With APIs, your business is real-time and needs accurate and timely information in all aspects of its operations. 42Crunch Platform provides monitoring for your APIs and the API Firewall instances, so that you always have up-to-date information on the quality, security, and stability of your API infrastructure.
There are three types of dashboards you can use to monitor your APIs:
- General dashboard: This dashboard is fed by data from API Contract Security Audit, API Contract Conformance Scan, and your organizations in 42Crunch Platform. It collates statistics from all of your API collections and focus on the quality and security of your API definitions.
- Collection dashboards: Like the general dashboard, but the statistics are based on only the APIs in the particular API collection.
- Security dashboards: These dashboards are fed by data from API Firewall logs, and they focus on the API traffic to the protected APIs. To have data, you must first deploy an API Firewall instance to protect your API.
Each API lists the running API Firewall instances that are protecting the API in different deployments. Each API Firewall instance is powered by an engine called Guardian. As part of its operation, Guardian writes logs on the firewall operation and API transactions, and relays this information back to 42Crunch Platform. This way, you can view all the logs for your API in one place. 42Crunch Platform also provides Trace Explorer where you can check the details of individual transactions from the API traffic.
System logs on access and errors from the API Firewall instance itself (in standard Apache format) are located under
/opt/guardian/logs in the file system of the API Firewall container.
The general dashboard provides quick statistics on all your APIs and API collections. If you are an organization administrator, you can also see the number of users in your organization.
The dashboard shows how many of your APIs are valid OpenAPI definitions, and how many of them have been scanned for discrepancies in the implementation. By default, the statistics are shown for all of your APIs, but you can also view the figures by API collection.
The charts for Security Audit and Conformance Scan show how your API collections are in general in terms of quality. The statistics are for whole collections, not individual APIs. You can also change what statistics are shown, like the number of issues, or the proportion of the severity levels or categories.
If you hover on the charts, you see additional information in tool tips.
In addition to the general dashboards for all API collections in one view, the collection dashboards show the statistics for the APIs in a particular API collection.
The basic charts are the same, but because the statistics are for a single collection, there are no views to compare different collections. In addition, instead of the number of API collections and users, you can see how many API Firewall instances are in that collection.
Note Organization administrators have access to view and modify all API collections in their organization. This means that all API collections in an organization are visible to all organization administrators like the collections were their own, both on the API Collections page and in the monitoring dashboards for API collections. If an organization has several API collections, we recommend using more descriptive collection names that just organization and company name to be able to tell all collections apart.
Security dashboards summarize the API Firewall logs in an at-a-glance view of main trends in the security of a particular API. Security dashboards collate the information from all active API Firewall instances to graphical dashboards that provide an overview how your API is doing.
A security dashboard can tell you, for example:
- Which IP addresses are calling your API most frequently?
- What paths in your API get called most often?
- What HTTP status codes is your API responding to API consumers most frequently?
- What are the most common errors in transactions (both requests and responses) that do not conform to the contract set in the API definition of your API?
This information can help you detect:
- Anomalies in API traffic, like bots
- Vulnerable parts in your API which require extra security
- Potential attack vectors
Security dashboards show data on both successful and blocked API transactions, so you can compare their proportions.
In addition to the dashboards, you can also use Trace Explorer to quickly home in on any API from any collection you have access to, and view the trace of its transactions.
If the API is protected with one or more API Firewall instances, Trace Explorer shows you the transaction logs from all the instances. These logs provide detailed information on each API transaction that the firewall instances protecting the API have blocked.
Tip You can also get to the transaction logs from the Protection tab of the API.
In the transaction logs, you can see the basic information of the blocked transaction, such as:
- The method and path that was called
- Where the call originated
- What was the duration
- Why the call got blocked
For security reasons, when API Firewall blocks a request, the returned response contains just the UUID of the transaction and a minimal description of the issue. This way, the response does not reveal any information on the API, the backend, or implementation details that could be used to craft attacks against them. In 42Crunch Platform, you can then search the transactions logs for the particular UUID to retrieve the detailed trace of the blocked transaction.
If you click a transaction, you can view a summary of the request, including information on the failure. You can also check the details of the request and response flows: each step the Guardian engine performed is visible and shows information on the performance. You can also view input and output headers as well as parameters. However, transactions payloads are not visible.
If you have the protected API deployed in multiple environments, transaction logs include the logs from all firewall instances. The transaction details show the hostname of the firewall instance that blocked the transaction, so that you know where the transaction took place.
By default, API Firewall publishes logs to 42Crunch Platform, so that you can monitor the real-time traffic in the dashboards and Trace Explorer. However, you can also switch the logs destination for an API Firewall deployment to a directory you mount to it. For more details, see Switch logs destination for API Firewall logs.
After you switch the destination for logs away from 42Crunch Platform and redeploy the API Firewall instance, all new logs go to the new destination.
If your deployment originally reported logs to 42Crunch Platform, those logs remain in the platform and the data is still reflected in the dashboards. However, because you are now storing the files local to the firewall instance, data in the 42Crunch Platform is no longer updated and the real-time monitoring in the platform is not possible.
You can check from the details of active API Firewall instances where they are storing the logs: