Page created: 6 Nov 2020
|
Page updated: 12 May 2021
You can configure Decoy APIs in Axway API Manager. A Decoy API is an API for which the
traffic does not reach the backend API servers. The Decoy API is deployed to gather
information about potential threats that your API ecosystem may face. Traffic directed
to Decoy API configured in Axway API Gateway is redirected to ASE which functions as the
backend server. ASE sends a preconfigured response, like 200 OK, for
requests sent to a Decoy API.
You need to configure the following TAGS and VALUES in the API tab for Frontend API in Axway API Manager:
-
ping_ai – true -
ping_decoy – true
API JSON for decoy API: The converted API JSON will have the decoy section
configured as highlighted in the following JSON
file:
{
"api_metadata": {
"protocol": "https",
"url": "/decoy",
"hostname": "*",
"cookie": "",
"cookie_idle_timeout": "",
"logout_api_enabled": false,
"cookie_persistence_enabled": false,
"oauth2_access_token": false,
"apikey_qs": "",
"apikey_header": "",
"enable_blocking": true,
"login_url": "",
"api_mapping": {
"internal_url": ""
},
"api_pattern_enforcement": {
"protocol_allowed": "",
"http_redirect": {
"response_code": "",
"response_def": "",
"https_url": ""
},
"methods_allowed": [],
"content_type_allowed": "",
"error_code": "",
"error_def": "",
"error_message_body": ""
},
"flow_control": {
"client_spike_threshold": "0/second",
"server_connection_queueing": false
},
"api_memory_size": "64mb",
"health_check": false,
"health_check_interval": 60,
"health_retry_count": 4,
"health_url": "/",
"server_ssl": false
"servers": [],
"decoy_config": {
"decoy_enabled":true,
"response_code": 200,
"response_def": "OK",
"response_message": "OK",
"decoy_subpaths": []
}
}
}