{"id":105577,"date":"2025-03-12T15:14:33","date_gmt":"2025-03-12T07:14:33","guid":{"rendered":"https:\/\/version-2.com\/?p=105577"},"modified":"2025-03-12T15:17:25","modified_gmt":"2025-03-12T07:17:25","slug":"why-api-discovery-is-critical-to-security","status":"publish","type":"post","link":"https:\/\/version-2.com\/zh\/2025\/03\/why-api-discovery-is-critical-to-security\/","title":{"rendered":"Why API Discovery Is Critical to Security"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"105577\" class=\"elementor elementor-105577\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-35fe5dd post-content elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"35fe5dd\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;cef08c3&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-409a2e9a\" data-id=\"409a2e9a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5a8be8f elementor-widget elementor-widget-text-editor\" data-id=\"5a8be8f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-full\" src=\"https:\/\/cdn-jnkep.nitrocdn.com\/GTmurwhroBoLJVMAHNGccmBVEhSunPoF\/assets\/images\/optimized\/rev-ed4d356\/graylog.org\/wp-content\/uploads\/2024\/05\/WhyAPIDiscovery-toSecurity.jpg.webp\" width=\"1200\" height=\"628\" \/><\/p><div class=\"elementor-widget-container\"><p class=\"lazyloaded\">For <em>Star Trek<\/em> fans, space may be the final frontier, but in security, discovering Application Programming Interfaces (APIs) could be the technology equivalent. In the iconic episode \u201cThe Trouble with Tribbles,\u201d the legendary starship <em>Enterprise<\/em> discovers a space station that becomes overwhelmed by little fluffy, purring, rapidly reproducing creatures called \u201ctribbles.\u201d In a modern IT department, APIs can be viewed as the digital tribble overwhelming security teams.<\/p><p>\u00a0<\/p><p>As organizations build out their application ecosystems, the number of APIs integrated into their IT environments continues to expand. Organizations and security teams can become overwhelmed by the sheer number of these software \u201ctribbles,\u201d as undiscovered and unmanaged APIs create security blindspots.<\/p><p>\u00a0<\/p><p>API discovery is a critical component for any security program because it expands the organization\u2019s attack surface.<\/p><p>\u00a0<\/p><h2>What is API discovery?<\/h2><p>API discovery is a manual or automated process that identifies, documents, and catalogs an organization\u2019s APIs so that security teams can monitor the application-to-application data transfers. To manage all APIs that the organization integrated into its ecosystem, organizations need a comprehensive inventory that includes:<\/p><ul><li class=\"lazyloaded\"><strong>Internal APIs<\/strong>: interfaces between a company\u2019s backend information and application functionality<\/li><li class=\"lazyloaded\"><strong>External APIs<\/strong>: interfaces exposed over the internet to non-organizational stakeholders, like external developers, third-party vendors, and customers<\/li><\/ul><p>\u00a0<\/p><p>API discovery enables organizations to identify and manage the following:<\/p><ul><li class=\"lazyloaded\"><strong>Shadow (\u201cRogue\u201d) APIs<\/strong>: unchecked or unsupervised APIs<\/li><li class=\"lazyloaded\"><strong>Deprecated (\u201cZombie\u201d) APIs<\/strong>: unused yet operational APIs without the necessary security updates<\/li><\/ul><p><strong>\u00a0<\/strong><\/p><h2>What risks do undocumented and unmanaged APIs pose?<\/h2><p>Threat actors can exploit vulnerabilities in these shadow and deprecated APIs, especially when the development and security teams have no way to monitor and secure them.<\/p><p>\u00a0<\/p><p>Unmanaged APIs can expose sensitive data, including information about:<\/p><ul><li class=\"lazyloaded\"><strong>Software interface<\/strong>: the two endpoints sharing data<\/li><li class=\"lazyloaded\"><strong>Technical specifications<\/strong>: the way the endpoints share data<\/li><li class=\"lazyloaded\"><strong>Function calls<\/strong>: verbs (GET, DELETE) and nouns (Data, Access) that indicate business logic<\/li><\/ul><p>\u00a0<\/p><h2>Why is API discovery important?