API Discovery sources overview
This feature is available with Invicti API Security Standalone or Bundle
The Discovery > Configuration > API sources page is where you can enable Zero Configuration Discovery, set up the Invicti Network Traffic Analyzer (NTA) in your Kubernetes cluster, and add API Management Integrations. The Invicti NTA and each API Management integration require some initial configuration before they can start synchronizing your OpenAPI3 and Swagger2 specs.
This document provides links to specific setup instructions for each of the API sources available for discovering and importing your existing APIs into your Invicti API Inventory. It also provides information about synchronization, editing and deleting sources, and status explanations.
Access to API Discovery in Invicti Platform requires either an Account or System Administrator role, or a custom role with the API Discovery permission. |
Set up API source integrations
The following sources are available for discovering or importing API specs to your Invicti API Inventory. Refer to the specific documentation linked below for instructions on how to set up each API source.
- Zero Configuration Discovery:
- Invicti Network Traffic Analyzer (NTA):
- Amazon API Gateway:
- Apigee API hub:
- Azure API Management:
- Kong Konnect:
- Kong API Gateway:
- NTA with Kong API Gateway
- NTA with Kong API Gateway in Kubernetes
- NTA with Kong API Gateway in Docker
- NTA with Kong API Gateway in Linux
- NTA with NGINX:
- NTA with F5 BIG-IP iRule:
- MuleSoft Anypoint Exchange:
Sync, edit, and delete API sources integrations
After setting up an API source and running the initial synchronization, your retrieved API specs are loaded into your Invicti API Inventory, which is then synced automatically every 24 hours. To disable automatic synchronization, go to Discovery > Configuration > API sources and click the Auto sync toggle next to the relevant API source.
If you need to run a manual sync, edit, or delete an API source, follow these steps:
- Select Discovery > Configuration from the left-side menu.
- Scroll down to the Sources section and click API sources.
- Locate the API source you want to manage, then click the relevant icon on the right-hand side:
- Sync: A manual sync of the source begins immediately.
- Edit: Change the name or source type.
- Delete: This removes the integration, however any already discovered APIs will remain in your API Inventory.
What do the different statuses mean?
For each external source you have set up, the Status column on the API Sources page indicates the current synchronization state or if there is a problem with the integration. The following statuses are possible:
- Sync Completed: The most recent synchronization with the source was completed successfully. The Last Sync column displays the date and time the successful sync was completed.
- Sync Failed: Mouse over the alert icon in the Last Sync column for information about why the last sync failed.
- Sync in progress: This is a temporary state indicating that synchronization with the source has started but not yet completed.
- Token Expired: This status applies only to the Invicti NTA when the registration token has expired and the NTA is attempting to send data back to the API Inventory. Registration tokens are valid for 48 hours. To resolve this issue, generate and retrieve a new registration token and update your NTA installation with the new token.
- Offline: This status applies only to the Invicti NTA when there has been no response for some time. Check your NTA setup and its network connectivity to Invicti servers.
- Awaiting setup: This status applies only to the Invicti NTA when it is waiting for the first heartbeat/specification sync.
- Awaiting for sync: Indicates that the NTA has successfully registered and sent a live heartbeat. When the first APIs are discovered, the specs will be sent to the API Inventory and the status will change to Sync Completed. This status appears only after the initial setup of the NTA.
Further information
For more information about Invicti API Security, refer to the following documentation: