enabled

The Management page turns the capability on. Click Enable API Protection to start request/response sampling — analytics and findings appear here once it's collecting data. The API Protection group then exposes four more pages.

Discovery

Auto-discovers your APIs from custom rules and request/response sampling, building an inventory of your real, live API surface (including shadow/undocumented endpoints).

API Protection — Discovery

  • Custom RulesAdd Custom Rule to define custom API-discovery rules per website.
  • API Request/Response Sampling Frequency — an Enable toggle (then Save) that turns on the traffic sampling Discovery feeds on.

Threat Detection

Flags malicious API behaviour (abuse, injection and other API-specific attacks) on the discovered endpoints. Three tabs: Overview · Threats · Detection Rules.

API Protection — Threat Detection (Detection Rules)

  • Overview — a threat summary for your APIs.
  • Threats — the detected threat events.
  • Detection RulesCustom Rules you add (Add Custom Rule) to define custom threat-detection logic.

Data Loss Prevention

Detects sensitive data (PII, secrets…) leaving through API responses. Two tabs: Overview · Detection Rules.

API Protection — Data Loss Prevention (Detection Rules)

  • Overview — a DLP summary.
  • Detection RulesManaged Rules (VNETWORK-maintained data-loss rules) available for the website.

Vulnerability Detection

Surfaces weaknesses in your API endpoints to remediate before they're exploited. Three tabs: Overview · Vulnerabilities · Detection Rules.

API Protection — Vulnerability Detection (Overview)

  • Overview — a dashboard (filter by Time Range): Application / API with Vulnerabilities, Vulnerabilities Risk Level, Vulnerability Trend, and Top-10 breakdowns (API with vulnerability, vulnerability, vulnerability type, source IP).
  • Vulnerabilities — the detected findings list.
  • Detection Rules — rules that drive vulnerability detection.

Rollout

Enable sampling and let Discovery build the endpoint inventory first, then review Threat Detection / DLP / Vulnerability findings and act. Combine with the AI-WAF API-Specific policy and rate limiting on API routes for layered defense.