11 Observability for API security

 

This chapter covers

  • What observability is and how it helps us protect our APIs
  • Leveraging logs, traces, and metrics for API observability and security
  • Instrumenting APIs to produce logs, traces, and metrics
  • Leveraging observability to detect threats and identify malicious actors

You’ve built your shiny new API and released it to the world. Developers are excited, and tons of new users sign up to use it and integrate it within their own applications. Life is good. Within a few days, though, your customers start complaining. Your API doesn’t always work as expected – sometimes, it returns malformed responses. Often, the API is down. And some users are reporting that their data is suddenly gone or appears to have been accessed and modified without authorization. How do you get a picture of what is going on, pin down the problems, and identify the root causes?

The answer to these questions is API observability. API observability is the practice of generating, collecting, and continuously analyzing data from our APIs. Without observability, it’s hard to tell how users engage with our APIs, trace errors, detect malicious activity, discover undocumented attack surface, and identify threats. And because of that, threat actors can sneak under the radar and attack your APIs without your knowledge. Lack of observability is a threat actor’s treasure trove.

11.1 What is API observability

11.2 Logs, traces, and metrics

11.3 Instrumenting APIs

11.4 Logging custom events

11.5 Detecting input-based attacks

11.6 Detecting endpoint abuse attacks

11.7 Summary