6 Discovering APIs

In the previous chapter, we explored the foundations of attacking APIs, focusing on many of the tools that attackers use. In this chapter, we’ll use these skills to learn how to discover APIs in the real world. We will learn how to discover APIs using passive methods (where we do not interact with the API directly) and active methods (where we interact with the API directly). We will also learn how to find details of how the API is implemented and how to use this knowledge to attack an API.

For an API defender, it is important to understand the techniques used by your adversaries in discovering your APIs so that you can implement defensive measures to prevent easy discovery and further analysis. In particular, defenders should ...

Get Defending APIs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Defending APIs by Colin Domoney

6

Discovering APIs

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly