{"id":90,"date":"2023-11-06T20:56:19","date_gmt":"2023-11-06T20:56:19","guid":{"rendered":"https:\/\/www.cycognito.com\/blog\/?p=90"},"modified":"2024-05-21T11:02:46","modified_gmt":"2024-05-21T18:02:46","slug":"api-detection-with-cycognito","status":"publish","type":"post","link":"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/","title":{"rendered":"API Detection with CyCognito"},"content":{"rendered":"\n<p>CyCognito Attack Surface Management (ASM) now offers the ability to discover APIs on an organization\u2019s attack surface. Given the proliferation of APIs and their attractiveness to attackers, this capability is an important new tool for security teams. This post describes the issue and how CyCognito ASM solves it.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Are APIs a Security Problem?<\/h2>\n\n\n\n<p>Most modern applications are built using APIs. This has caused an explosion in public-facing APIs on the internet. It\u2019s not uncommon for an enterprise to have hundreds or even thousands of APIs exposed.<\/p>\n\n\n\n<p><a href=\"https:\/\/www.gartner.com\/en\/documents\/3970520\/gartner-s-api-strategy-maturity-model\">According to Gartner<\/a>, 90% of web-enabled applications will have more attack surface area in exposed APIs rather than in the user interface.&nbsp;<a href=\"https:\/\/www.gartner.com\/en\/documents\/3985290\/cool-vendors-in-api-strategy\">Gartner also predicted<\/a>&nbsp;that in 2022, API abuses will move from infrequent to the most frequent attack vector.&nbsp;<a href=\"https:\/\/salt.security\/press-releases\/salt-security-state-of-api-security-report-reveals-94-of-companies-experienced-security-incidents-in-production-apis-in-the-past-year\">Salt Security research<\/a>&nbsp;showed that 94% of organizations experienced security problems in production APIs in 2022, and one in five suffered a data breach due to security gaps in APIs.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why APIs Are Attractive to Attackers<\/h2>\n\n\n\n<p>APIs, by nature, have access to application logic, sensitive data, databases, and the underlying infrastructure of applications using them. They are prime targets for attackers. Moreover, they are easy to deploy and integrate &#8211; making them harder to track and manage by security teams.<\/p>\n\n\n\n<p>There are many ways attackers can threaten an API:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Accessing information they should not be able to access, e.g., data exfiltration<\/li>\n\n\n\n<li>Changing or exploiting the API or underlying server, e.g., SQL injection<\/li>\n\n\n\n<li>Preventing the API from working by overwhelming it with a DDoS attack<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">What Are Rogue, Shadow, and Zombie APIs?<\/h2>\n\n\n\n<p>Many organizations now use&nbsp;<a href=\"https:\/\/konghq.com\/learning-center\/api-gateway\/what-is-an-api-gateway\">API gateways<\/a>&nbsp;to handle common management tasks like authentication, rate limiting, and reporting. APIs are deployed via the gateway and can therefore be managed and tested properly.<\/p>\n\n\n\n<p>Not surprisingly, not every API is deployed using a gateway. These unmanaged APIs pose significant security risks. There are three classes of unmanaged APIs:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Shadow APIs<\/strong>&nbsp;&#8211; Any undocumented and unmonitored API used in an application, including untracked use of a third-party API<\/li>\n\n\n\n<li><strong>Zombie APIs<\/strong>&nbsp;&#8211; Any unmaintained API that is still accessible in production, often an old version<\/li>\n\n\n\n<li><strong>Rogue APIs<\/strong>&nbsp;&#8211; Any API that provides unauthorized access to data or operations. These can be created with malicious intent or caused by security flaws.<\/li>\n<\/ul>\n\n\n\n<p>All three of the above need to be known to an organization to manage risk.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Discovering and Viewing APIs Using CyCognito<\/h2>\n\n\n\n<p>To discover APIs, the Cycognito platform sends a normal HTTP request to each URL owned by an organization and then analyzes the response. If two or more of the following criteria are met, the platform tags that URL as an API endpoint:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>URL contains \u201capi,\u201d \u201capis\u201d and the like.<\/li>\n\n\n\n<li>URL contains specific paths that are known to be APIs, for example \u2018\/xmlrpc.php\u2019<\/li>\n\n\n\n<li>HTTP response contains known content which is related to APIs&nbsp;<\/li>\n\n\n\n<li>HTTP content type is either XML or JSON<\/li>\n<\/ul>\n\n\n\n<p>The primary way to view APIs in the Cycognito platform is via the API Dashboard (<strong>Attack Surface &gt; Views &gt; API Dashboard<\/strong>). The following information is available, as shown in Figure 1 below.