API Security Manager

API Security Manager is designed to discover and test hidden/shadow APIs to ensure their security and compliance posture is robust. It provides a holistic security testing workbench embed within CICD pipeline to scale the automated testing of APIs using OWASP top-10, CIS top-20, and other custom frameworks. Various forms of API responses (text, images, audios) can also be benchmarked using different metrics.


"What a fantastic and insightful [solution] around API risk management, can't agree more on API risk assessment across product/services, discovery, licensing, legal , T&C, compliance, authorization, reliability (where in the world third party API/data is hosted), often these optics are overlooked, as we rush through the process of eliminating data silos internally [and] externally thru APIs. Keep up the good work."

–Sanket Kulkarni, Digital Strategy and Architecture at Amtrak

Discovery is enabled via world’s first comprehensive API KnowledgeBase™ - a curated repository of public and private APIs with advanced search capabilities. Refer to API Discovery Manager data sheet for additional details.

API Security Manager comprises of six technical modules.

Marketplace for Private and Public APIs

Access thousands of Public, Open APIs in a single platform. Choose APIs based on analytics derived from 15000+ API’s, 10000+ Providers, 5000+ Categories, 30000+ terms of service.

Search APIs (names, vendors & industries) Search APIs (natural language processing)
Access sample API responses & codes Make live calls & analyze API responses
Find API agreements & assess legal risks Conduct quality & data privacy (PII) analysis
Build & manage multiple API communities Control access privileges via policies & roles
Software Composition Analysis for APIs

Discover embedded APIs in source codes by integrating scanning agents within your CI/CD processes for better transparency, workflow management and governance of APIs across multiple products.

GUI tools for API Discovery IDE plugins for API Discovery
CICD integrations (CL) for API Discovery Analyze programs (API code snippets)
Detect URLs (in source codes) Specify target APIs to be discovered
Workflow management for API test Workflow management for API agreements
Network Analysis for APIs

Discover hidden APIs by analyzing HTTP traffic (passing through API gateways, and application servers). This is in contrast to source code scanning (when access to application is difficult/not possible).

Deploy network agents to find hidden APIs Deploy multiple agents in a distributed way
Mark target APIs for discovery & analysis Test discovered APIs in real time
Find API details (vendors, ISPs, server locations, vulnerabilities, etc.) Set customized network parameters (API detection & reporting frequencies)
Consolidate results from multiple networks
Security Workbench for APIs

Discover embedded APIs in source codes by integrating scanning agents within your CI/CD processes for better transparency, workflow management and governance of APIs across multiple products.

Perform OWASP top-10, CIS top-20 tests Customize selection of tests for specific APIs
Test multiple API authentication settings Upload fake IDs/Passwords/API-Keys
Perform API fuzzing via random inputs Analyze API (hosting) servers & metadata
Quality Workbench for APIs

Framework to test various API configurations (header, body, parameter settings).
API Benchmark to compare API responses (in JSON, XML, Text, Audio, Videos, Images) and API quality (in speech recognition, text analysis, etc.) using various statistical techniques.

Test APIs in a wide variety of settings Support for various authentications (API Keys, Basic Auth, OAuth, JWT)
Reuse & analyze history of API test cases Compare API responses in JSON & XML (containing texts, images, audios, videos)
Manage users, privileges & workflows Generate customized reports (PDF, CSV)
Collaborate on multiple API projects
API Dashboard for Executives

High level analytics for CxOs on API usage, organizations and their users, API hosting locations. Drilling down capability to gain insights.

API Consumption analytics API User analytics
API Community analytics API server/ISP distributions
API usage drill-down capabilities API billing audit (of multiple vendors)

Automate OWASP top-10 and custom security tests. Perform analysis to identify security & compliance risks.

Interested in TeejLab updates?
Enter your email to be added to the TeejLab newsletter list