Detected API list

When you access API Discovery, a list of potential unprotected API entries appears for your review. The list is updated daily with new data to help you make an informed decision whether to register an API entry.

The detected API list shows data from the last 30 days. To appear in the list, an API must meet these conditions:

  • At least 1000 requests reached the API over the last 30 days

  • The API responded with at least one 2xx status code over the last 30 days

API list fields

For each API entry in the list, you can view the following information:

Hostname. The hostname where the API resides. The hostname may include a wildcard, in which case an additional Hostnames tab appears when you expand the API entry. There, you can view a sample of actual hostnames detected in requests to the API.

📘

A wildcard cannot include a period. It always indicates a single subdomain within a hostname. For example, bookstore.api.akamai.com cannot be templated to *.akamai.com.
You may have access only to some of the hostnames a wildcard matches. In such case, you can see all hostnames you have access to and the number of inaccessible hostnames in the Hostnames tab. When you decide to register the API, only the accessible hostnames will be prepopulated in the API configuration.

If you haven’t configured the hostname in Property Manager, you won’t be able to register the API that uses the hostname. Make sure the hostname is associated with at least one of the properties on your account. For details on properties, see the Property Manager help.

Base path. The base path where the API serves content.

Date first seen. Indicates the time when API Discovery first detected traffic on the API’s hostnames.

Format. The format of data the API exchanges based on the analyzed requests. This is usually JSON, XML, or both. For all available formats, see Data formats and content types.

Requests in the last day. The number of detected requests the API has received since the previous day (in UTC time). The arrow next to the request number indicates if the number is greater or smaller compared to the previous day. When you hover over the number (or tap it, if you’re using a mobile device), a line chart appears that shows the request trend over the last 30 days.

Errors. The percentage of requests that have received error responses since the API was first seen. Error responses are denoted by 4xx and 5xx response status codes.

Client Reputation. The percentage of requests with a reputation score of four or greater since the API was first seen. The reputation scores span from one to ten for each existing Client Reputation category. The higher the score, the higher chance that a request came from a malicious actor. Learn more about Client Reputation
.
If you want, you may also export the entire list of APIs to a CSV file and see more detailed information about each API.

Searching and filtering

You can use the Search bar to narrow down the list of API entries. The data in all available columns is searchable.

You can show only visible APIs or show only hidden APIs to further narrow down the list of results. You have full control over the visibility of your APIs.

You can also apply a filter based on numerous criteria.

Available actions

Once you decide what to do with a specific API entry, open its more options menu and select:

  • Hide API to hide the entry from visible APIs. You may show it later if you change your mind.
  • Report an API as misidentified to remove the entry from the list if it has been incorrectly flagged as an API.
  • Register API to go straight into API Definitions, register, and deploy the API to the Akamai network.

Data types and content formats

API Discovery detects numerous data formats and content types your APIs exchange. When you export a CSV file with API data, you can see all detected formats and content types. Learn about all possible values that you may find in an exported file.

Format

Content-Type

CSV

*csv*

GRAPHQL

application/*graphql*

HESSIAN

application/*hessian*

JS

application/*javascript

JSON

application/*json*
text/*json

MESSAGEPACK

application/*msgpack*

NOT SET

HTTP Content-Type header not specified

PASSWORD

application/*pass*

PDF

application/*pdf

PLAYLIST

application/*mpegurl*
application/*m3u*

PROTOBUF

application/*protobuf*

QUICKBOOKS

*ofx*

*qfx*

*qbo*

*qif*

SOAP

application/*soap*

TEXT

application/*text

THRIFT

application/*thrift*

UNKNOWN

Content type doesn't match a known value from this table.

WADL

application/*wadl*

WEBSOCKET

tk/lws

tk/relay

XML

application/*xml*

text/*xml

YAML

application/*yaml

ZIP

application/*zip

application/*xz


Did this page help you?