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Total \u2013 Your total number of API endpoints discovered by CyCognito. (top left)<\/li>\n\n\n\n<li>At risk \u2013 The number of API endpoints that are considered to be at risk. This means the API is found on a web application that has critical- or high-severity issues. (top middle)<\/li>\n\n\n\n<li>The donut chart shows the distribution of API endpoints according to whether or not they are considered to be at risk<\/li>\n\n\n\n<li>APIs per organization \u2013 Shows how API endpoints are distributed across organizations. (lower left graph)<\/li>\n\n\n\n<li>Hosting type over time \u2013 Shows how API endpoints are distributed over time according to their hosting type: owned, cloud, or other. (lower right graph)<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignleft\"><img loading=\"lazy\" decoding=\"async\" width=\"1367\" height=\"531\" src=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-6.png\" alt=\"The API Dashboard shows total APIs by type, per organization, and those at risk.\" class=\"wp-image-95\" srcset=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-6.png 1367w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-6-512x199.png 512w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-6-1280x497.png 1280w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-6-768x298.png 768w\" sizes=\"auto, (max-width: 1367px) 100vw, 1367px\" \/><\/figure><\/div>\n\n\n<p><em>Figure 1: The API Dashboard shows total APIs by type, per organization, and those at risk.<\/em><\/p>\n\n\n\n<p>The API Dashboard can also show you the security posture of your APIs. This allows you to assess the risk associated with your API endpoints and take necessary measures to enhance protection.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>HTTPS encryption adoption for API endpoints \u2013 Shows the distribution of API endpoints according to whether or not they have adopted HTTPS encryption.<\/li>\n\n\n\n<li>Web apps with API protected by WAF \u2013 Shows the distribution of API endpoints according to whether or not their hosting web application is protected by a WAF.<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignleft\"><img loading=\"lazy\" decoding=\"async\" width=\"1457\" height=\"522\" src=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-7.png\" alt=\"Security posture dashboard shows 34 endpoints without HTTPS and 231 without WAF protection.\" class=\"wp-image-96\" srcset=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-7.png 1457w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-7-512x183.png 512w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-7-1280x459.png 1280w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-7-768x275.png 768w\" sizes=\"auto, (max-width: 1457px) 100vw, 1457px\" \/><\/figure><\/div>\n\n\n<p><em>Figure 2: Security posture dashboard shows 34 endpoints without HTTPS and 231 without WAF protection.<\/em><\/p>\n\n\n\n<p>The information can be accessed on the Asset List by using the Filter &amp; Search keyword&nbsp;<strong>WEB APPLICATION CONTAINS API ENDPOINTS<\/strong>. The Asset Details page of a particular web application will also show related APIs. This information is also available via the CyCognito API.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Getting a Handle on Unmanaged APIs<\/h2>\n\n\n\n<p>One of the benefits of the CyCognito platform is asset attribution. Using this feature, a security team can understand what team owns the unmanaged API.<\/p>\n\n\n\n<p>Typically, there are three ways to go for remediation, which include both ongoing management of the APIs and fixing any immediate security issue(s).<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Register in API Gateway<\/strong>&nbsp;&#8211; the Cycognito platform can export a list of APIs that an organization can import into an API Gateway like Apigee (Google), Kong, or Mulesoft (Salesforce).<\/li>\n\n\n\n<li><strong>Register in API Security Tool<\/strong>&nbsp;&#8211; these tools have limited discovery capabilities. Importing a list of previously unknown APIs to a tool from vendors like <a href=\"http:\/\/nonamesecurity.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Noname Security<\/a> or Salt Security would add them to the ongoing testing of these APIs.<\/li>\n\n\n\n<li><strong>Send to Security for Fix<\/strong>&nbsp;&#8211; use CyCognito integrations to send issues to a ticketing system (Jira, ServiceNow) or security orchestration, SOAR, platform like Palo Alto Cortex XSOAR. Configuring a WAF to protect an API would be a straightforward fix, for example.