The Gcore Customer Portal is being updated. Screenshots may not show the current version.

About WAAP Billing

Configure WAAP for a domain WAAP modes Manage domains protected with WAAP

Protocol validation WAF and OWASP top threats IP reputation Behavioral WAF Anti-automation and bot protection CMS protection Common automated services Advanced API protection

Allow and block IP addresses in firewall

API discovery Configure API access with reserved tags Manually add endpoints to API base path

Advanced rate limiting rules Advanced rule objects and attributes Source field objects

Create and manage custom rules

Reserved tags Predefined tags

Create custom response pages Manage custom response pages

How does WAAP JavaScript injection work?What cookies are used by WAAP?What storage variables does WAAP use?

Enable and troubleshoot bot protection Troubleshoot blocked users Troubleshoot 5xx errors

Home/WAAP/API discovery and protection

API discovery and protection

API endpoints may expose sensitive data or functionality that's not accessible through the web interface, making them potential targets for attackers.

To ensure that your domain is fully protected with Gcore WAAP, extend your web security with advanced API protection settings:

API Discovery: set up automated detection of potential APIs; add and manage existing endpoints.
API base path: configure API protection by manually specifying the base paths of your API endpoints.
Configure API access with reserved tags: group APIs by access level and determine which user roles are permitted to access each group.

Was this article helpful?

Edit on GitHub