API Discovery now detects how every endpoint in your inventory is authenticated, and how consistently that authentication shows up in real traffic. Bearer tokens, API keys, AWS Signature v4, Basic, cookie-based auth, and the rest. It's all classified, tracked, and filterable.

If you've ever wondered whether that one internal endpoint really requires a token or just usually does, this is for you.

What's new

Per-endpoint authentication status. Every endpoint gets classified as Consistent, Partial, or Missing, based on a rolling 7-day window of production traffic. No guessing, no spec-reading. Just what's actually happening on the wire.

A filter for unauthenticated endpoints. Open the inventory, flip the filter, and you've got a list of exposed APIs in seconds. This is the one most teams will want bookmarked.

Per-parameter coverage on the endpoint detail page. You can see exactly which header, cookie, or parameter is carrying the credential, and what fraction of requests include it. Useful when "Partial" shows up and you need to know why.

Why it matters

Missing auth is one of those problems that's obvious in hindsight and invisible until something goes wrong. Specs say one thing, traffic says another, and the gap is where breaches live. This grounds the answer in what your APIs are doing right now, not what a YAML file claims they do.

Availability

Upgrade your filtering nodes to NGINX Node 6.10.0 or Native Node 0.23.0 (or newer) to start receiving authentication data.

Full guide: docs.wallarm.com/api-discovery/authentication