- 필수 기능
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- 디지털 경험
- 소프트웨어 제공
- 보안
- 로그 관리
- 관리
- 인프라스트럭처
- ci
- containers
- csm
- ndm
- otel_guides
- overview
- slos
- synthetics
- tests
- 워크플로
API Security Inventory monitors your API traffic to provide visibility into the security posture of your APIs, including:
Using the API Security Inventory you can:
The following library versions are compatible with API Security Inventory. Remote Configuration is required.
Technology | Minimum version | Support for sensitive data scanning |
---|---|---|
Python | v2.1.6 | Requests and responses |
Java | v1.31.0 | Requests only |
PHP | v0.98.0 | Requests and responses |
.NET Core | v2.42.0 | Requests and responses |
.NET Fx | v2.47.0 | Requests and responses |
Ruby | v1.15.0 | Requests only |
Golang | v1.59.0 | Requests only |
Node.js | v3.51.0, v4.30.0 or v5.6.0 | Requests and responses |
API Inventory leverages the Datadog tracing library with ASM enabled to gather security metadata about API traffic, including the API schema, types of sensitive data processed, and the authentication scheme.
API Inventory Security uses Remote Configuration to manage and configure scanning rules that detect sensitive data and authentication.
The following risks are calculated for each endpoint:
The env
tag is checked for patterns that frequently represent non-production environments. For example, if it detects values of dev
, alpha
, beta
, sandbox
, or similar, it marks the environment as non-production. All other environments are marked as production.
This risk is detected for API endpoints that have experienced attacks within the last week.
ASM matches known patterns for sensitive data in API requests. If it finds a match, the endpoint is tagged with the type of sensitive data processed.
The matching occurs within your application, and none of the sensitive data is sent to Datadog.
Category | Category facet | Type facet |
---|---|---|
Canadian social insurance numbers | pii | canadian_sin |
United States social security numbers | pii | us_ssn |
UK national insurance numbers | pii | uk_nin |
US vehicle identification numbers | pii | vin |
Passport numbers | pii | passport_number |
E-mail addresses | pii | email |
JSON Web Token (JWT) | credentials | json_web_token |
Bearer tokens (found in Authorization headers) | credentials | bearer_token |
American Express card number | payment | card |
Diners Club card number | payment | card |
JCB card number | payment | card |
Maestro card number | payment | card |
Mastercard card number | payment | card |
VISA card number | payment | card |
IBAN bank account number | payment | iban |
Datadog marks an endpoint as public if the client IP address is outside these ranges:
See Configuring a client IP header for more information on the required library configuration.
Authentication is determined by:
Authorization
, Token
or X-Api-Key
headers.@usr.id
APM attribute).This risk is determined by Software Composition Analysis for the service hosting the endpoint.
By default, API Security Inventory evaluates every tenth request (10% sample rate).
Additional helpful documentation, links, and articles: