[](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Cortex Cloud logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/cortexcloud-logo-dark.svg)](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * Use Cases ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Use Cases Use Cases * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) Real-time cloud security powered by unified data, AI and automation * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) Prevent risks at the source * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) Rapidly prioritize and remediate risks across any cloud * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) Stop cloud attacks before they become breaches * [Security Operations](https://www.paloaltonetworks.com/cortex?ts=markdown) Detect, investigate and respond to threats across enterprise and cloud * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [IaC Security](https://www.paloaltonetworks.com/cortex/cloud/infrastructure-as-code-security?ts=markdown) * [Software Composition Analysis](https://www.paloaltonetworks.com/cortex/cloud/software-composition-analysis?ts=markdown) * [Secrets Security](https://www.paloaltonetworks.com/cortex/cloud/secrets-security?ts=markdown) * [Open Partner Ecosystem](https://www.paloaltonetworks.com/cortex/cloud/appsec-partner-ecosystem?ts=markdown) [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Vulnerability Management](https://www.paloaltonetworks.com/cortex/cloud/vulnerability-management?ts=markdown) * [Cloud Attack Surface Management (ASM)](https://www.paloaltonetworks.com/cortex/cloud/attack-surface-management?ts=markdown) [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Cloud Detection and Response (CDR)](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Container \& Kubernetes Security](https://www.paloaltonetworks.com/cortex/cloud/container-security?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [API Security](https://www.paloaltonetworks.com/cortex/cloud/api-security?ts=markdown) * [Web Application Security](https://www.paloaltonetworks.com/cortex/cloud/web-application-security?ts=markdown) [Security Operations](https://www.paloaltonetworks.com/cortex/?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Government](https://www.paloaltonetworks.com/cortex/cloud/government?ts=markdown) * [Product Tours](https://www.paloaltonetworks.com/cortex/cloud/product-tours?ts=markdown) * Resources ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Resources Learn * [Blog](https://www.paloaltonetworks.com/blog/cloud-security?ts=markdown) * [Cloud Research](https://www.paloaltonetworks.com/cortex/cloud/research?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Live Community](https://live.paloaltonetworks.com/) * [Interactive Workshops](https://www.paloaltonetworks.com/cortex/cloud/interactive-workshops?ts=markdown) Product Information * [Technical Documentation](https://docs.paloaltonetworks.com/) * [Open Source Projects](https://www.paloaltonetworks.com/cortex/cloud/open-source-projects?ts=markdown) * [Support](https://support.paloaltonetworks.com/Support/Index) Resources * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Customer Success Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Resource Center](https://www.paloaltonetworks.com/resources?ts=markdown) * [Events](https://events.paloaltonetworks.com) * * [Request a Demo](https://www.paloaltonetworks.com/cortex/cloud/demo?ts=markdown) ![palo alto networks logo icon](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-default.svg) ![white arrow icon pointing left to return to main Palo Alto Networks site](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-white.svg) [](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) Search Close search modal *** ** * ** *** # API Security Discover, profile and protect APIs in real time. ![API Security Front](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/usecases/api-security/Top-Screenshot-front.png) ![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-white.svg) ![API Security Front](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/usecases/api-security/Top-Screenshot-front.png) WHY IT MATTERSOUR APPROACHCAPABILITIES * [WHY IT MATTERS](#why) * [OUR APPROACH](#approach) * [CAPABILITIES](#modules) {#why} ## APIs expose applications and sensitive data to the internet, making them prime targets for attackers. 92% of organizations have experienced at least one security incident related to insecure APIs in the last 12 months, that can cause loss of business revenues and privacy violations. ### Lack of context for API-related risks Many API gateways and monitoring solutions can't identify risk or protect APIs from attack. Teams can't correlate and prioritize API risks due to multiple factors such as misconfigurations, logic flaws and vulnerabilities, applications and data exposed to attackers. ### Lack of context into API-related risks Many API gateways and monitoring solutions can't identify risk or protect APIs from attack. Teams can't correlate and prioritize API risks due to multiple factors such as misconfigurations, logic flaws and vulnerabilities, applications and data exposed to attackers. Security teams need to ensure their APIs have protection from attacks exploiting broken access, overly permissive access, injection flaws and other OWASP API Security Top 10 threats. ### Limited protection against attack APIs require real-time protection against malicious attacks beyond visibility and risk management. Security teams need to ensure that their APIs have comprehensive protection against attacks in the OWASP Top 10 for APIs, malicious bots, denial-of-service (DoS) attacks and zero-day exploits. ## Secure Your APIs with Confidence Cortex^®^ Cloud provides complete API discovery, risk profiling and real-time protection integrated into our cloud-native application protection platform. Protect all APIs against the OWASP API Top 10 attacks, manage vulnerabilities, ensure compliance and protect them at runtime. * Continuous visibility into APIs. * Prioritize API risks with context. * Protect APIs in real-time across leading attack vectors. * Inline and out-of-band deployment. * Full lifecycle protection and integration into your CI/CD pipeline. * ![API discovery](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/icons/Icon_1_%20API-discovery.svg) API