GET API Endpoints.
const url = 'https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/ml/data/namespaces/example/virtual_hosts/example/api_endpoints';const options = {method: 'GET', headers: {Authorization: '<Authorization>'}};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request GET \ --url https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/ml/data/namespaces/example/virtual_hosts/example/api_endpoints \ --header 'Authorization: <Authorization>'GET all autodiscovered API endpoints for Virtual Host.
Authorizations
Section titled “Authorizations”Parameters
Section titled “Parameters”Path Parameters
Section titled “Path Parameters”Namespace Namespace of the virtual host for current request.
Virtual Host Name Virtual Host name for current request.
Query Parameters
Section titled “Query Parameters”List of additional things that needs to be sent as part of the request
API ENDPOINT INFO NONE option is used to disable any additional info request per API endpoint response API ENDPOINT INFO PDF SPARKLINES option is used to enable pdf sparkline info along with the API endpoint response.
List of domains that needs to be sent as part of the request Optional filter by domains. If absent, all domains are considered.
Format: unix_timestamp|RFC 3339
Filters the APIEPs with access time >= start_time. Considered only to calculate activity metrics, based on #sec-events and #requests.
Optional: If not specified, then the start_time will be evaluated to end_time-2h
If end_time is not specified, then the start_time will be evaluated to
Format: unix_timestamp|RFC 3339
Filters the APIEPs with access time < end_time. Considered only to calculate activity metrics, based on #sec-events and #requests.
Optional: If not specified, then the end_time will be evaluated to start_time+2h
If start_time is not specified, then the end_time will be evaluated to
Category of API endpoints. Can be DISCOVERED, INVENTORY or SHADOW API. Optional filter by api_category. If absent, endpoints of all categories are considered.
Discovered API Endpoint. The API Endpoint is imported from user swagger. The API Endpoint is present at the API Inventory. The API Endpoint is considered as part of Shadow API. Deprecated API Endpoint. Non-API Endpoint.
Responses
Section titled “Responses”A successful response.
Response shape for GET API endpoints API. It is list of API endpoints discovered.
object
List of API endpoints discovered.
Information about automatically identified API endpoint Each identified API endpoint has a CollapsedURL and Method. CollapsedURL is created by replacing dynamic components in the URL, if any, with the keyword DYN. These dynamic components are automatically identified. Additionally, any API endpoint that has a collapsedURL with automatically identified DYN components, will also have DYN-Examples which show a few examples of the original values of the components that were determined to be DYN.
object
Access_discovery_time is the time when the API endpoint was updated from the access logs by the discovery mechanism. It is the UTC time and represented in RFC3339 form.
List of API Groups the API Endpoint is a member of.
List of API endpoint attributes.
List of authentication types found in the API endpoint and their locations.
API Endpoint’s Authentication Type and Location.
object
The detected authentication type by string format.
Average latency observed for the API Endpoint.
The base path for this Endpoint.
The category of the API Endpoint relative to API Inventory.
URL for automatically identified API.
List of compliance frameworks of the Endpoint.
List of Domains of the API endpoint.
For example - {“dyn_examples”: [ { “component_identifier”: “API/v1/user_id/DYN”, “component_examples”: [ “cmenomo007”, “marcusaurelius” “artattacksince1947”, “johndoe83”, ] }, { “component_identifier”: “API/v1/user_id/DYN/vehicle_id/DYN”, “component_examples”: [ “JN1CV6AR3AM458367”, “1GBCS10AXP2917522”, “JM1DE1KY9D0155647”, “JN1CA31D5YT533780” ] } ]} List of sample URL(s) that are collapsed and dynamic components to collapse them.
List of Examples of expanded URL components for API endpoints that are collapsed with a dynamic component that is identified automatically.
object
List of sample URL(s) that are collapsed.
Dynamic component used to collapse sample URLs given in Expanded URLs.
List of engines that detected the endpoint.
Number of request with 4xx or 5xx response for the API Endpoint.
Has Learnt Schema flag for request API endpoint.
API testing last tested time is the time when the API endpoint was last tested.
Maximum latency observed for the API Endpoint.
HTTP method for the API.
object
Creation_timestamp represents the time when this PDF was created It is represented in RFC3339 form and is in UTC.
List of Probability density points for PDF for error rate.
Probability Density point in (PDF(x)) of the metric. X is the value of the metric, probability is the corresponding PDF(x). In the univariate case (current configuration), the value x of the metrics is a scaler. As PDFSpec is repeated (see below), the x values are linearly spaced monotonically from minimum to maximum.
object
Probability of given Value of the metric that can be plotted on y-axis.
Value of the metric that can be plotted on x-axis.
object
Pdf_95 represents the 95th percentile of PDF.
Pdf_mean represents the mean of PDF.
List of Probability density points for PDF for latency of response begin.
Probability Density point in (PDF(x)) of the metric. X is the value of the metric, probability is the corresponding PDF(x). In the univariate case (current configuration), the value x of the metrics is a scaler. As PDFSpec is repeated (see below), the x values are linearly spaced monotonically from minimum to maximum.
object
Probability of given Value of the metric that can be plotted on y-axis.
