Discovery Subpaths
Before starting API discovery, it is important to configure the subpath depth which allows the AI Engine to accurately detect the API environment. Subpath depth provides the number of sub-paths for a unique API definition. Here are examples of discovery_subpath
values:
-
“1”, example:
/atmapp
is basepath for/atmapp/zipcode, /atmapp/update
, etc. -
“2”, example:
v1/atmapp
is basepath forv1/atmapp/zipcode, v1/atmapp/update
, etc. -
“3”, example:
v1/cust1/atmapp
is basepath forv1/cust1/atmapp/zipcode
, etc.
The discovery_subpath
parameter is configured using the Global configuration update REST API and it defines the number of sub-paths in the basepath of the API. The default value is set to 1. The maximum allowed value is six when API Security Enforcer (ASE) is deployed in inline mode and it is 10 when ASE is deployed in sideband mode. The url_limit
parameter defines the maximum number of URLs reported in a discovered API. The default value is 100.
You can also update the discovery sub-path using PingIntelligence for APIs Dashboard. For more information, see Discovered APIs. |
Updating url_limit and discovery_subpath: You can update the url_limit
and discovery_subpath
by running the update.sh
script. The update.sh
script is available in the/opt/pingidentity/abs/util
directory. Copy the script from the util
directory to your MongoDB primary machine.
NOTE: After executing the script, stop and start all ABS nodes for the updated values to take effect.
Example: Change the url_limit
to 50
/opt/pingidentity/mongo/update.sh -u absuser -p abs123 --url_limit 50 updating url_limit to 50 WriteResult({ "nMatched" : 1, "nUpserted" : 0, "nModified" : 1 }) The current values of the variables are: attack_initial_training=48 attack_update_interval=24 api_discovery=false discovery_update_interval=1 continuous_learning=true discovery_initial_period=1 url_limit=50 response_size=100 window_length=24 discovery_subpath=3 percentage_diskusage_limit=80 You need to restart all the ABS node for your changes to take effect.
Update script help is available by logging into the MongoDB primary machine and running the following command:
/opt/pingidentity/mongo/update.sh help