For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/application_security/api_posture.md. A documentation index is available at /llms.txt.

API Posture

This product is not supported for your selected Datadog site. ().

Use API Posture in App and API Protection (AAP) to discover your APIs, assess the risks they expose, and track your security posture.

To get started, set up AAP on your services to discover endpoints from your live traffic. Other data sources, such as Amazon API Gateway and source code, require additional setup; see API Endpoints for details.

How API Posture works

API Posture brings together several capabilities, all built on the same live API data. With them, you can:

  • Discover which APIs exist with API Inventory. Inventory is a continuously updated catalog of the endpoints and services discovered across your environment, including those that are undocumented or no longer in use.
  • Assess what each API exposes with API Findings and Sensitive Data. Findings aggregate the vulnerabilities and misconfigurations tied to your endpoints, and sensitive data tagging shows which endpoints process PII, credentials, or payment data.
  • Verify which endpoints are publicly accessible, and which require authentication, using Endpoint Scanning. Endpoint Scanning probes your endpoints from outside your environment, rather than inferring behavior from observed traffic.
  • Measure your organization-wide posture in the API Posture section of the Overview page. It shows how your endpoints are discovered, which ones are exposed to attacks or process sensitive data, and your open findings by severity.

Further reading

Additional helpful documentation, links, and articles:

From discovery to defense: Securing APIs with Datadog App and API ProtectionBLOG more more