API - Documentation

Digital Transformations & Innovations

APIs are expected to grow to millions. Your ability to explore these APIs to find and test suitable ones is key to building innovative applications. TeejLab API Discovery platform is built for people with technical as well as non-technical skills to explore various aspects of APIs to accelerate the development of innovative applications.

Learning & Exploring API Basics

In this video a TeejLab high-school intern explains APIs; API Discovery and Digital Innovations. A must watch video for aspiring API programmers and students.

Claiming APIs in TeejLab Platfrom

TeejLab API Discovery has indexed thousands of APIs. Many of these APIs are fully configured (with parameters and authentication details) so that you can make trial API calls. APIs that are not fully configured can be claimed to provide additional details. Once configured, these APIs can then be called by users for making live calls. In this video, Priyansh explains how to claim such APIs for TeejLab marketplace.

Adding APIs in TeejLab Platform

You can add your own APIs in the API Discovery Platform. This video demonstrates how to add your private APIs in the API Discovery Platform.

Adding APIs with API Key Authentication

APIs can be authenticated many ways. Using API keys for authentication is one of the popular methods. In this video, Ishaan talks about adding APIs (in TeejLab API Discovery platform) that requires API key based authentication.

API Discovery, Security & Governance

Industry’s first comprehensive API Discovery and Governance solution to manage legal, business, financial and regulatory risks introduced by public, private, free, and even paid APIs:

(1) Discover hidden/shadow APIs via industry leading Static and Dynamic Analysis.
(2) Empower developers with automated Source Code Scanning and API Benchmark tools that help them build applications faster without compromising on security and legal risks.
(3) Govern private, public, free, and paid APIs through internal and external marketplaces.
(4) Enable InfoSec teams with automated Network Scanning tools to detect and prevent unauthorized access to digital resources facilitated by myriad of APIs.
(5) Empower leadership teams with powerful analytics having compliance and business insights to make informed decisions during vendor/partner selections and M&A transactions.

API Security - Executing OWASP Top-10 & CIS Top-20 Security Tests

In this video tutorial, Won Woo demonstrates API Security framework in the API Discovery and Security Management™ platform. This framework can be used for security testing of APIs. It supports OWASP Top-10 and CIS Top-20 (General) AP security tests.

API Security - Automating API Testing

In this video, Gaurav Satija talks about USPS data breach in 2017, which lead to breach of 60 million customers data due to weaknesses in API authentication.

He demonstrates how TeejLab’s API Discovery platform could have helped in prevented such data breached through Automated Security Test features.

API Security - Legal Risk Management

API Discovery and Security™ is a cloud-based Software as a Service (SaaS) platform for end-to-end API Management programs. It allows organizations to find and test Public/Open APIs, benchmark Private/Internal APIs with industry leading standards, and monitor APIs on regular basis for security and legal risk management.

Users can perform automated security tests using OWASP top-10 and CIS top-20 frameworks to find and mitigate API-specific vulnerabilities. That helps enterprises in managing legal risks (such as compliance with GDPR, HIPPA, EU-US Privacy Shield, SOC2, PCI-DSS, ISO27001) and security threats (such as unauthorized access and SQL injection problems leading to data breaches) even before APIs are integrated with various SaaS/cloud products and services.

Users can also perform Software Composition Analysis to discovery embedded APIs from software applications. Users can generate security and compliance reports (in pdf, CSV, etc.) to collaborate with different stakeholders across organizations.

Ultimately, API Discovery™ helps enterprises in achieving their digital and data monetization objectives without compromising on their data privacy, security and integrity obligations.

Eclipse Plugin - TeejLab API Discovery

In this video tutorial, Jacob Johnson explains the configuration and functions of API Discovery plugin for Eclipse.

Data Sheet - API Discovery Manager

API Discovery Manager is designed to bring more transparency to enterprises that have less visibility into their applications (due to unknown APIs that connect various internal and external systems). Discover hidden or shadow APIs via static analysis (scan software repositories) or through dynamic analysis (scan networks or servers).

Discovery is enabled via world’s first comprehensive API KnowledgeBase™ - a curated repository of public and private APIs with advanced search capabilities to find APIs by needs, vendors, industries, sample responses, etc. Explore and analyze associated API agreements, regulatory/compliance requirements while making “one-click” live calls to test and compare responses. An ideal platform for benchmarking APIs and picking the most suitable ones that meet your price-value-risk criteria.

Refer to the attached data sheet for more details.

Visual Studio Code Plugin - TeejLab API Discovery

In this video tutorial, Jacob Johnson explains the configuration and functions of API Discovery plugin for Visual Studio.

Data Sheet - API Security Manager

API Security Manager is designed to benchmark and test discovered/hidden and internal/external APIs. This is to ensure that security and compliance posture of your APIs is robust. It provides a holistic security testing workbench that can be embed within CICD pipeline to scale the automated testing of APIs using OWASP top-10, CIS top-20, and other custom frameworks. Various forms of API responses (text, images, audios) can also be benchmarked using different metrics. Read the attached data sheet for more details.

