Performing API Inventory and Discovery When to Use - Mapping the complete API attack surface of an organization before a security assessment - Identifying shadow APIs deployed by development teams without security review - Discovering deprecated or zombie API versions that remain accessible but unmaintained - Finding undocumented API endpoints exposed through mobile applications, SPAs, or microservices - Building an API inventory for compliance requirements (PCI-DSS, SOC2, GDPR) Do not use without written authorization. API discovery involves scanning network infrastructure and analyzing traf…