Overview of Advanced API Security

You're viewing Apigee X documentation.
View Apigee Edge documentation.

Apigee Advanced API Security protects your APIs from attacks by malicious agents, such as bots. Apigee provides two main tools for identifying threats and vulnerabilities:

Bot detection

Advanced API Security uses pre-configured rules to help you identify malicious bots within API traffic. Each rule represents a different type of unusual traffic, such as a large number of calls from a single IP address or a high percentage of errors. If an API traffic pattern meets any of the rules, Advanced API Security reports it as a bot.

You can see reports on detected bots either in the Security Report Jobs view in the Apigee UI, or using the Apigee API.

Identifying API misconfigurations

Advanced API Security makes it easier to identify API proxies that don't conform to security standards. To help you identify APIs that are misconfigured or experiencing abuse, Advanced API Security regularly assesses API configurations and calculates scores to rate their security level. When a low score indicates a configuration issue, Advanced API Security provides recommended actions for mitigating the problem.

You can see the security scores in the Security Scores view in the Apigee UI, or using the Apigee API.

Advanced API Security is free during Public Preview. To try it out, contact Apigee sales.