<\/h2><p>Discovering all your organization\u2019s APIs enhances security by incorporating them into:<\/p><ul><li class=\"nitro-lazy\"><strong>Risk assessments<\/strong>: enabling API vulnerability identification, prioritization, and remediation<\/li><li class=\"nitro-lazy\"><strong>Compliance<\/strong>: mitigate risks arising from accidental sensitive data exposures that lead to compliance violations, fines, and penalties<\/li><li class=\"nitro-lazy\"><strong>Vendor risk management:<\/strong> visibility into third-party security practices by understanding the services, applications, and environments that they can impact<\/li><li class=\"nitro-lazy\"><strong>Incident response<\/strong>: faster detection, investigation, and response times by understanding potential entry points, impacted services, and data leak paths<\/li><li class=\"nitro-lazy\"><strong>Policy enforcement<\/strong>: ensuring all internal and external APIs follow the company\u2019s security policies and best practices<\/li><li class=\"nitro-lazy\">T<strong>raining and awareness<\/strong>: providing appropriate educational resources for developers and IT staff<\/li><\/ul><p>\u00a0<\/p><p>Beyond the security use case, API discovery provides these additional benefits:<\/p><ul><li class=\"nitro-lazy\">Faster integrations by understanding available endpoints, methods, and data formats<\/li><li class=\"nitro-lazy\">Microservice architecture management by tracking services, health status, and interdependencies<\/li><li class=\"nitro-lazy\">Enhanced product innovation and value by understanding API capabilities and limitations<\/li><li class=\"nitro-lazy\">Increased revenue by understanding API usage<\/li><\/ul><p>\u00a0<\/p><h2>Using automation for API discovery<\/h2><p>While developers can manually discover APIs, the process is expensive, inefficient, and risky. Manual API discovery processes are limited because they are:<\/p><ul><li class=\"nitro-lazy\"><strong>Time-consuming<\/strong>: With the <a href=\"https:\/\/graylog.org\/wp-content\/uploads\/2024\/02\/API_Security_1.pdf\">average organization<\/a> integrating over 9,000 known APIs, manual processes for identifying unknown or unmanaged APIs can be overwhelming, even in a smaller environment.<\/li><li class=\"nitro-lazy\"><strong>Error-prone<\/strong>: Discovering all APIs, including undocumented ones and those embedded in code, can lead to incomplete discovery, outdated information, or incorrect documentation.<\/li><li class=\"nitro-lazy\"><strong>Resource-intensive<\/strong>: Manual discovery processes require manual inventory maintenance.<\/li><\/ul><p>\u00a0<\/p><p>Automated tools make API discovery more comprehensive while reducing overall costs. Automated API discovery tools provide the following benefits:<\/p><ul><li class=\"nitro-lazy\"><strong>Efficiency<\/strong>: Scanners can quickly identify APIs, enabling developers to focus on more important work.<\/li><li class=\"nitro-lazy\"><strong>Accurate, comprehensive inventory<\/strong>: API discovery tools can identify embedded and undocumented APIs, enhancing security and documentation.<\/li><li class=\"nitro-lazy\"><strong>Cost savings<\/strong>: Automation takes less time to scan for updated information, reducing maintenance costs.<\/li><\/ul><p>\u00a0<\/p><p>\u00a0<\/p><h2>What to look for in an API discovery tool<\/h2><p>While different automated tools can help you discover the APIs across your environment, you should know the capabilities that you need and what to look for.