1. Home
  2. Guides
  3. Security
  4. API security

Using API Discovery

API Discovery provides visibility into incoming application programming interface (API) traffic proxied through Fastly's Edge network. It provides comprehensive API visibility by giving you a centralized view of your entire API ecosystem, showing when APIs are being used, tracking changes over time, and identifying potential security vulnerabilities.

Before you begin

API Discovery is disabled by default. To purchase the product, contact sales@fastly.com. API Discovery requires an existing Fastly Edge service with API traffic. Traffic will only be discovered for domains that are actively proxied through Fastly's Edge network, so be sure that the domains hosting your APIs are associated with a Fastly service.

Once API Discovery is enabled and your service properly configured, account users with the appropriate permissions will be able to access the API Discovery details in the Fastly control panel as it begins aggregating traffic automatically. You can view, search, and download aggregated records through the control panel to start gaining insights into your API ecosystem immediately.

About the API Discovery page

The API Discovery page displays a list of APIs and associated attributes observed from the HTTP traffic flowing through your service. Collected API attributes include the domain, the URL path, the HTTP method, and the timestamp of the last time a request matching this particular API's attributes was discovered.

The controls on the API discovery page include:

  • a Search field that allows you to search for URLs based on domain, path, or URL method.
  • a Filter menu that allows you to select the Fastly service in which to view, search, or download discovered APIs.
  • an Export link that allows you to download the discovered API list as a CSV file.
  • a Refresh link that allows you to refresh the list of discovered APIs.
  • table view and tree view controls that allow you to switch between flat and hierarchical display of discovered APIs.

Enabling and disabling API Discovery

After API Discovery has been purchased for your account, it can be enabled and disabled in the Fastly control panel by anyone assigned the role of superuser or engineer.

WARNING: Enabling or disabling API Discovery on a service immediately impacts all service versions, including the active one.

Enabling API Discovery

To enable API Discovery on a service, follow these steps:

  1. Log in to the Fastly control panel.

  2. From the Home page, select the appropriate service. You can use the search box to search by ID, name, or domain.

  3. Click Service configuration.

  4. In the Security area, click the API Discovery switch to On to immediately enable API Discovery for this service.

    API Discovery enabled for a service

  5. Go to Security > API Discovery to begin monitoring and cataloging API traffic running through your service.

Disabling API Discovery

To immediately disable API Discovery on a service, follow these steps:

  1. Log in to the Fastly control panel.

  2. From the Home page, select the appropriate service. You can use the search box to search by ID, name, or domain.

  3. Click Service configuration.
  4. In the Security area, click the API Discovery switch to Off to immediately disable API Discovery for this service.

Viewing discovered APIs

The API Discovery page allows you to view discovered APIs in two ways: table view and tree view. You can switch between these views at any time without affecting the underlying data.

About the views

Table view displays APIs as a flat, searchable table with one row per unique combination of domain, URL path, and HTTP method. This view is useful when you want to quickly scan all APIs at once, see recent activity with chronological sorting, or search for specific keywords.

Tree view organizes APIs hierarchically by domain, URL path segments, and HTTP method. This searchable view groups related endpoints together based on your API's resource structure, making it easier to:

  • navigate through large collections of APIs by their logical organization.
  • identify all endpoints and operations associated with a specific resource or domain.
  • understand the relationship between different API endpoints.
  • surface older APIs that may not appear at the top of the chronologically-sorted list view.

For example, if your API Discovery has captured endpoints from both production (api.example.com) and staging (staging-api.example.com) environments, tree view groups them by domain and path structure:

api.example.com/
  └─ v1/
     ├─ inventory/
     |  └─ GET
     │  └─ item/
     │     └─ info/
     │        ├─ GET
     │        └─ DELETE
     └─ system/
        └─ health/
           └─ GET


staging-api.example.com/
  └─ v1/
     └─ inventory/
        └─ item/
           └─ POST

This hierarchical organization reflects your own API architecture, making it easier to locate specific endpoints when working with large collections of discovered APIs.

HINT: Click branches in tree view to expand or collapse them.

Switching between table view and tree view

To switch between table view and tree view:

  1. Navigate to Security > API Discovery in the Fastly control panel.
  2. Click the table view (Table view icon) or tree view (Tree view icon) icons at the top of the API Discovery page.

The view preference is saved for your session. All search, filter, and export functionality works in both views.

Related content

Fastly
© Fastly 2025