API Security Best Practices

Read the guide

Discover all APIs

Only Salt automatically and continuously discovers all APIs, capturing granular details about them to help you eliminate blind spots, assess risk, and keep APIs protected even as your environment evolves and changes

Achieve comprehensive visibility

Automatically and continuously discover all internal, external, and third-party APIs, with granular details such as parameters, parameter functions, and exposed sensitive data to help you understand your attack surface and assess risk. The Salt platform deploys in any application environment, capturing API traffic without sitting inline or requiring agents. APIs not in your gateway or documented in an OpenAPI Specification (aka Swagger)? No problem - we’ll find them all.

Find shadow and zombie APIs

Salt customers have found anywhere from 40% to 800% more APIs than what is noted in their documentation. These unknown or shadow APIs represent a significant risk to organizations because they often expose PII or other sensitive data. Zombie APIs – the deprecated APIs the organization assumes have been disabled – present another kind of risk. Upload your documentation files to compare with Salt’s inventory, and download our complete list to enhance your documentation.

Maintain an up-to-date API inventory

In today’s agile and DevOps world, APIs are changing all the time, and developers often don’t keep documentation up to date. Leverage the continuous discovery capability of the Salt platform to keep your API inventory current and accurate despite those frequent changes. Receive alerts for new and changed APIs so you can verify that all APIs meet your organization’s security standards, from dev/test into production.

Want to see the Salt platform in action?

Request a Demo