Detecting and Managing Shadow APIs

Shadow APIs are undocumented or unmanaged interfaces that operate outside the visibility of IT and security teams - often arising from legacy systems, internal testing, or overlooked development artefacts. These APIs pose serious security risks due to the lack of proper authentication, encryption, and access controls.

MaxiSafe enhances API visibility by helping organizations identify and manage shadow APIs across their infrastructure. By bringing these unmanaged interfaces under control, organizations can reduce exposure to potential vulnerabilities, prevent unauthorized access, and ensure consistent enforcement of security policies across all API endpoints.

Steps:

1. By default, the system automatically detects all API endpoints being accessed. Go to API Protection > Management > API Asset to analyse all discovered APIs.
2. Go to API Protection > Discovery > Global Settings to check all the managed detection rules. You can edit these rules to better align with your API architecture.
3. Alternatively, go to API Protection > Discovery > Settings to define custom rules tailored to your specific API design.