--- title: API Inventory description: >- Catalog API endpoints and services, and assess API security risk across your environment. breadcrumbs: Docs > Datadog Security > App and API Protection > API Posture > API Inventory --- # API Inventory {% callout %} # Important note for users on the following Datadog sites: app.ddog-gov.com, us2.ddog-gov.com {% alert level="danger" %} This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ({% placeholder "user-datadog-site-name" /%}). {% /alert %} {% /callout %} [API Inventory](https://app.datadoghq.com/security/appsec/inventory/apis) is a continuously updated catalog of the API endpoints and services API Posture discovers across your environment. It shows security context for each endpoint, such as authentication status, public exposure, sensitive data flows, and associated findings. Inventory consists of two explorers: - **[API Endpoints](https://docs.datadoghq.com/security/application_security/api_posture/api_inventory/api_endpoints.md)**: The API Endpoints explorer catalogs your individual endpoints, surfacing shadow APIs (undocumented endpoints with no API definition and not detected from Amazon API Gateway) and orphan APIs (documented endpoints without traffic), and helps you prioritize the endpoints most at risk. - **[Services](https://docs.datadoghq.com/security/application_security/api_posture/api_inventory/services.md)**: The Services explorer aggregates findings, vulnerabilities, and runtime signals by service, so you can assess each service's risk and security coverage. To detect and respond to weaknesses, attacks, or misconfigurations on these endpoints, use [API Findings](https://docs.datadoghq.com/security/application_security/api_posture/api_findings.md). In the API Endpoints explorer, each row displays a findings chip that opens the related finding in API Findings. ## Further reading{% #further-reading %} - [Mitigate the primary API security risks](https://www.datadoghq.com/blog/primary-risks-to-api-security/)