Fortinet Document Library

Version:


Table of Contents

User Guide

Download PDF
Copy Link

API Discovery (Beta)

Use Machine Learning Based API discovery to learn the REST API data structure from user traffic. By analyzing the method, URL, and endpoint data of the API request samples, FortiWeb Cloud generates a Swagger file for your application. This file describes the data structure such as the URL pattern and schema of endpoint data.

API Discovery should be used together with OpenAPI Validation, where you can upload the Swagger file. If the API request violates the structure defined in the Swagger file, FortiWeb Cloud will take actions to block, alert, etc.

API Discovery supports JSON and XML request body or responses.

API Discovery is now in Beta version. The configurations and the machine learning model data may lost when FortiWeb Cloud is upgraded.

To configure an API Discovery rule:

  1. Go to API PROTECTION > API Discovery.
    You must have already enabled this module in Add Modules. See How to add or remove a module.
  2. Select the Model Setting tab.
  3. Set the IP List Type to Trust or Block:
    1. Trust: FortiWeb Cloud collects API request samples only from the Trust source IP addresses.
    2. Block: FortiWeb Cloud collects API request samples from all source IP addresses except the ones in the Block list.

    If the IP List Type is Trust and the list is empty, FortiWeb Cloud will not collect samples from any Source IP address.

    If the IP List Type is Block and the list is empty, FortiWeb Cloud will collect samples from all Source IP addresses.

  4. Click Create New to add source IP address or IP range.
  5. Click OK.

After the API Discovery model is successfully built, you can download the swagger file in the API View tab.

When CDN is enabled, API Discovery and ML Based Detection must be disabled. This restriction will be lifted in future release.

API Discovery (Beta)

Use Machine Learning Based API discovery to learn the REST API data structure from user traffic. By analyzing the method, URL, and endpoint data of the API request samples, FortiWeb Cloud generates a Swagger file for your application. This file describes the data structure such as the URL pattern and schema of endpoint data.

API Discovery should be used together with OpenAPI Validation, where you can upload the Swagger file. If the API request violates the structure defined in the Swagger file, FortiWeb Cloud will take actions to block, alert, etc.

API Discovery supports JSON and XML request body or responses.

API Discovery is now in Beta version. The configurations and the machine learning model data may lost when FortiWeb Cloud is upgraded.

To configure an API Discovery rule:

  1. Go to API PROTECTION > API Discovery.
    You must have already enabled this module in Add Modules. See How to add or remove a module.
  2. Select the Model Setting tab.
  3. Set the IP List Type to Trust or Block:
    1. Trust: FortiWeb Cloud collects API request samples only from the Trust source IP addresses.
    2. Block: FortiWeb Cloud collects API request samples from all source IP addresses except the ones in the Block list.

    If the IP List Type is Trust and the list is empty, FortiWeb Cloud will not collect samples from any Source IP address.

    If the IP List Type is Block and the list is empty, FortiWeb Cloud will collect samples from all Source IP addresses.

  4. Click Create New to add source IP address or IP range.
  5. Click OK.

After the API Discovery model is successfully built, you can download the swagger file in the API View tab.

When CDN is enabled, API Discovery and ML Based Detection must be disabled. This restriction will be lifted in future release.