---
title: API deception environment
description: A decoy API is configured in ASE and requires no changes to backend servers. It appears as part of the API ecosystem and is used to detect the attack patterns of hackers. When a hacker accesses a decoy API, ASE sends a predefined response (defined inresponse_message parameter in API JSON file) to the client request and collects the request information as a footprint to analyze API ecosystem attacks. ASE does not forward Decoy API request traffic to backend servers.
component: pingintelligence
version: 5.1
page_id: pingintelligence:api_security_enforcer:pingintelligence_api_deception_environment_inline
canonical_url: https://docs.pingidentity.com/pingintelligence/5.1/api_security_enforcer/pingintelligence_api_deception_environment_inline.html
revdate: October 24, 2022
---

# API deception environment

A decoy API is configured in ASE and requires no changes to backend servers. It appears as part of the API ecosystem and is used to detect the attack patterns of hackers. When a hacker accesses a decoy API, ASE sends a predefined response (defined in`response_message` parameter in API JSON file) to the client request and collects the request information as a footprint to analyze API ecosystem attacks. ASE does not forward Decoy API request traffic to backend servers.

Decoy API traffic is separately logged in files named with the following format: `decoy_pid_<pid_number>yyyy-dd-mm-<log_file_rotation_time> `*(for example, `decoy_pid_8787`*`2017-04-04_10-57.log). `decoy log files are rotated every 24-hours and stored in the `opt/pingidentity/ase/logs`directory.

ASE Provides the following decoy API types:

* In-context decoy APIs

* Out-of-context decoy APIs