Detected API list

When you access API Discovery, a list of potential unprotected API entries appears for your review. The list is updated daily with new data to help you make an informed decision whether to register an API entry.

The detected API list shows data from the last 30 days. To appear in the list, an API must meet these conditions:

  • At least 1000 requests reached the API over the last 30 days

  • The API responded with at least one 2xx status code over the last 30 days

API list fields

For each API entry in the list, you can view the following information:

Hostname. The hostname where the API resides. The hostname may include a wildcard, in which case an additional Hostnames tab appears when you expand the API entry. There, you can view a sample of actual hostnames detected in requests to the API.

ūüďė

A wildcard cannot include a period. It always indicates a single subdomain within a hostname. For example, bookstore.api.akamai.com cannot be templated to *.akamai.com.
You may have access only to some of the hostnames a wildcard matches. In such case, you can see all hostnames you have access to and the number of inaccessible hostnames in the Hostnames tab. When you decide to register the API, only the accessible hostnames will be prepopulated in the API configuration.

If you haven’t configured the hostname in Property Manager, you won’t be able to register the API that uses the hostname. Make sure the hostname is associated with at least one of the properties on your account. For details on properties, see the Property Manager help.

Base path. The base path where the API serves content.

Date first seen. Indicates the time when API Discovery first detected traffic on the API’s hostnames.

Format. The format of data the API exchanges based on the analyzed requests. This is usually JSON, XML, or both. For all available formats, see Data formats and content types.

Requests in the last day. The number of detected requests the API has received since the previous day (in UTC time). The arrow next to the request number indicates if the number is greater or smaller compared to the previous day. When you hover over the number (or tap it, if you’re using a mobile device), a line chart appears that shows the request trend over the last 30 days.

Errors. The percentage of requests that have received error responses since the API was first seen. Error responses are denoted by 4xx and 5xx response status codes.

Client Reputation. The percentage of requests with a reputation score of four or greater since the API was first seen. The reputation scores span from one to ten for each existing Client Reputation category. The higher the score, the higher chance that a request came from a malicious actor. Learn more about Client Reputation

If you want, you may also export the entire list of APIs to a CSV file and see more detailed information about each API.

Searching and filtering

You can use the Search bar to narrow down the list of API entries. The data in all available columns is searchable.

You can show only visible APIs or show only hidden APIs to further narrow down the list of results. You have full control over the visibility of your APIs.

You can also apply a filter based on numerous criteria.

Available actions

Once you decide what to do with a specific API entry, open its more options menu and select:

  • Hide API to hide the entry from visible APIs. You may show it later if you change your mind.
  • Report an API as misidentified to remove the entry from the list if it has been incorrectly flagged as an API.
  • Register API to go straight into API Definitions, register, and deploy the API to the Akamai network.

Data types and content formats

API Discovery detects numerous data formats and content types your APIs exchange. When you export a CSV file with API data, you can see all detected formats and content types. Learn about all possible values that you may find in an exported file.

FormatContent-Type
CSV*csv*
GRAPHQLapplication/*graphql*
HESSIANapplication/*hessian*
JSapplication/*javascript
JSONapplication/*json*
text/*json
MESSAGEPACKapplication/*msgpack*
NOT SETHTTP Content-Type header not specified
PASSWORDapplication/*pass*
PDFapplication/*pdf
PLAYLISTapplication/*mpegurl*
application/*m3u*
PROTOBUFapplication/*protobuf*
QUICKBOOKS*ofx*

*qfx*

*qbo*

*qif*
SOAPapplication/*soap*
TEXTapplication/*text
THRIFTapplication/*thrift*
UNKNOWNContent type doesn't match a known value from this table.
WADLapplication/*wadl*
WEBSOCKETtk/lws

tk/relay
XMLapplication/*xml*

text/*xml
YAMLapplication/*yaml
ZIPapplication/*zip

application/*xz