IBM Tutorial - What is an API and SDK ?

An API, or application programming interface, is a set of defined rules that enable different applications to communicate with each other. It acts as an intermediary layer that processes data transfers between systems, letting companies open their application data and functionality to external third-party developers, business partners, and internal departments within their companies.

Understand more about APIs in this useful video tutorial by Nathan Hekman from IBM.

Webinar - ISACA Austin Chapter

APIs benefit organizations immensely through accelerated innovations, newer business models, competitive differentiation, but organizations are also negatively impacted by APIs due to their weak security posture leading to business disruptions, legal and compliance issues. Gartner has actually predicted that by 2022, API abuses will be the most frequent attack vector resulting in data breaches for web applications. Given the importance of APIs for digital transformation at organizations, it is imperative for their Security, Compliance and Audit professionals to get a handle on APIs to manage various API related risks. This session will provide an overview of an API Governance framework for effective API Risk Management. This framework is inspired by the Zero Trust model that enterprises can use as a “Swiss Knife” for reducing their API related risks. We’ll also highlight best practices and hands-on examples for API Risk Management.

Webinar - ISACA Sri Lanka Chapter

TeejLab CEO, Baljeet Malhotra @ ISACA Sri Lanka. Web APIs contribute 83% of the Internet traffic today. APIs benefit organizations immensely through accelerated innovations, newer business models, competitive differentiation. But the growing API usage also means increased cybersecurity risks for enterprises. Given the importance of APIs in digital transformation and the risk they pose to enterprises, it is imperative for Security, Compliance and Audit professionals to better understand various API risks.

Training - Cyber Fraud Management through Digital Forensics

Digital Forensics involves understanding an organization's IT systems and processes including infrastructure, applications, data usage and management policies, procedures, and operational preparedness (against recognized industry standards and best practices) to uncover various forms of digital frauds. Web APIs are common glue that connect these digital ecosystems with people and processes all across the globe. APIs have the power to impact organizations both positively (through innovations, new business models, competitive differentiation) and negatively (due to security, business disruptions, legal and compliance issues). These impacts are compounding with increased API footprint of enterprises. Not surprisingly, Web APIs are contributing up to 85% of the Internet traffic enabling various digital operations.

It is imperative for Fraud Examiners and Audit Professionals to better understand various digital frauds in the cyber-world that could occur through APIs posing various risks to organizations. In this context API Forensics has become an important aspect of technology due diligence, especially for detecting business frauds and crimes. In this session, we'll go through the details of an API-Forensics process containing hands-on-training scenarios to help Fraud Examiners, Auditors, Compliance and Cybersecurity practitioners. We’ll also highlight industry best practices thorough hands-on examples for API Risk Management.

Open API Economy - Managing API Legal Agreements

In this APIDays Interface 2023 conference, Baljeet Malhotra talks about API Business Risks originating from API Terms of Services and other legal documents. Host is Mahdi Medjaoul from APIDays.

Providing Details for Claiming APIs

In this video, Terre Leung shows how to find and document API details (such as vendor names, home pages, API names and their descriptions) to claim APIs in the API Discovery platform.

Providing these details are important to maintain the quality of information so that all community members can benfit in using the corresponding APIs in a consistent way and efficiently.

Checking API Health

APIs may come up and go. Ensuring that APIs are healthy is important, so that your products and services can continue to depend on APIs that are reliable.

In this video, Terre Leung shows how to check the health of APIs in the API Discovery platform. Here "health" essentially means that API is responding and it's hosted within a favorable geographical location by a reliable ISP (or directly by the API provider).

Publishing Healthy APIs

Once you have claimed and added an API in the API Discovery platform, you can submit it to TeejLab Admins to review and publish your API to the entire community on the platform.

Publishing to the "entire community" essentially means that you are making the APIs (which you added, configured and tested) available to other users on the platform. Note that, credentials you have used (to configure your APIs) will never be published to other community members.

Cancelling API Reviews

In API Forensic investigations, the system does not allow you to block more than 5 APIs for investigation. Therefore, you can only review 5 API vendors at a given time. You might have already blocked 5 API vendors, but you can cancel some APIs that you do not want to review by following the 4 steps described in the document:

Statistical Learning - Multiple Regression

In this video tutorial Brandon Foltz reviews the basics of Multiple Regression.

Scan Source Codes (Local File Uploads) for Discovering APIs

In this video Terre Leung from TeejLab explains how to upload files (containing source codes) for analyzing the code and discovering third-party and native API integrations.

Scan Networks (VPCs and Workstations) for Discovering APIs

In this video API Discovery platform is demonstrated for analyzing networks (VPCs) and workstations (virtual and local computers) for Discovering APIs.

Scan Repositories (Multiple GitHub Projects) for Discovering APIs

In this video Terre Leung from TeejLab explains how to scan multiple repositories (of source codes) from GitHub through a configuration file for discovering APIs.

Scan Repository (Single GitHub Project) for Discovering APIs

In this video Terre Leung from TeejLab explains how to scan a single repository (of source codes) from GitHub for discovering APIs.