<\/li>\n<\/ul>\n\n\n\n<p>The feature is currently available to all CyCognito customers. Simply navigate to the API Dashboard, shown above in Figure 1, to start. If you are not a CyCognito customer and are interested in a demo, please&nbsp;<a href=\"\/contact\/\">contact us<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CyCognito Attack Surface Management (ASM) now offers the ability to discover APIs on an organization\u2019s attack surface. Given the proliferation of APIs and their attractiveness to attackers, this capability is an important new tool for security teams. This post describes the issue and how CyCognito ASM solves it.<\/p>\n","protected":false},"author":10,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[25,24,26,6,11],"class_list":["post-90","post","type-post","status-publish","format-standard","hentry","category-product","tag-api-dashboard","tag-application-programming-interface","tag-asset-attribution","tag-attack-surface-management","tag-discovery"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>API Detection with CyCognito | CyCognito Blog<\/title>\n<meta name=\"description\" content=\"CyCognito Attack Surface Management (ASM) now offers the ability to discover APIs on an organization\u2019s attack surface. Given the proliferation of APIs and their attractiveness to attackers, this capability is an important new tool for security teams. This post describes the issue and how CyCognito ASM solves it.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"API Detection with CyCognito | CyCognito Blog\" \/>\n<meta property=\"og:description\" content=\"CyCognito Attack Surface Management (ASM) now offers the ability to discover APIs on an organization\u2019s attack surface. Given the proliferation of APIs and their attractiveness to attackers, this capability is an important new tool for security teams. This post describes the issue and how CyCognito ASM solves it.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/\" \/>\n<meta property=\"og:site_name\" content=\"CyCognito Blog\" \/>\n<meta property=\"article:published_time\" content=\"2023-11-06T20:56:19+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-21T18:02:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-6.png\" \/>\n<meta name=\"author\" content=\"Tim Matthews\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tim Matthews\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/\"},\"author\":{\"name\":\"Tim Matthews\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/17004ccbc53269f484e688caf8533230\"},\"headline\":\"API Detection with CyCognito\",\"datePublished\":\"2023-11-06T20:56:19+00:00\",\"dateModified\":\"2024-05-21T18:02:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/\"},\"wordCount\":984,\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-6.png\",\"keywords\":[\"API Dashboard\",\"Application Programming Interface\",\"Asset Attribution\",\"Attack Surface Management\",\"Discovery\"],\"articleSection\":[\"Product\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/\",\"name\":\"API Detection with CyCognito | CyCognito Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-6.png\",\"datePublished\":\"2023-11-06T20:56:19+00:00\",\"dateModified\":\"2024-05-21T18:02:46+00:00\",\"description\":\"CyCognito Attack Surface Management (ASM) now offers the ability to discover APIs on an organization\u2019s attack surface. Given the proliferation of APIs and their attractiveness to attackers, this capability is an important new tool for security teams. This post describes the issue and how CyCognito ASM solves it.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/#primaryimage\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-6.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-6.png\",\"width\":1367,\"height\":531},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.cycognito.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"API Detection with CyCognito\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"name\":\"Cycognito Blog\",\"description\":\"Research, Product News and Latest Updates\",\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\",\"name\":\"Cycognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"width\":1720,\"height\":550,\"caption\":\"Cycognito\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/17004ccbc53269f484e688caf8533230\",\"name\":\"Tim Matthews\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d7b50f723af945532afa09969dd8aa1e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d7b50f723af945532afa09969dd8aa1e?s=96&d=mm&r=g\",\"caption\":\"Tim Matthews\"},\"description\":\"Was Chief Marketing Officer\",\"url\":\"https:\/\/www.cycognito.com\/blog\/author\/tim-matthews\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"API Detection with CyCognito | CyCognito Blog","description":"CyCognito Attack Surface Management (ASM) now offers the ability to discover APIs on an organization\u2019s attack surface. Given the proliferation of APIs and their attractiveness to attackers, this capability is an important new tool for security teams. This post describes the issue and how CyCognito ASM solves it.