Automatically and continuously discover all internal, external, and third-party APIs, with granular details such as parameters, parameter functions, and exposed sensitive data to help you understand your attack surface and assess risk. The Salt platform deploys in any application environment, capturing API traffic without sitting inline or requiring agents. APIs not in your gateway or documented in an OpenAPI Specification (aka Swagger)? No problem - we’ll find them all.
Salt customers have found anywhere from 40% to 800% more APIs than what is noted in their documentation. These unknown or shadow APIs represent a significant risk to organizations because they often expose PII or other sensitive data. Zombie APIs – the deprecated APIs the organization assumes have been disabled – present another kind of risk. Upload your documentation files to compare with Salt’s inventory, and download our complete list to enhance your documentation.
In today’s agile and DevOps world, APIs are changing all the time, and developers often don’t keep documentation up to date. Leverage the continuous discovery capability of the Salt platform to keep your API inventory current and accurate despite those frequent changes. Receive alerts for new and changed APIs so you can verify that all APIs meet your organization’s security standards, from dev/test into production.