API Recon

Tags:apirecon Related to:hacking See also: Index: 🗂️ Index of API Hacking

Summary

How do you find an API? From https://university.apisec.ai/products/apisec-certified-expert/

How do you find an API?

• Look for documentation

• Look for endpoints like:

  • https://target-name.com/api/v1

  • https://api.target-name.com/v1 

  • https://target-name.com/docs

  • https://dev.target-name.com/rest

  • https://target-name.com/v1

• Look for use of JSON or XML

• Look for API indicators within directory names like:
  /api, /api/v1, /v1, /v2, /v3, /rest, /swagger, /swagger.json, /doc, /docs, /graphql, /graphiql, /altair, /playground

• Also, subdomains can also be indicators of web APIs:

  • api.target-name.com

  • uat.target-name.com

  • dev.target-name.com

  • developer.target-name.com

  • test.target-name.com

• One of the most obvious indicators of an API would be through information gathered using third-Party Sources like Github and API directories.

  • Gitub: https://github.com/ 

  • Postman Explore: https://www.postman.com/explore/apis

  • ProgrammableWeb API Directory: https://www.programmableweb.com/apis/directory 

  • APIs Guru: https://apis.guru/ 

  • Public APIs Github Project: https://github.com/public-apis/public-apis 

  • RapidAPI Hub: https://rapidapi.com/search/

References (optional )

• https://university.apisec.ai/products/apisec-certified-expert/categories/2150259092/posts/2159321350