discovery * ![API risk profiling](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/icons/Icon_2_%20API%20-risk-profiling.svg) API risk profiling * ![Real-time protection](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/icons/Icon_3_Real-time-protection.svg) Real-time protection * ![Flexible deployment options](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/icons/Icon_5_Flexible-deployment.svg) Flexible deployment options * ![Virtual patching](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/icons/Icon_4_Virtual-patching.svg) Virtual patching {#approach} SOLUTION ## Our Approach to API Security ### API Discovery Discover and take inventory of all your APIs, both internal and external. Gain visibility into all APIs, including rogue APIs, zombie APIs and shadow APIs. * #### Autodiscover APIs Automatically detect external, internal and third-party API services in all your cloud-native environments. \* #### Identify all APIs Get a detailed view of exposed APIs --- including unknown, shadow and zombie APIs --- to understand the attack surface. \* #### Track observations Explore real-time and historical metrics on security coverage, traffic activity, attack types and traffic sources, along with API observations and unprotected web applications discovery. [![API Discovery](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/usecases/api-security/Approach-1_API_Discovery_2880x1800.png)](#prismastickyimagecomapproach1_prisma-custom-background_prismacustombackgrou_819784551_cleanParsys_api-security_cloud_cortex_en_US_pan_content_) ### API Risk Profiling Profile your APIs to help prioritize risk. Gain insights with contextual information from business logic, sensitive data, workload vulnerabilities, API traffic and more. * #### Profile API risks View all risk factors based on workload vulnerabilities, exploit data and application context. \* #### Detailed API observations Get visibility into the API request and response to find sensitive data, security flaws and to generate OpenAPI specifications. \* #### Audit APIs Generate the basis of an OpenAPI schema and API definitions. \* #### Advanced analytics for investigations Use analytics to observe API events in aggregate from different points of view. Filter them and dive into individual events for incident investigations. \* #### API change detection Continuously monitor APIs for changes leading to unwanted risk as development teams make frequent changes and updates to APIs. [![API Risk Profiling](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/usecases/api-security/Approach-2_API-Risk-Profiling_2880x1800.png)](#prismastickyimagecomapproach2_prisma-custom-background_prismacustombackgrou_819784551_cleanParsys_api-security_cloud_cortex_en_US_pan_content_) ### Real-Time Protection Identify and stop the attacks that web application firewalls (WAFs) and API gateways miss. Protect APIs in real-time from the OWASP API Security Top 10 risks, as well as advanced DoS threats, bot attacks, file upload attacks and access control issues. * #### Secure APIs against Layer 7 attacks Simplify enforcement of positive API definitions based on OpenAPI, Swagger file or manual customization. \* #### Protect APIs against abuse Protections cover OWASP API Security Top 10 including SQL injection, cross-site scripting, code injection and more. \* #### Manage bot risks Gain visibility and protection into bad bots, known good bots, headless browsers and other automation frameworks accessing protected web applications and APIs, including static and dynamic detections. \* #### Stop DoS attacks Enforce the rate limit on IPs or sessions to protect against high-rate and "low-and-slow" application-layer DoS attacks. \* #### Control Access Restrict access to your APIs based on geographical locations, IP ranges and client types. \* #### Enforce secure file uploading policies For applications that allow users to upload files, enforce file upload restrictions based on file extension and content. [![Real-Time Protection](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/usecases/api-security/Approach-3_OWASP-Top-10-Protection_2880x1800.png)](#prismastickyimagecomapproach4_prisma-custom-background_prismacustombackgrou_819784551_cleanParsys_api-security_cloud_cortex_en_US_pan_content_) ### Flexible Deployment Options Gain insights into all API-related risks --- and without impacting application performance. Get both visibility and protection with inline and out-of-band deployment options, depending on your application's requirements. * #### Inline agent-based protection Get real-time visibility, alerting and protecting against API abuse and web-based attacks. \* #### Out-of-band visibility Utilize full application-layer visibility into APIs and detect and alert against application-layer attacks in near-real time, without applying any latency or risk to the application. \* #### Auto scale capability As your application grows in your deployment, the number of defenders grows, ensuring full and uninterrupted protection of your application. [![Flexible Deployment Options](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/usecases/api-security/Approach-5_Flexible-Deployment-Options_2880x1800.png)](#prismastickyimagecom_275749595_prisma-custom-background_prismacustombackgrou_819784551_cleanParsys_api-security_cloud_cortex_en_US_pan_content_) {#modules} ## Additional Cloud Runtime Security capabilities ### Cloud Detection and Response (CDR) Stop cloud attacks with real-time protection, detection and response. [Learn more](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) ### Cloud Workload Protection With Cortex Cloud, you can secure hosts, containers and serverless deployments across the entire application lifecycle. [Learn more](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) ### Web Application Security Protect web applications across any cloud-native architecture, public or private. [Learn more](https://www.paloaltonetworks.com/cortex/cloud/web-application-security?ts=markdown) ### Container \& Kubernetes Security Secure Kubernetes^®^ and other container platforms on any public or private cloud, from code to cloud^™^ with Cortex Cloud [Learn more](https://www.paloaltonetworks.com/cortex/cloud/container-security?ts=markdown) {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language