<\/p><h3>Continuous API Discovery<\/h3><p>Developers can deliver new builds multiple times a day, continuously changing the API landscape and risk profile. For an accurate inventory and comprehensive visibility, you should look for a solution that scans:<\/p><ul><li class=\"nitro-lazy\">All API traffic at runtime<\/li><li class=\"nitro-lazy\">Categorizes API calls<\/li><li class=\"nitro-lazy\">Sorts incoming traffic into domain buckets<\/li><\/ul><p>For example, when discovering APIs by domain, the solution includes cases where:<\/p><ul><li class=\"nitro-lazy\">Domains are missing<\/li><li class=\"nitro-lazy\">Public or Private IP addresses are used<\/li><\/ul><p>With the ability to identify shadow and deprecated APIs, the solution should give you a way to add domains to the:<\/p><ul><li class=\"nitro-lazy\">Monitoring list so you can start tracking them in the system<\/li><li class=\"nitro-lazy\">Prohibited list so that the domain should never be used<\/li><\/ul><p>\u00a0<\/p><p><picture class=\"aligncenter wp-image-25924 size-full\"><img decoding=\"async\" class=\"alignnone size-full\" src=\"https:\/\/cdn-jnkep.nitrocdn.com\/GTmurwhroBoLJVMAHNGccmBVEhSunPoF\/assets\/images\/optimized\/rev-ed4d356\/graylog.org\/wp-content\/uploads\/2024\/05\/API-Security-Search.png.webp\" width=\"1677\" height=\"939\" \/><\/picture><\/p><p>\u00a0<\/p><h3>Vulnerability Identification<\/h3><h3>An API discovery solution that analyzes all traffic can also identify potential security vulnerabilities. When choosing a solution, you should consider whether it contains the following capabilities:<\/h3><ul><li class=\"nitro-lazy\">Captures unfiltered API request and response detail<\/li><li class=\"nitro-lazy\">Enhances details with runtime analysis<\/li><li class=\"nitro-lazy\">Creates an accessible datastore for attack detection<\/li><li class=\"nitro-lazy\">Identified common threats and API failures aligned to OWASP and MITRE guidance<\/li><li class=\"nitro-lazy\">Automatic remediation tops with actionable solutions that enable the teams to optimize critical metrics like Mean Time to Response (MTTR)<\/li><\/ul><h3>Risk Assessment and Scoring<\/h3><p>Every identified API and vulnerability increases the organization\u2019s risk. To appropriately mitigate risk arising from previously unidentified and unmanaged APIs, the solution should provide automated risk assessment and scoring. With visibility into the type of API and the high-risk areas that should be prioritized, Security and DevOps teams can focus on the most risky APIs first.<\/p><p><picture class=\"aligncenter wp-image-24116 size-full\"><img decoding=\"async\" class=\"alignnone size-full\" src=\"https:\/\/cdn-jnkep.nitrocdn.com\/GTmurwhroBoLJVMAHNGccmBVEhSunPoF\/assets\/images\/optimized\/rev-ed4d356\/graylog.org\/wp-content\/uploads\/2024\/04\/API-Security-Overview-Dashboard-1024x598-1.jpg.webp\" width=\"1024\" height=\"598\" \/><\/picture><\/p><p>\u00a0<\/p><h2>Graylog API Security: Continuous, Real-Time API Discovery<\/h2><p>Graylog API Security is continuous API security, scanning all API traffic at runtime for active<\/p><p>attacks and threats. Mapped to security and quality rules, Graylog API Security captures<\/p><p>complete request and response details, creating a readily accessible datastore for attack<\/p><p>detection, fast triage, and threat intelligence. With visibility inside the perimeter,<\/p><p>organizations can detect attack traffic from valid users before it reaches their applications.<\/p><p>\u00a0<\/p><p>Graylog API Security captures details to immediately identify valid traffic from malicious<\/p><p>actions, adding active API intelligence to your security stack. Think of it as a \u201csecurity<\/p><p>analyst in-a-box,\u201d automating API security by detecting and alerting on zero-day attacks<\/p><p>and threats. Our pre-configured signatures identify common threats and API failures and<\/p><p>integrate with communication tools like Slack, Teams, Gchat, JIRA or via webhooks.