---
title: Attack detection on root API
description: A root API in ASE is defined by configuring / for url variable and * for hostname variable. Following is a snippet of a truncated API JSON in ASE depicting the configuration of root API.
component: pingintelligence
version: 5.1
page_id: pingintelligence:abs_ai_engine:pingintelligence_attack_detection_root_api
canonical_url: https://docs.pingidentity.com/pingintelligence/5.1/abs_ai_engine/pingintelligence_attack_detection_root_api.html
revdate: April 3, 2024
---

# Attack detection on root API

A root API in ASE is defined by configuring `/` for `url` variable and `*` for `hostname` variable. Following is a snippet of a truncated API JSON in ASE depicting the configuration of root API.

```json
{
 "api_metadata": {
   "protocol": "http",
    "url": "/",
    "hostname": "*",
```

You can choose between enabling or disabling attack detection on global API by configuring `root_api_attack` global variable in the `abs_init.js` and `abs_init_ldap.js` file. By default attack detection is disabled on root API. Set it to `true` if you want to detect attacks on the root API. Configure this variable either before starting ABS, or you can use the `update.sh` script to update the value. For more information on `update.sh` script, see [Update the training variables](pingintelligence_update_training_variables.html)

```
db.global_config.insert({
	"attack_initial_training": "24",
	"attack_update_interval": "24",
	"url_limit": "100",
	"response_size": "100",
	"job_frequency" : "10",
	"window_length" : "24",
	"enable_ssl": true,
	"api_discovery": false,
	"discovery_initial_period" : "24",
	"discovery_subpath": "1",
	"continuous_learning": true,
	"discovery_update_interval": "1",
	"attack_list_count": "500000",
	"resource_monitor_interval" : "10",
	"percentage_diskusage_limit" : "80",
	 "root_api_attack" : false,
	"session_inactivity_duration" : "30"
});
```

**Training and attack detection**: If the attack detection is disabled on the root API, then ABS Admin REST API displays `n/a` (not applicable) for `training_started_at` and `training_duration`. The `prediction_mode` is `false`.

```json
{
            "api_name": "rest_api",
            "host_name": "*",
            "url": "/",
            "api_type": "regular",
            "creation_date": "Fri Apr 05 05:41:00 UTC 2019",
            "servers": 2,
            "protocol": "http",
            "cookie": "",
            "token": false,
             "training_started_at": "n/a", "training_duration": "n/a", "prediction_mode": false}
```