Skip to main content

Overview

The API Catalog provides a unified registry of every API endpoint discovered across your applications and services. It enables complete visibility into routes, methods, linked threats, metadata, and real-time behavioral insights — powering accurate threat modelling and secure API development.

Overview

The API Catalog aggregates all endpoints detected through:
  • Postman collections
  • Swagger/OpenAPI specifications
  • Threat-generation scans
  • Application imports
  • Live traffic datasets (where applicable)
Each API entry contains:
  • Route path
  • HTTP method
  • Host/service association
  • Threat count & severity
  • Generation state
  • Metadata & parameters
  • Linked project
This catalog acts as the source of truth for API attack surface discovery and threat modelling.

Key Metrics & Analytics

Total Endpoints

Shows the complete number of API endpoints discovered across all projects.

Endpoints With Threats

Highlights endpoints that have one or more threats associated with them.

High-Risk Routes

Shows the number of endpoints linked to Critical or High-severity threat patterns.

Endpoint Distribution

Visual breakdown of:
  • HTTP method usage
  • Project grouping
  • Endpoint complexity levels
  • Threat density across routes

Search, Filters & Sorting

The powerful API filtering system lets analysts narrow down endpoints by:
FilterDescription
MethodGET, POST, PUT, DELETE, etc.
ThreatsFilter by severity or count
OwnerAssigned engineering team
Path ContainsPartial route matching
Generation StateGenerated, Pending, Failed
TagsCustom metadata
ProjectAssociated application or service
Filters can be combined for deep investigation.

API Table Columns

ColumnDescription
RouteAPI path including dynamic parameters
MethodHTTP verb for the endpoint
Host / ServiceLinked backend service
Threat CountTotal threats mapped to this endpoint
StateGeneration status (Generated, Pending, Skipped)
OwnerAssigned team or engineer
TagsAPI-specific metadata
Detected OnFirst and last discovery timestamps

Example Use Cases

Threat Modelling

Map threats to endpoints and visualize high-risk routes.

API Security Testing

Use endpoint catalog to drive automated scans and fuzzing.

Service Ownership

Assign owners to routes and track accountability.

API Governance

Maintain a clean, structured, and up-to-date API inventory.

Explore Live Demo

Explore Snapsec Live — No Signup Needed

Jump straight into the live environment and see how Snapsec unifies asset intelligence, threat detection, and vulnerability tracking — all in one dashboard.