This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to detect and reduce the damage if APIs are compromised? Before one finds out and revoke the develop app

Posted on 05-29-2019 07:15 PM
nathanaw
New Member
Reply posted on --/--/---- --:-- AM

A lot of emphasis has been put into authorisation of APIs -- grant types, etc. However, I wish to know what can one put in place to identify and reduce the damage done when an API is compromised.

Other than quota, spike arrest, concurrent rate limit, what can one do to:

1. Quickly identify that a once trusted API is now hijacked/compromised

2. Reduce the damage that these hijacked/compromised API may do before it is identified as hijacked/compromised

Sure, one could pipe the logs to ELK for analysis and alerts when an aberration is detected but does Apigee have any mechanism to address point 1 & point 2?

Thank you.

Nathan Aw (Singapore)

0 1 68
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

I recommend that you look into the API Monitoring Dashboard.

https://docs.apigee.com/api-monitoring/alerts-notifications

Nathan, you seem to have LOTS of questions.

You would really benefit from a direct engagement with a Customer Success architect.

0 Likes