---
title: Attack detection on root API
description: A root application programming interface (API) in API Security Enforcer (ASE) is defined by configuring / for <url> variable and * for <hostname>variable.
component: pingintelligence
version: 5.2
page_id: pingintelligence:pingintelligence_reference_guide:pingintelligence_attack_detection_root_api
canonical_url: https://docs.pingidentity.com/pingintelligence/5.2/pingintelligence_reference_guide/pingintelligence_attack_detection_root_api.html
revdate: April 3, 2024
---

# Attack detection on root API

A root application programming interface (API) *(tooltip: \<div class="paragraph">
\<p>A specification of interactions available for building software to access an application or service.\</p>
\</div>)* in API Security Enforcer (ASE) is defined by configuring `/ `for *\<url>* variable and `*` for *\<hostname>*variable.

Following is a snippet of a truncated API JavaScript Object Notation (JSON) *(tooltip: \<div class="paragraph">
\<p>An open, lightweight data-interchange format that uses human-readable text to store and transmit data.\</p>
\</div>)* in ASE depicting the configuration of root API.

```json
{
 "api_metadata": {
   "protocol": "http",
    "url": "/",
    "hostname": "*",
```

You can choose between enabling or disabling attack detection on global API by configuring *\<root\_api\_attack>* global variable in the `abs_init.js` and `abs_init_ldap.js` file. By default attack detection is disabled on root API. Set it to `true` if you want to detect attacks on the root API. Configure this variable either before starting API Behavioral Security (ABS), or you can use the `update.sh` script to update the value. For more information on `update.sh` script, see [Update the training variables](../managing_pingintelligence_for_apis/pingintelligence_update_training_variables.html)

```
db.global_config.insert({
	"attack_initial_training": "24",
	"attack_update_interval": "24",
	"url_limit": "100",
	"response_size": "100",
	"job_frequency" : "10",
	"window_length" : "24",
	"enable_ssl": true,
	"api_discovery": false,
	"discovery_initial_period" : "24",
	"discovery_subpath": "1",
	"continuous_learning": true,
	"discovery_update_interval": "1",
	"attack_list_count": "500000",
	"resource_monitor_interval" : "10",
	"percentage_diskusage_limit" : "80",
	 "root_api_attack" : false,
	"session_inactivity_duration" : "30"
});
```

Training and attack detection: If the attack detection is disabled on the root API, then ABS Admin REST API displays `n/a` (not applicable) for `training_started_at` and `training_duration`. The `prediction_mode` is `false`.

```json
{
            "api_name": "rest_api",
            "host_name": "*",
            "url": "/",
            "api_type": "regular",
            "creation_date": "Fri Apr 05 05:41:00 UTC 2019",
            "servers": 2,
            "protocol": "http",
            "cookie": "",
            "token": false,
             "training_started_at": "n/a", "training_duration": "n/a", "prediction_mode": false}
```