PingIntelligence for APIs

download pdf

Digital transformation initiatives founded on APIs are making business logic and data readily accessible to internal and external users. However, APIs also present a new opportunity for hackers to reach into data and systems, and predefined rules, policies and attack signatures can’t keep up with this evolving threat landscape. PingIntelligence for APIs uses artificial intelligence (AI) to expose active APIs, identify and automatically block cyberattacks on APIs, and provide detailed reporting on all API activity. Leveraging AI models specifically tailored for API security, PingIntelligence for APIs brings cyberattack protection and deep API traffic insight to existing API Gateways and application server-based API environments.


PingIntelligence for APIs detects anomalous behavior on APIs, as well as the data and applications exposed via APIs, and can automatically block attacks across your API environment. For example, attempts to bypass login systems using botnet credential stuffing attacks or stolen tokens are recognized as cyberattacks. Attempts to exfiltrate, change or delete data which fall outside the range of normal behavior for an API can also be blocked and reported on in near real time. 




PingIntelligence for APIs delivers deep insight into API activity
and blocks cyberattacks for API infrastructures



  • Rich API traffic visibility & reporting
  • Automated API discovery
  • Artificial intelligence for each API
  • API bad traffic analytics and threat detection
  • Automated attack blocking—including across clouds
  • API deception & honeypot for instant hacking detection
  • Multiple deployment options in public and private clouds
  • Support for hybrid IT environments
  • Integration with popular gateways for “drop-in” deployments
  • Automatic adaptation to changing environments
  • Continuous self-learning; no rules to write and maintain




  • Helps sort out good and bad API traffic
  • Automatically discovers new APIs on your infrastructure
  • Delivers unique insight into API activity with dashboards and in-depth reports
  • Provides unified view of API activity across API gateways and clouds
  • Protects API infrastructures from disruption, data theft and shutdown
  • Enables self-learning to save security analysts from having to write or maintain rules
  • Simplifies investigations and compliance tracking with the right information

PingIntelligence for APIs Solutions

CyberSecurity for Internal and External APIs

PingIntelligence for APIs applies AI models and big data analytics to continuously inspect and report on all API activity. By applying a combination of API and user behavioral analytics, PingIntelligence for APIs can automatically discover anomalous traffic behavior across an enterprise’s API environment. Bad actors are well versed in circumventing static security policies, so PingIntelligence for APIs was purpose-built to recognize and respond to rapidly changing, dynamic attacks unique to APIs without writing policies, rules or code. 

AUTOMATED API DISCOVERY: Dynamically discover APIs across your environment which are inadvertently exposed, unknown, or forgotten. Generate detailed reports on activity across these APIs and look for attacks on their data and applications.


API DECEPTION: Use decoy APIs (honeypots) to instantly reveal hacker’s activity. Since decoy APIs should never be accessed by legitimate clients, API deception will immediately recognize the attack and prevent access to production APIs.


SORT OUT GOOD AND BAD TRAFFIC: API infrastructures can be subjected to all sorts of bad traffic, from an API used by a partner in a non-intended way, to a system “misfiring” and sending vast amounts of traffic to a gateway cluster, to a hacker using a valid user account to reverse engineer an API and gain access to other accounts while looking like a normal user. 

Sample of Attacks Detected: Existing solutions weren’t built to protect against attacks designed to take advantage of vulnerabilities unique to APIs and the data and systems to which they provide access. PingIntelligence for APIs fills the gaps by detecting, blocking and reporting on attacks that represent anomalous behavior on each API, including:

  • Anomalous API access patterns
  • Login system attacks
  • Account takeover with stolen token, cookie or API key
  • API takeover attacks
  • Data extraction or theft
  • Data scraping
  • Data deletion or manipulation
  • Data injected into an application service

  • Malicious code injection

  • Extreme application activity

  • Probing and fuzzing attacks

  • Targeted API DDoS attacks

  • Extreme client activity
  • Header manipulation attacks
  • Fraudulent user access behavior


Built-in dashboards and reporting allow you to monitor API activity

Monitor & Report API Traffic and Attacks

With PingIntelligence for APIs, you can gain visibility into all API activity, including every command and method used throughout a session. Dashboards allow you to gain a unified view of newly discovered APIs, detailed API activity, bad traffic and attacks across API gateways and clouds. Dashboards can be deployed standalone or integrated into an in-house operations console via PingIntelligence REST APIs.


Security analysts can also generate forensic reports to investigate historical activity, such as all APIs and paths accessed by a hacker leading up to an attack. For regulated industries, detailed reporting of all API activity associated with database and file system access, line of business applications or control systems is available for compliance purposes.

Deployment Flexibility


PingIntelligence for APIs provides flexible deployment options to work with your existing API infrastructure with both inline and sideband options, allowing IT to choose the model appropriate for their environment. The inline model offers a high-performance reverse proxy that can protect any number of API gateways and Cloud APIs implemented directly on application servers. Alternatively, sideband deployment with an API Gateway or PingAccess provides the same AI-powered attack detection and comprehensive insight as the inline option, without requiring network or infrastructure modifications. In this deployment mode, PingIntelligence for APIs is simply “dropped-in” on the side of the gateway or PingAccess—outside of the data path—to monitor the traffic, identify abnormal behaviors and threats, and communicate when blocking is required.



Inline Deployment of PingIntelligence for APIs with an API Gateway




Inline Deployment of PingIntelligence for APIs with an Application Server




Sideband Deployment of PingIntelligence for APIs with an API Gateway or PingAccess




protect internal and external apis

PingIntelligence for APIs provides deep insight into API activity to protect both internal and external APIs, whether on-premises, in clouds or in hybrid cloud implementations. It supports a wide variety of API gateways with sideband integrations with PingAccess, as well as leading API gateway platforms, including those from Amazon (AWS API Gateway), Google/Apigee, MuleSoft, IBM (DataPower/API Connect), Axway, NGINX, CA/Broadcom (Layer 7), WSO2 and Azure API Management. When deployed inline, PingIntelligence for APIs supports existing API gateway platforms, including RedHat, TIBCO, Software AG and others. Additionally, PingIntelligence for APIs supports APIs implemented directly on app servers such as Node.JS, WebLogic, Tomcat and WebSphere. With deployment options including virtual machines, Docker containers and bare metal environments, PingIntelligence for APIs supports automated installation and management scripts across common datacenter and cloud environments such as AWS and Azure

try it today!

The PingIntelligence for APIs trial is a cloud-delivered service. Apply for the PingIntelligence for APIs Trial.

Related Resources