A decoy API is configured in ASE and requires no changes to backend servers. It appears as part of the API ecosystem and is used to detect the attack patterns of hackers. When a hacker accesses a decoy API, ASE sends a predefined response (defined inresponse_message parameter in API JSON file) to the client request and collects the request information as a footprint to analyze API ecosystem attacks. ASE does not forward Decoy API request traffic to backend servers.
Decoy API traffic is separately logged in files named with the following format:
decoy_pid_8787__2017-04-04_10-57.log). decoy log files
are rotated every 24-hours and stored in the opt/pingidentity/ase/logs
ASE Provides the following decoy API types:
- In-context decoy APIs
- Out-of-context decoy APIs