API Observability involves three components - a) Sensor, b) Satellite, and c) API Catalog.
The sensor is a userspace process, that uses Extended Berkeley Packet Filters (eBPF) to passively capture API traffic (full HTTP payloads) from Linux workloads. The sensor works on bare metal, virtual machine, and container formats.
eBPF is used by all the modern observability & security vendors, including DATADOG, new relic, paloalto networks, aqua, sysdig, Cilium, etc.
Similar to network traffic mirroring the sensor works at the Linux host level.
The sensor does not require any modifications to your application workloads. Absolutely no SDKs, no code changes, no configuration changes, no sidecars, and no runtime agents.
The sensor is not inline with the application workloads and will not impact the workload. API traffic can be aggressively sampled in high traffic environments, to limit CPU consumption by the sensor.
The sensor can be run in both production and pre-production environments. Captured API Traces (HTTP traffic) is sent to the Satellite component, for data anonymization, schema generation, and sensitive data detection/annotation.
The Satellite runs within the customer premises or VPC, and can be run alongside application workloads, or in a separate host.
It uses sampled API traffic (API Traces) from the Sensor to:
- Auto discover API endpoints
- Derive (OpenAPI) schema for the discovered API endpoints
- Detect sensitive data (PII, PSI, etc.) present in API data
- Annotate the derived schema with sensitive data types
- Send the API schema to Levo SaaS for API Catalog building
Your Data Stays with You!
Privacy preserving technology ensures your API data stays with you.
Typical API observability solutions, will ingest all your API data into their SaaS, and put the burden of redacting sensitive customer data on you.
Levo’s privacy preserving technology, does not ingest any of your API data into SaaS. Levo discovers and documents your APIs using only data type inferences performed in the Satellite.
Levo SaaS aggregates data received from the Satellite to create an API Catalog.
The API Catalog is the source of truth to answer the following questions:
- What APIs do I have in my environment?
- Which APIs are exposed externally?
- What is the schema for my APIs?
- Which APIs process sensitive data (PII, PSI, etc.)?
- Which users, via which roles/scopes are accessing, which API endpoints?
- Are my API schema's drifting?
The API Catalog also serves as the primary input for Levo's API security & contract testing features.