<\/p><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2004c86 elementor-widget elementor-widget-shortcode\" data-id=\"2004c86\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\">\n\t\t<div data-elementor-type=\"page\" data-elementor-id=\"93504\" class=\"elementor elementor-93504\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-6461a578 elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"6461a578\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2f063c39\" data-id=\"2f063c39\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-14e1df2a elementor-widget elementor-widget-text-editor\" data-id=\"14e1df2a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>About Graylog\u00a0\u00a0<\/strong><br \/>At Graylog, our vision is a secure digital world where organizations of all sizes can effectively guard against cyber threats. We\u2019re committed to turning this vision into reality by providing Threat Detection &amp; Response that sets the standard for excellence. Our cloud-native architecture delivers SIEM, API Security, and Enterprise Log Management solutions that are not just efficient and effective\u2014whether hosted by us, on-premises, or in your cloud\u2014but also deliver a fantastic Analyst Experience at the lowest total cost of ownership. We aim to equip security analysts with the best tools for the job, empowering every organization to stand resilient in the ever-evolving cybersecurity landscape.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\t\t<div data-elementor-type=\"page\" data-elementor-id=\"18103\" class=\"elementor elementor-18103\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a437045 elementor-widget elementor-widget-image-box\" data-id=\"a437045\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-image-box-wrapper\"><div class=\"elementor-image-box-content\"><h3 class=\"elementor-image-box-title\">About Version 2 Digital<\/h3><p class=\"elementor-image-box-description\">Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n<br><br>\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>For Star Trek fans, space may be the final frontier, bu [&hellip;]<\/p>\n","protected":false},"author":149011790,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":true},"categories":[1303,1305,61],"tags":[1077,1304],"class_list":["post-105577","post","type-post","status-publish","format-standard","hentry","category-graylog","category-1305","category-press-release","tag-1077","tag-graylog"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Why API Discovery Is Critical to Security - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/graylog.org\/post\/why-api-discovery-is-critical-to-security\/\" \/>\n<meta property=\"og:locale\" content=\"zh_HK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Why API Discovery Is Critical to Security - Version 2\" \/>\n<meta property=\"og:description\" content=\"For Star Trek fans, space may be the final frontier, bu [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/graylog.org\/post\/why-api-discovery-is-critical-to-security\/\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2025-03-12T07:14:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-03-12T07:17:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn-jnkep.nitrocdn.com\/GTmurwhroBoLJVMAHNGccmBVEhSunPoF\/assets\/images\/optimized\/rev-ed4d356\/graylog.org\/wp-content\/uploads\/2024\/05\/WhyAPIDiscovery-toSecurity.jpg.webp\" \/>\n<meta name=\"author\" content=\"tracylamv2\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"tracylamv2\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9810\u8a08\u95b1\u8b80\u6642\u9593\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 \u5206\u9418\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/graylog.org\\\/post\\\/why-api-discovery-is-critical-to-security\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/2025\\\/03\\\/why-api-discovery-is-critical-to-security\\\/\"},\"author\":{\"name\":\"tracylamv2\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/011bc7c3731c930bcfeecd52fefb6365\"},\"headline\":\"Why API Discovery Is Critical to