API security uses sampled access logs and built-in machine learning models to automatically discover, monitor, and protect APIs across your sites. It detects threats at points of presence (POPs) and provides a portal for API monitoring and analysis.
Contact your account manager to enable API security.
Features
|
Feature |
Overview |
|
To prevent threats from unknown or deprecated APIs, such as data breaches and service interruptions, use the API security feature of Edge Security Acceleration (ESA). This feature uses machine learning to continuously analyze your site's service traffic. It automatically discovers API endpoints to help you centrally manage APIs and identify issues such as sensitive data leakage and API abuse. |
|
|
ESA continuously monitors managed APIs and provides performance and security insights. |
|
|
After you upload an API schema, such as an OpenAPI specification, ESA automatically matches it to your managed APIs. ESA then validates incoming requests against the schema and applies the configured action to any non-compliant request to protect your business APIs. |
|
|
You can create an API token compliance validation rule by adding a custom JSON Web Token (JWT) and binding it to the API that requires verification. ESA will then perform token compliance validation on incoming requests and process them to secure your business APIs. |
|
|
API security settings enable centralized management of Session Identifiers, Schema Validation Settings, and Token Configurations. |
Performance impact
ESA performs API security analysis passively at POPs with minimal performance impact. Tests show that with API discovery and monitoring enabled, or with blocking features such as architecture compliance validation or token validation active, added latency remains at the millisecond level — imperceptible to users.
Use cases
Discover and manage unknown API assets
When developers release API operations without notifying the security team, these untracked APIs fall outside security controls and become potential attack entry points.
Recommended feature: API Discovery
With API discovery enabled, ESA automatically identifies all API endpoints proxied through it. Security administrators can review discovered APIs, bring unknown ones under management, or deprecate them — ensuring full API asset visibility.
Block non-compliant requests at the edge
Attackers often send malformed requests that deviate from predefined formats to probe public-facing APIs. These requests consume origin server resources and may trigger unknown vulnerabilities.
Recommended feature: API Architecture Compliance Validation
Upload an OpenAPI specification file for your core APIs. ESA validates the structure and parameters of each incoming request at POPs against this specification. Non-compliant requests are blocked or logged before reaching your origin server, defending against injection and fuzz-testing attacks.
Protect mobile and web application APIs
In decoupled frontend-backend architectures, mobile apps and single-page applications communicate with backend services through APIs. Ensuring only legitimate clients can invoke these APIs is critical to security.
Recommended feature: API Token Compliance Validation
Configure token validation rules to require a valid JSON Web Token (JWT) on every request. ESA verifies JWT signatures and expiration at POPs, forwarding only validated requests to the origin server. This prevents unauthorized access and replay attacks.
Supported plans
Feature category | Detailed feature | Entrance (0 USD/month) | Pro (15 USD/month) | Premium (249 USD/month) | Enterprise (contact sales for custom pricing) |
API security features | Only supports API management and architecture validation features | Only supports API management and architecture validation features | Supports all features | ||
Number of APIs managed | 15 | 30 | 100 | ||
Number of session identifiers | 10 | ||||
Number of architecture files | 1 | 1 | 5 | ||
Number of JWT tokens | 5 | ||||
Number of API rules | 10 entries |