App and API Protection

App and API Protection is not supported for your selected Datadog site ().

A security signal panel in Datadog, which displays attack flows and flame graphs

App & API Protection (AAP) provides unified visibility and security for your applications and APIs, helping you detect, investigate, and prevent threats across modern workloads.

Whether you’re defending public-facing APIs, internal services, or user-facing applications, AAP equips your teams with realtime OOTB threat detection, posture assessment, and in-app protections.

Formerly known as Application Security Monitoring (ASM), AAP now goes beyond runtime threat detection to include API discovery, posture management, and protection capabilities.

Key capabilities

API discovery and posture management

  • Automatically detect all APIs exposed by your services.
  • Identify unprotected, undocumented, or overly permissive endpoints.
  • Get detailed, contextual findings tied to specific endpoints, misconfigurations, and observed behavior.
  • Evaluate API configurations against posture rules based on security best practices and compliance frameworks (e.g., OWASP API Top 10).

Runtime threat detection and protection

  • Detect real-time threats such as injection attacks, account takeover attempts, and application abuse.
  • Correlate multi-signal attack patterns into actionable insights.
  • Block malicious traffic with In-App WAF rules using attributes like IP, user agent, headers, and more.

Use cases

  • Protect customer data in production APIs
  • Detect and block credential stuffing and ATO attacks
  • Maintain API posture compliance across teams and environments
  • Investigate incidents with correlated trace, log, and security data

AAP implementation in Datadog

If you’re curious how App and API Protection is structured and how it uses tracing data to identify security problems, read How App and API Protection Works.

Configure your environment

Powered by provided out-of-the-box rules, AAP detects threats without manual configuration. If you already have Datadog APM configured on a physical or virtual host, setup only requires setting one environment variable to get started.

To start configuring your environment to detect and protect threats with AAP, follow the enabling documentation for each product. Once AAP is configured, you can begin investigating and remediating security signals in the Security Signals Explorer.

Investigate and remediate security signals

In the Security Signals Explorer, click on any security signal to see what happened and the suggested steps to mitigate the attack. In the same panel, view traces with their correlated attack flow and request information to gain further context.

Disable AAP

For information on disabling AAP or its features, see the following:

Next steps

Additional helpful documentation, links, and articles:

How App and API Protection WorksDOCUMENTATION more more App and API ProtectionDOCUMENTATION more more Datadog App and API ProtectionPRODUCT PAGE more more Gain visibility into risks, vulnerabilities, and attacks with APM Security ViewBLOG more more Monitor AWS WAF activity with DatadogBLOG more more How Datadog Security Inbox prioritizes security risksBLOG more more Understanding your WAF: How to address common gaps in web application securityBLOG more more Mitigate account takeovers with Datadog App and API ProtectionBLOG more more
PREVIEWING: mcretzman/DOCS-10911-App-API-Pro-redirects-revise