Value of the metric that can be plotted on x-axis.
object
Pdf_95 represents the 95th percentile of PDF.
Pdf_mean represents the mean of PDF.
List of Probability density points for PDF for latency of response end.
Probability Density point in (PDF(x)) of the metric. X is the value of the metric, probability is the corresponding PDF(x). In the univariate case (current configuration), the value x of the metrics is a scaler. As PDFSpec is repeated (see below), the x values are linearly spaced monotonically from minimum to maximum.
object
Probability of given Value of the metric that can be plotted on y-axis.
Value of the metric that can be plotted on x-axis.
object
Pdf_95 represents the 95th percentile of PDF.
Pdf_mean represents the mean of PDF.
List of Probability density points for PDF for request rate.
Probability Density point in (PDF(x)) of the metric. X is the value of the metric, probability is the corresponding PDF(x). In the univariate case (current configuration), the value x of the metrics is a scaler. As PDFSpec is repeated (see below), the x values are linearly spaced monotonically from minimum to maximum.
object
Probability of given Value of the metric that can be plotted on y-axis.
Value of the metric that can be plotted on x-axis.
object
Pdf_95 represents the 95th percentile of PDF.
Pdf_mean represents the mean of PDF.
List of Probability density points for PDF for request size.
Probability Density point in (PDF(x)) of the metric. X is the value of the metric, probability is the corresponding PDF(x). In the univariate case (current configuration), the value x of the metrics is a scaler. As PDFSpec is repeated (see below), the x values are linearly spaced monotonically from minimum to maximum.
object
Probability of given Value of the metric that can be plotted on y-axis.
Value of the metric that can be plotted on x-axis.
object
Pdf_95 represents the 95th percentile of PDF.
Pdf_mean represents the mean of PDF.
List of Probability density points for PDF for response size.
Probability Density point in (PDF(x)) of the metric. X is the value of the metric, probability is the corresponding PDF(x). In the univariate case (current configuration), the value x of the metrics is a scaler. As PDFSpec is repeated (see below), the x values are linearly spaced monotonically from minimum to maximum.
object
Probability of given Value of the metric that can be plotted on y-axis.
Value of the metric that can be plotted on x-axis.
object
Pdf_95 represents the 95th percentile of PDF.
Pdf_mean represents the mean of PDF.
List of Probability density points for PDF for response throughput.
Probability Density point in (PDF(x)) of the metric. X is the value of the metric, probability is the corresponding PDF(x). In the univariate case (current configuration), the value x of the metrics is a scaler. As PDFSpec is repeated (see below), the x values are linearly spaced monotonically from minimum to maximum.
object
Probability of given Value of the metric that can be plotted on y-axis.
Value of the metric that can be plotted on x-axis.
object
Pdf_95 represents the 95th percentile of PDF.
Pdf_mean represents the mean of PDF.
Request rate for the API Endpoint.
Percentage of requests that were directed to this API Endpoint.
Number of requests seen for this API Endpoint for the specified time-range.
object
Score of the vulnerabilities found for this API Endpoint.
Schema status indicates the API Endpoint’s schema origin and if it’s outdated.
Number of sec_events seen for this API Endpoint for the specified time-range.
List of Sensitive Data found in the API endpoint.
Sensitive data location for the API Endpoint.
List of Sensitive Data found in the API endpoint.
Categories of the vulnerability as per the OWASP API Top 10.
Represents a category of vulnerability as defined in the OWASP API Top 10.
object
Link to the OWASP documentation for this category.
The name of the OWASP API security category.
The API endpoints Last Update timestamp indicates most recent update of API endpoints happened The API Discovery periodically updates the API endpoints list based on application’s traffic.
Example
{ "apiep_list": [ { "api_type": "API_TYPE_UNKNOWN", "authentication_state": "AUTH_STATE_UNKNOWN", "authentication_types": [ { "location": "AUTH_LOCATION_HEADER", "type": "AUTH_TYPE_BASIC" } ], "category": [ "APIEP_CATEGORY_DISCOVERED" ], "pii_level": "APIEP_PII_NOT_DETECTED", "risk_score": { "severity": "APIEP_SEC_RISK_NONE" }, "security_risk": "APIEP_SEC_RISK_NONE", "sensitive_data": [ "SENSITIVE_DATA_TYPE_CCN" ] } ]}Returned when operation is not authorized.
Examplegenerated
exampleReturned when there is no permission to access resource.
Examplegenerated
exampleReturned when resource is not found.
Examplegenerated
exampleReturned when operation on resource is conflicting with current value.
Examplegenerated
exampleReturned when operation has been rejected as it is happening too frequently.
Examplegenerated
exampleReturned when server encountered an error in processing API.
Examplegenerated
exampleReturned when service is unavailable temporarily.
Examplegenerated
exampleReturned when server timed out processing request.
Examplegenerated
example