11 Observability for API security
This chapter covers
- Understanding observability and how it protects our APIs
- Using logs, traces, and metrics for API observability and security
- Instrumenting APIs to produce logs, traces, and metrics
- Using observability to detect threats and identify malicious actors
You’ve built your shiny new API and released it to the world. Developers are excited, and tons of new users are signing up to use it and integrate it into their own applications. Life is good. Within a few days, though, your customers start complaining. Your API doesn’t always work as expected. Sometimes, the API returns malformed responses; often, it’s down. Some users are reporting that their data is suddenly gone or appears to have been accessed and modified without authorization. How do you get a picture of what is going on, pin down the problems, and identify the root causes?
The answer to these questions is API observability: the practice of generating, collecting, and continuously analyzing data from our APIs. Without observability, it’s hard to tell how users engage with our APIs, trace errors, detect malicious activity, discover undocumented attack surface, and identify threats. For that reason, threat actors can sneak under the radar and attack your APIs without your knowledge. Lack of observability is a threat actor’s treasure trove.