Security\",\"datePublished\":\"2025-03-12T07:14:33+00:00\",\"dateModified\":\"2025-03-12T07:17:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/2025\\\/03\\\/why-api-discovery-is-critical-to-security\\\/\"},\"wordCount\":1042,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/graylog.org\\\/post\\\/why-api-discovery-is-critical-to-security\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cdn-jnkep.nitrocdn.com\\\/GTmurwhroBoLJVMAHNGccmBVEhSunPoF\\\/assets\\\/images\\\/optimized\\\/rev-ed4d356\\\/graylog.org\\\/wp-content\\\/uploads\\\/2024\\\/05\\\/WhyAPIDiscovery-toSecurity.jpg.webp\",\"keywords\":[\"2025\",\"Graylog\"],\"articleSection\":[\"Graylog\",\"2025\",\"Press Release\"],\"inLanguage\":\"zh-HK\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/graylog.org\\\/post\\\/why-api-discovery-is-critical-to-security\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/2025\\\/03\\\/why-api-discovery-is-critical-to-security\\\/\",\"url\":\"https:\\\/\\\/graylog.org\\\/post\\\/why-api-discovery-is-critical-to-security\\\/\",\"name\":\"Why API Discovery Is Critical to Security - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/graylog.org\\\/post\\\/why-api-discovery-is-critical-to-security\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/graylog.org\\\/post\\\/why-api-discovery-is-critical-to-security\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cdn-jnkep.nitrocdn.com\\\/GTmurwhroBoLJVMAHNGccmBVEhSunPoF\\\/assets\\\/images\\\/optimized\\\/rev-ed4d356\\\/graylog.org\\\/wp-content\\\/uploads\\\/2024\\\/05\\\/WhyAPIDiscovery-toSecurity.jpg.webp\",\"datePublished\":\"2025-03-12T07:14:33+00:00\",\"dateModified\":\"2025-03-12T07:17:25+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/graylog.org\\\/post\\\/why-api-discovery-is-critical-to-security\\\/#breadcrumb\"},\"inLanguage\":\"zh-HK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/graylog.org\\\/post\\\/why-api-discovery-is-critical-to-security\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/graylog.org\\\/post\\\/why-api-discovery-is-critical-to-security\\\/#primaryimage\",\"url\":\"https:\\\/\\\/cdn-jnkep.nitrocdn.com\\\/GTmurwhroBoLJVMAHNGccmBVEhSunPoF\\\/assets\\\/images\\\/optimized\\\/rev-ed4d356\\\/graylog.org\\\/wp-content\\\/uploads\\\/2024\\\/05\\\/WhyAPIDiscovery-toSecurity.jpg.webp\",\"contentUrl\":\"https:\\\/\\\/cdn-jnkep.nitrocdn.com\\\/GTmurwhroBoLJVMAHNGccmBVEhSunPoF\\\/assets\\\/images\\\/optimized\\\/rev-ed4d356\\\/graylog.org\\\/wp-content\\\/uploads\\\/2024\\\/05\\\/WhyAPIDiscovery-toSecurity.jpg.webp\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/graylog.org\\\/post\\\/why-api-discovery-is-critical-to-security\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Why API Discovery Is Critical to Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"zh-HK\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/011bc7c3731c930bcfeecd52fefb6365\",\"name\":\"tracylamv2\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g\",\"caption\":\"tracylamv2\"},\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/author\\\/tracylamv2\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Why API Discovery Is Critical to Security - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/graylog.org\/post\/why-api-discovery-is-critical-to-security\/","og_locale":"zh_HK","og_type":"article","og_title":"Why API Discovery Is Critical to Security - Version 2","og_description":"For Star Trek fans, space may be the final frontier, bu [&hellip;]","og_url":"https:\/\/graylog.org\/post\/why-api-discovery-is-critical-to-security\/","og_site_name":"Version 2","article_published_time":"2025-03-12T07:14:33+00:00","article_modified_time":"2025-03-12T07:17:25+00:00","og_image":[{"url":"https:\/\/cdn-jnkep.nitrocdn.com\/GTmurwhroBoLJVMAHNGccmBVEhSunPoF\/assets\/images\/optimized\/rev-ed4d356\/graylog.org\/wp-content\/uploads\/2024\/05\/WhyAPIDiscovery-toSecurity.jpg.webp","type":"","width":"","height":""}],"author":"tracylamv2","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"tracylamv2","\u9810\u8a08\u95b1\u8b80\u6642\u9593":"11 \u5206\u9418"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/graylog.org\/post\/why-api-discovery-is-critical-to-security\/#article","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/2025\/03\/why-api-discovery-is-critical-to-security\/"},"author":{"name":"tracylamv2","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/011bc7c3731c930bcfeecd52fefb6365"},"headline":"Why API Discovery Is Critical to Security","datePublished":"2025-03-12T07:14:33+00:00","dateModified":"2025-03-12T07:17:25+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/zh\/2025\/03\/why-api-discovery-is-critical-to-security\/"},"wordCount":1042,"commentCount":0,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"image":{"@id":"https:\/\/graylog.org\/post\/why-api-discovery-is-critical-to-security\/#primaryimage"},"thumbnailUrl":"https:\/\/cdn-jnkep.nitrocdn.com\/GTmurwhroBoLJVMAHNGccmBVEhSunPoF\/assets\/images\/optimized\/rev-ed4d356\/graylog.org\/wp-content\/uploads\/2024\/05\/WhyAPIDiscovery-toSecurity.jpg.webp","keywords":["2025","Graylog"],"articleSection":["Graylog","2025","Press Release"],"inLanguage":"zh-HK","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/graylog.org\/post\/why-api-discovery-is-critical-to-security\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/version-2.com\/zh\/2025\/03\/why-api-discovery-is-critical-to-security\/","url":"https:\/\/graylog.org\/post\/why-api-discovery-is-critical-to-security\/","name":"Why API Discovery Is Critical to Security - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/graylog.org\/post\/why-api-discovery-is-critical-to-security\/#primaryimage"},"image":{"@id":"https:\/\/graylog.org\/post\/why-api-discovery-is-critical-to-security\/#primaryimage"},"thumbnailUrl":"https:\/\/cdn-jnkep.nitrocdn.com\/GTmurwhroBoLJVMAHNGccmBVEhSunPoF\/assets\/images\/optimized\/rev-ed4d356\/graylog.org\/wp-content\/uploads\/2024\/05\/WhyAPIDiscovery-toSecurity.jpg.webp","datePublished":"2025-03-12T07:14:33+00:00","dateModified":"2025-03-12T07:17:25+00:00","breadcrumb":{"@id":"https:\/\/graylog.org\/post\/why-api-discovery-is-critical-to-security\/#breadcrumb"},"inLanguage":"zh-HK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/graylog.org\/post\/why-api-discovery-is-critical-to-security\/"]}]},{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/graylog.org\/post\/why-api-discovery-is-critical-to-security\/#primaryimage","url":"https:\/\/cdn-jnkep.nitrocdn.com\/GTmurwhroBoLJVMAHNGccmBVEhSunPoF\/assets\/images\/optimized\/rev-ed4d356\/graylog.org\/wp-content\/uploads\/2024\/05\/WhyAPIDiscovery-toSecurity.jpg.webp","contentUrl":"https:\/\/cdn-jnkep.nitrocdn.com\/GTmurwhroBoLJVMAHNGccmBVEhSunPoF\/assets\/images\/optimized\/rev-ed4d356\/graylog.org\/wp-content\/uploads\/2024\/05\/WhyAPIDiscovery-toSecurity.jpg.webp"},{"@type":"BreadcrumbList","@id":"https:\/\/graylog.org\/post\/why-api-discovery-is-critical-to-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/zh\/"},{"@type":"ListItem","position":2,"name":"Why API Discovery Is Critical to Security"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-HK"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/011bc7c3731c930bcfeecd52fefb6365","name":"tracylamv2","image":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/secure.gravatar.com\/avatar\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g","caption":"tracylamv2"},"url":"https:\/\/version-2.com\/zh\/author\/tracylamv2\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-rsR","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/105577","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/users\/149011790"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/comments?post=105577"}],"version-history":[{"count":7,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/105577\/revisions"}],"predecessor-version":[{"id":105584,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/105577\/revisions\/105584"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/media?parent=105577"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/categories?post=105577"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/tags?post=105577"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}