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/","og_locale":"en_US","og_type":"article","og_title":"API Detection with CyCognito | CyCognito Blog","og_description":"CyCognito Attack Surface Management (ASM) now offers the ability to discover APIs on an organization\u2019s attack surface. Given the proliferation of APIs and their attractiveness to attackers, this capability is an important new tool for security teams. This post describes the issue and how CyCognito ASM solves it.","og_url":"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/","og_site_name":"CyCognito Blog","article_published_time":"2023-11-06T20:56:19+00:00","article_modified_time":"2024-05-21T18:02:46+00:00","og_image":[{"url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-6.png","type":"","width":"","height":""}],"author":"Tim Matthews","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Tim Matthews","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/#article","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/"},"author":{"name":"Tim Matthews","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/17004ccbc53269f484e688caf8533230"},"headline":"API Detection with CyCognito","datePublished":"2023-11-06T20:56:19+00:00","dateModified":"2024-05-21T18:02:46+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/"},"wordCount":984,"publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-6.png","keywords":["API Dashboard","Application Programming Interface","Asset Attribution","Attack Surface Management","Discovery"],"articleSection":["Product"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/","url":"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/","name":"API Detection with CyCognito | CyCognito Blog","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/#primaryimage"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-6.png","datePublished":"2023-11-06T20:56:19+00:00","dateModified":"2024-05-21T18:02:46+00:00","description":"CyCognito Attack Surface Management (ASM) now offers the ability to discover APIs on an organization\u2019s attack surface. Given the proliferation of APIs and their attractiveness to attackers, this capability is an important new tool for security teams. This post describes the issue and how CyCognito ASM solves it.","breadcrumb":{"@id":"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/#primaryimage","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-6.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-6.png","width":1367,"height":531},{"@type":"BreadcrumbList","@id":"https:\/\/www.cycognito.com\/blog\/api-detection-with-cycognito\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cycognito.com\/blog\/"},{"@type":"ListItem","position":2,"name":"API Detection with CyCognito"}]},{"@type":"WebSite","@id":"https:\/\/www.cycognito.com\/blog\/#website","url":"https:\/\/www.cycognito.com\/blog\/","name":"Cycognito Blog","description":"Research, Product News and Latest Updates","publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.cycognito.com\/blog\/#organization","name":"Cycognito","url":"https:\/\/www.cycognito.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","width":1720,"height":550,"caption":"Cycognito"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/17004ccbc53269f484e688caf8533230","name":"Tim Matthews","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d7b50f723af945532afa09969dd8aa1e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d7b50f723af945532afa09969dd8aa1e?s=96&d=mm&r=g","caption":"Tim Matthews"},"description":"Was Chief Marketing Officer","url":"https:\/\/www.cycognito.com\/blog\/author\/tim-matthews\/"}]}},"_links":{"self":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/90","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/comments?post=90"}],"version-history":[{"count":7,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/90\/revisions"}],"predecessor-version":[{"id":846,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/90\/revisions\/846"}],"wp:attachment":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/media?parent=90"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/categories?post=90"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/tags?post=90"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}