---
title: API Posture
description: >-
  Discover API endpoints, assess endpoint risk, and verify endpoint behavior
  with API Posture in App and API Protection.
breadcrumbs: Docs > Datadog Security > App and API Protection > API Posture
---

# API Posture

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com, us2.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ({% placeholder "user-datadog-site-name" /%}).
{% /alert %}

{% /callout %}

API Posture in Datadog [App and API Protection](https://docs.datadoghq.com/security/application_security.md) (AAP) helps you discover API endpoints, understand the risk they expose, and verify how they behave.

API Posture includes:

- **API Inventory**: A catalog of the API endpoints and services in your environment.
- **API Findings**: Security findings, weaknesses, and misconfigurations tied to your API endpoints.
- **Endpoint Scanning**: Active scanning that verifies whether discovered endpoints are publicly accessible and require authentication.

- [API Inventory: View and triage API endpoints and services.](https://docs.datadoghq.com/security/application_security/api_posture/api_inventory.md)
- [Endpoint Scanning: Actively scan discovered endpoints to verify public accessibility and authentication status.](https://docs.datadoghq.com/security/application_security/api_posture/endpoint_scanning.md)