F5 XC EMEA Workshop > Class 4 - API Protection > Static API Protection Source |
Test your modern API application protection¶
If you have curl on your machine, go to the next step. Else, connect with SSH or WEBSSH to the Jumphost machine
Run the following curl commands
curl -H "Content-Type: application/json;charset=UTF-8" http://sentence-re-$$makeId$$.workshop.emea.f5se.com/api/adjectives
curl -H "Content-Type: application/json;charset=UTF-8" http://sentence-re-$$makeId$$.workshop.emea.f5se.com/api/animals
curl -H "Content-Type: application/json;charset=UTF-8" http://sentence-re-$$makeId$$.workshop.emea.f5se.com/api/locations
Note
The 3 calls are successful because there are defined in the OAS file (method + endpoint)
Now, run the below call
curl -H "Content-Type: application/json;charset=UTF-8" http://sentence-re-$$makeId$$.workshop.emea.f5se.com/api/colors
Note
This call is denied because not part of the OAS file
Check the logs¶
- Go to the security dashboard (Overview > Security)
- Scroll down and click on your
sentenceLB - Click on
Security Analytics
Note
Scroll and search for API events
