Developers are increasingly making use of APIs to accelerate their software’s time to market. While extremely beneficial to the business, the growing trend of leveraging APIs coupled with building applications in a cloud native environment has brought into focus the need for increased visibility and security for APIs.
APIs, as designed, often differ from their runtime state due to differences over time, deprecated APIs, zombie APIs, and breaking backward compatibility. Many applications do not give clients access to their OpenAPI specification, making new integrations and API risk assessment difficult at best. In short, whether it is a developer leveraging internal APIs, consuming a 3rd party API or producing an API as a service, there is an urgent need for visibility into what APIs are being used in cloud native environments and their security posture.
Communication between applications can be compared to communication between people. Without such a protocol, communication would be impossible. To draw a Star Trek analogy: imagine Starfleet officers meeting Klingons for the first time and having to reconstruct the Klingon language to be able to understand them.
Just as Starfleet officers will draw linguistic inferences by making use of rules, so too will APIClarity in reconstructing the API specifications. This concept forms the basis of specification reconstruction.
Optic, Avantation, har2openAPI, Response2Schema, InducOapi, SwagDefGen, API Shark, and SwaggerHub are all tools that provide OpenAPI specification reconstruction, that are currently free. However, these tools (apart from Optic, SwaggerHub, and API Shark) do not have the capability to aggregate and detect specification differences over time (i.e., a learning phase) Additionally, most of them do not have a review phase, where developers are allowed to modify the specification.
In addition to the above, other vendors include Akita, Imvision and Salt, but these products are not open source solutions.
To access APIClarity on Github, click here:
APIClarity is an open source tool, built to reconstruct OpenAPI specifications from real-time traffic seamlessly. APIClarity leverages a service-mesh framework to capture all API traffic in an existing environment. Use APIClarity to:
APIClarity’s contributor roadmap includes gRPC, Protobuf, and more. To learn more, tweet us at #APIClarity.
Via Seamless deployments, without SDKs, code instrumentation or workload modification, APIClarity provides:
API Visibility: Automatically produce a complete inventory of your APIs
Reconstruction of API Specifications: APIClarity will monitor API traffic to learn how the API communicates to generate an API reconstruction. APIClarity will aggregate events over time. At any point, review and apply the reconstructed specification.
Detect API Specification deviations (Realtime and over-time): Detect any deviation in real-time communication from the set specifications in real time or leveraging APIClarity’s ability to aggregate events, over a duration of time. Easily compare for differences via provided specifications (uploaded) or reconstructed specifications
Identifying the OpenAPI protocol is the first step to adding visibility into API calls and strengthening API security. It can be used to:
On September 21, 2021, the CNCF hosted a webinar on APIClarity, which is available for replay here. To get started using APIClarity today, access it here via GitHub.
APIClarity is a project from the Emerging Technologies & Incubation team at Cisco. Learn more about our projects and team on Twitter @ciscoemerge or LinkedIn.
In addition to APIClarity, you can also leverage other security solutions, from Cisco, including SecureCN, SecureApp, or SecureWorkload for comprehensive security across your APIs, cloud native applications, and infrastructure.