Make Sense of Chaos with Fastly API Discovery

TL;DR:

• APIs run everything, but they’re messy, fast-moving, and tough to secure

• Teams are drowning in shadow APIs, docs upkeep, and endless firefights

• Meet Fastly API Discovery, which gives you instant visibility in one click: no configs, no extra infrastructure

• Automatically spot unknown traffic, cut the noise, and keep APIs secure and compliant

• Less time chasing surprises, more time building cool stuff 🚀 (and maybe even a little more sleep)

Here at Fastly, we talk to developers and platform teams a lot. What’s the key takeaway from these conversations? Everyone is tired, and we could all use a longer weekend (or at least another nap😴).

Production environments are always changing. Every day, the mountain of inherited technical debt gets larger, products need to be built and shipped faster, and documentation upkeep gets harder. It gets even more complicated when your teams are restructured, when key members of technical staff leave or change jobs, or new technology is acquired and integrated as part of a merger. You have limited visibility into what your software is doing on an ongoing basis, despite more tools than ever before being designed and built to do that exact job.

Instead of being a hero and stopping problems before they start, you play an endless game of whack-a-mole when things inevitably break (hello, all-nighters – hope you brought your energy drinks). Despite all these challenges, you still have to deliver production software quickly and effectively. When the pace never slows down, it’s hard to make sense of the chaos, and that would make any sensible person struggle to sleep at night.

Securing production software is hard 😵‍💫

In particular, securing APIs is really hard. APIs are the lifeblood of modern organizations – they’re how applications offer the bulk of their digital functionality to their users, and they’re how most production systems transfer the sensitive, high-value data desired most by cyber attackers. But APIs are difficult to manage and even more challenging to secure. They move fast and break often, and are notoriously popular targets for exploitation. It’s not easy to stay on top of what’s going on in a modern production system, and it gets worse when it’s happening under the hood. APIs are difficult to understand and maintain even under normal conditions, and it’s difficult to do anything about API misuse before it happens. A rigorous API lifecycle process would help, but who has the time to develop and maintain a complex process when you’re struggling to maintain docs, identify shadow APIs, or go deep on the nuances of one API to solve production issues that are impacting your business?

Our network handles a tremendous amount of the world’s internet traffic, which helps us to keep watch over relevant trends in API usage and security challenges across our customer base. A recent Fastly survey indicated an average of 145 applications to secure in the enterprise, and all of those accompanying APIs need to be built, integrated, monitored, managed, deprecated, and secured by the same overburdened teams. Not only do you need to manage the APIs you’ve created internally, but also any critical functionality that enters your platform through infrastructure-as-code or any third-party integrations with API access. To make matters worse, the explosion of usage in AI platforms and LLMs (and their accompanying APIs) has led to an unprecedented increase in API requests, management challenges, and security gaps that no existing API management solution was adequately designed to handle.

No alarms and no surprises 🚨

Depending on the size of your team, one engineer might be responsible for hundreds of APIs, and many of them transfer valuable and sensitive customer data. There are never enough hours in the day to fully understand them all before something inevitably breaks, and either causes a production issue or creates vulnerability to a security incident. The API management process is often opaque, with manual processes and limited resources. Without adequate automation and transparency, it’s difficult to get the right context to make confident API management and abuse mitigation decisions. 90% of security decision-makers report that the current economic and political climate has impacted their security budget and buying decisions, which means it’s more important than ever to simplify things to save money, time, and energy while building and developing your production environments.

Put simply: when it comes to API management, you don’t want any surprises. To make effective decisions, you need to know that APIs are behaving as expected and that they do exactly what they say they will. This means that your APIs are being accessed properly, that they respond to requests appropriately, and that they remain compliant with company policies, brand and data privacy standards, and regulatory requirements of your specific industry. Maintaining what exists is one piece – but you also need to add new APIs, update existing APIs with new features or fixes, deprecate, redirect, and remove old APIs, and circulate API documentation to internal and external stakeholders. None of this is possible if you don’t know what exists, and “what exists” is a constantly moving target. Even if you have documentation on the ideal state of API functionality, you need true and timely data on the observable state of your API universe to build effective schema management and API security enforcement.

Defend and manage your APIs everywhere 💪

Managing your APIs doesn’t have to be a burden, and the first step in cleaning up any mess is knowing what you have to clean up. We’re excited to launch Fastly API Discovery, built to help you discover, monitor, and secure your APIs easily. By continuously monitoring your API traffic within Fastly’s extensive Edge network, this new tool is designed to understand your API attack surface, automate your API governance, and supercharge your dev workflows. 

With just one click to activate, Fastly API Discovery builds an instant and continually updated snapshot of your API traffic across the Fastly edge network in seconds. Knowledge is power – you’ll be able to quickly understand what’s happening, identify any unknown or unwanted API traffic to evaluate or deprecate, gain confidence that your APIs are working as expected, and make targeted API abuse mitigation decisions across the Fastly platform.

Figure 1: API Discovery

Turn it on and start discovering

API management can be difficult, but API Discovery is designed to be easy. You can enable API Discovery on your existing Fastly Delivery or Compute services with a single toggle, and start getting data right away – no messy configurations or deployments required! The service will automatically identify and record the incoming API requests to your services, and you’ll never miss anything new. You can easily aggregate APIs by domain, normalized URL path, and method. You’ll detect new, updated, and unintended API requests automatically, and it’s easy to mitigate any issues you uncover with accompanying security products like Fastly’s Next-Gen WAF.

What makes Fastly API Discovery different?

• Automated URL normalization: Many of our competitors require explicit configuration to do this, but we do it automatically out of the box

• One-step enablement: No further configuration or deployment required, and no dependency on infrastructure like an API gateway

• Predictable subscription pricing: No charge for individual APIs, with a flat monthly charge plus incremental usage-based billing

• Flexibility to pay for only what you need: Excellent choice if you don't want or need all the expensive features included in a wider API security suite

Sleep easy knowing that APIs are under control 😻

Everything gets done with teamwork, but your teams that build and secure applications have different needs and goals. Fastly API Security helps break down the barriers between them, with shared data sets and tools to bring you the right context at the right time for collaborative decision making. You’ll gain confidence that your APIs are under control, and complete your API management and documentation tasks faster. API Discovery helps take the pressure off both platform engineering teams and security teams so you can stress less about API management and free up time for more satisfying, valuable work.

With the right tools, you can automate transparency and security into your API management. API Discovery helps your teams stay in sync with one another and stay aligned with your overarching business goals. That way, you can focus on what you really care about – shipping cool things and delivering value.

Turn on API Discovery with just one click. Get instant visibility, cut the noise, and keep your APIs secure – without the hassle. Ready to give it a try? See it in action with a personalized demo or chat with our team of security experts to see what Fastly can do for you.