Send Docs Feedback

What is Apigee Sense?

This page provides an overview of Apigee Sense. Apigee Sense analyzes data about requests to your API proxies, listing suspicious requests for you to review. When you identify API clients making unwanted requests, you can use Apigee Sense to block (or flag for action by your API proxy) requests from those clients.

The following video provides an overview of Apigee Sense and its user interface. 

Why Apigee Sense?

Apigee Sense is purpose-built for use with APIs. For example, it accounts for the special roles of API artifacts such as API keys and access tokens.

Because APIs are programmable, they are easier for attackers to target with suspicious clients, such as bots. If left unaddressed, unwanted traffic can:

  • Skew analytics and KPIs.
  • Probe for weakness in APIs to exploit and create data breaches.
  • Use customer API keys to access private APIs.
  • Abuse guest accounts (brute force attacks).
  • Create performance headaches on Web Operations.
  • Abuse loyalty programs and create fraud situations for retailers and payment providers.
  • Contribute to DoS attacks.
  • Scrape price data (for competitors) via APIs or Web sites to derive competitive intelligence.

How Sense works

Apigee Sense collects and analyzes API request data, discovering patterns that might represent suspicious requests and clients.

Generally, the workflow goes something like this with Apigee Sense enabled:

  1. Clients make requests to your APIs.
  2. Request metadata (such as HTTP header data) is collected in a data store for analysis.
  3. Apigee Sense analyzes the collected data in batches, looking for patterns that signal suspicious activity. These patterns can include characteristics such as:
    • Request frequency over time.
    • Frequency of error response codes.
    • Number of requests from a given client or client type
  4. Apigee Sense presents the results of its analysis through its console user interface, and optionally through notifications.

    For example, you can have Apigee Sense alert web operations and security teams in response to attacks. In addition, Apigee Sense provides an analytics dashboard displaying analysis results for insight into suspicious traffic trends and metrics.

  5. You examine the analysis results to determine whether there are clients or usage patterns you want to take action on.
  6. You use the Apigee Sense console to take action on requests from particular clients. For example, you can:
    • Block requests from certain clients so that they don't reach your API proxies. Apigee Edge will return an error code instead.
    • Flag requests from certain clients, inserting a header value before the requests reach your API proxy. Within the proxy, you can look for the header value and take action for that request, such as to return false data.
    • Allow the request to continue into your API proxy.
  7. The action you specify for the client is published to Apigee Edge, where it is in effect for the amount of time you specify.
  8. Apigee Sense continues to collect and analyze request data for your review.

Apigee Sense architecture

Apigee Sense uses adaptive algorithms on data aggregated across multiple customers. As a result, it is able to distinguish legitimate human traffic more effectively than would be possible from a single source of data. Adaptive algorithms automate the identification and tracking process. As a result, you need only to decide how to deal with suspicious traffic from a IP address.

Apigee Sense is made up of four components:

  • A collection engine collects a large number of relevant signals as traffic passes through Apigee Edge. Apigee Sense collects typical metadata about the source and target for the API call, as well as and metadata relating to both request content and response status. It also collects timing and latency information.
  • The analysis engine assembles all the collected data into a summary data structure. Apigee Sense does a deeper analysis on this structure, examining how each request source behaves. Apigee Sense then makes judgements on whether the source has a suspicious signature.
  • Through the curation engine, Apigee Sense presents analysis results to users. With these results, you can specify the action to take for each identified suspicious client.
  • Finally, the action engine identifies requests as originating from suspicious clients in real time and takes the appropriate action required on such traffic.

Help or comments?