Datadog AAP Threat Management and Code Security are built on top of APM. While Datadog recommends using these security products with APM and adopting DevSecOps practices, you can also use these security products without using APM. This configuration is referred to as Standalone App and API Protection. This guide explains how to set up Standalone App and API Protection.

Prerequisites

This guide assumes you have the following:

• Datadog Agent: Install the Datadog Agent and configure it for your application’s operating system, container, cloud, or virtual environment.
• Supported Tracing Library: The Datadog Tracing Library used by your application or service supports App and API Protection. For more details, see the guides for App and API Protection or Code Security.

Compatibility

Standalone App and API Protection is currently supported for the following tracing library versions:

Setup

Set up the Datadog Agent using the standard method for APM or App and API Protection setup, but set up the Tracing Library by adding the DD_APM_TRACING_ENABLED=false environment variable to the service that runs the Tracing Library.

This environment variable will reduce the amount of APM data sent to Datadog to the minimum required by App and API Protection products. The environment variable can then be combined with environment variables to enable App and API Protection or Code Security.

For App and API Protection, add the DD_APM_TRACING_ENABLED=false DD_APPSEC_ENABLED=true environment variable.

For Code Security, add the DD_APM_TRACING_ENABLED=false DD_IAST_ENABLED=true environment variable.