APIClarity is a comprehensive API security tool written in Go that captures and analyzes API traffic to identify security risks, test API endpoints, and automatically reconstruct OpenAPI specifications. The project addresses API security through two primary approaches: passive traffic analysis of all API communications within an environment and active testing of API endpoints to detect implementation vulnerabilities. The tool is specifically designed to work with OpenAPI-based APIs and integrates with Kubernetes environments, service meshes, and API gateways.
A core strength of APIClarity is its automatic OpenAPI specification reconstruction capability. Since many applications lack formal OpenAPI documentation, the tool observes actual API traffic and generates specifications that users can review and approve. This reconstructed specification data then enables more effective security analysis by providing a baseline against which observed behavior can be compared.
The platform employs a modular architecture that facilitates adding new security analysis capabilities. The Spec Diffs module compares observed API traces against provided or reconstructed specifications to identify shadow APIs (undocumented endpoints), zombie APIs (deprecated endpoints still in use), and discrepancies between observed and documented behavior. The Trace Analyzer module examines request and response paths, headers, and bodies to discover potential security issues including weak authentication, sensitive information exposure, and Broken Object Level Authorization vulnerabilities. The BFLA Detector module specifically identifies Broken Function Level Authorization by building authorization models from observed API interactions and flagging violations. A Fuzzer module actively tests API endpoints based on specifications to uncover server implementation security issues.
APIClarity supports multiple traffic source integrations including Istio Service Mesh, DaemonSet-based traffic tapping, Kong API Gateway, Tyk API Gateway, and OpenTelemetry Collector. The tool can also receive trace data from external sources such as Apigee X Gateway and BIG-IP LTM Load Balancer, enabling deployment scenarios where traffic sources exist outside Kubernetes clusters. Integration is achieved through a plugin architecture where each traffic source implements a standardized plugins API.
Deployment occurs via Helm charts in Kubernetes clusters, with configuration managed through values.yaml files. The project includes comprehensive documentation for getting started, including instructions for testing with the Sock Shop Demo application. Local development is supported with demo data, and the tool can run with or without Kubernetes dependencies.
GitGenius activity data indicates the project has relatively slow issue and pull request response latencies, with a median response time of approximately 6071 hours and mean of 6137.9 hours across tracked items. The most active contributors tracked include amanhigh and yeatesss, each with single recorded events. The repository shares contributors with major projects including Microsoft's VSCode and TypeScript implementations, as well as the Rust language project, suggesting involvement from developers working across significant open-source ecosystems.
The tool is classified across numerous security and monitoring domains including API security, network monitoring, data flow analysis, network defense, traffic analysis, threat detection, policy enforcement, and compliance. It functions as both a proxy tool and endpoint protection mechanism with real-time alerting capabilities and behavior analytics for identifying malicious activity and privacy violations.