{"id":186,"date":"2022-04-08T14:05:53","date_gmt":"2022-04-08T13:05:53","guid":{"rendered":"https:\/\/42crdev.prexihost.com\/?page_id=186"},"modified":"2024-02-13T10:15:30","modified_gmt":"2024-02-13T10:15:30","slug":"how-it-works","status":"publish","type":"page","link":"https:\/\/staging2022.42crunch.com\/how-it-works\/","title":{"rendered":"How it works"},"content":{"rendered":"\n\n\t\t
Our Developer-First API Security Platform<\/a> makes it easy for developers to build and automate security into their API development pipeline speeding up the delivery cycle as opposed to slowing it down. Security teams retain full visibility and control of the security policy enforcement. <\/p>\t\t\n\t\t\t\t\n\t\t\t\t\n\t\t Quickly discover and create an inventory of all your APIs at both design and runtime via the platform’s Github repository integration. API discovery via network traffic monitoring can also be used at runtime to discover APIs.<\/p>\n\t\t\t\t\n\t\t Define all the elements of your API in an OpenAPI contract. OpenAPI contract can be created or edited using our free\u00a0 OpenAPI(Swagger) Editor<\/a> extension available for leading IDEs. There are multiple advantages to this design-first approach to API development. Security teams also have the capability to provide security policies that can be integrated into the OpenAPI contract at design stage.<\/p>\n The OpenAPI contract is audited using API Audit<\/a> directly from the IDE extension.\u00a0 It conducts a static analysis of your API definitions and looks at the quality of the OpenAPI contract in terms of structure and security vulnerabilities. The tool scores and suggests fixes for any identified weaknesses.<\/p>\n\t\t\t\t\n\t\t Once the OpenAPI contract is of sufficient quality then the API can be written by the development team.\u00a0 It is possible to auto create the code directly from the OpenAPI contract using code generator tools such as OpenAPI Generator or Swagger Codegen.<\/p>\n Operations within the API are scanned by our API Scan<\/a> tool within the IDE to ensure they conform to the approved OpenAPI contract. Developers<\/a> quickly ensure individual operations match the design before they move onto the next operation.<\/p>\n Once complete the API can also be scanned by the API Scan<\/a> tool in the CI\/CD<\/a> pipeline. The tool gives instant security scoring for prioritization and remediation advice. Scanning at this stage is particularly useful for both development and security teams<\/a> as it ensures conformance of the API with the design and security policies, prior to deployment.<\/p>\n\t\t\t\t\n\t\t\n\t\t\t01 \n\t\t\t\t\t\t\t\t\t\t\tAPI Discovery\n\t\t<\/h2>\n\t
\n\t\t\t02\n\t\t\t\t\t\t\t\t\t\t\tDesign & Audit\n\t\t<\/h2>\n\t
\n\t\t\t03\n\t\t\t\t\t\t\t\t\t\t\tDevelop & Scan\n\t\t<\/h2>\n\t
\n\t\t\t04\n\t\t\t\t\t\t\t\t\t\t\tDeploy & Protect\n\t\t<\/h2>\n\t