fbpx

API Security for Everyone

See your APIs. Know your APIs. Protect your APIs. Agentless or from in-app.

Free

For everyone, forever

API visibility and protection are accessible to individuals and small businesses with the first-ever commercial-grade free plan.
  • API Discovery & API Insights
  • API DNA & API Risk
  • Signature-based detection & blocking filtered by ML
  • API vulnerability detection
  • Call & error metrics
  • Up to 50 API endpoints
  • Community support

$0

per API endpoint/month

(begins with free 15-day Team trial)

sign up

Team

For Product & DevOps teams

Enable DevOps teams and lines of business to discover, assess risk, and protect their API-driven applications.
  • Everything in Free, plus. . .
  • 1M Edge Calls/mo of Advanced Protection and Analytics
  • Sensitive data auto-detection
  • User behavior anomaly detection
  • Advanced Protection and Analytics
  • Up to 500 API endpoints
  • Standard Support

$10

per API endpoint/month

(billed annually)

start free trial

Enterprise

For larger InfoSec & DevSecOps teams

Full-featured enterprise-grade API security based on the most complete application context derived from distributed tracing and cutting-edge AI analytics.
  • Everything in Team, plus. . .
  • 1M Edge Calls/mo of Advanced Protection and Analytics
  • Advanced integrations
  • Enterprise management features
  • Unlimited endpoints
  • Enterprise support

Contact Us

let’s talk

Compare Features

Feature

Free

Team

Enterprise

API discovery

API discovery

Ensures that you always have an up-to-date inventory of your organization’s APIs.  Continuously discovers and inventories all APIs, including shadow APIs of an  organization. Provides change notification when API has been added, modified,  or deprecated.
API DNA (parameters)

API DNA (parameters)

Enables developers to discover design flaws or problems in their API specifications that could potentially lead to exploitation. Monitors traffic to construct API DNA that includes: name, parent service, headers, parameters, and payloads that enable full visibility and change management.
API insights

API insights

Provides a high-level summary of critical endpoint details that can be seen in a single view. For each API endpoint, runtime details are displayed: sensitive data, API usage, user details, event and threat details.
API risk monitoring

API risk monitoring

Continuously updated endpoint risk score based on likelihood and impact of a cyberattack.  Example risk-score criteria are: external vs internal API, unauthenticated, has a global user-base,  and handles sensitive data.
API call & error metrics

API call & error metrics

Helps to identify performance issues for each API endpoint that could impact user experience. Provides for each API Endpoint, the number of call requests made by end-users, and errors that were generated during each transaction.
OWASP Attack Detection

OWASP Attack Detection

Ensure OWASP API Top 10 protection that prevents the exploitation of API  vulnerabilities. Protect against BOLA, Mass assignment, and business logic flaws.
Detection with ML & reduced false positives

Detection with ML & reduced false positives

Enables highly accurate threat detection with a very low false-positive rate. Tracks baseline activity of API Endpoint and surfaces anomalies.  Identified anomalies are then fed into a threat signature database for a  final verdict.
Signature-based blocking

Signature-based  blocking

Enables immediate blocking based on defined signatures that identify well-known malicious patterns.
IP range blocking

IP range blocking

Admin can block attackers who constantly wage cyber-attacks from the same IP range. Enables the blocking of the malicious activity of end-users based on IP-subnet range as configured by the admin.
Threat blocking (Manual)

Threat  blocking (Manual)

Ensures that you can manually block specific threat actors that are targeting your organization. Active threat actors can be manually placed on a deny or suspend list by a security analyst, while a review of malicious activity is completed.
Threat detection

Threat detection

Enables discovery of scanners used in the reconnaissance stage of a cyber-attack. User attribution tracks each threat actor (user) even if the IP address has changed. For Free & Team tiers, tracked within a single load balancer/proxy session. For Enterprise tier, tracked across multiple load balancer/proxy sessions.
Vulnerability detection (beta)

Vulnerability detection (beta)

Vulnerability detection (RASP) for each API endpoint and service to enable organizations to become aware of potential threats of exploitation. Displays the vulnerability, the severity, detection time, and mitigation steps.
Security reports

Security reports

Provides a summary security report of a customer’s application environment. For Free and Team edition, reports are fixed. For Enterprise Edition, reports are customizable.
Standard RBAC

Standard RBAC

Enforce secure access and control of your Traceable AI platform by creating user accounts based on role and job function. Examples of roles that can be implemented: Account Owner, Security Admin, Security Analyst, and Developer.
Single-sign-on

Single-sign-on

Simplify access into Traceable AI by using your existing credentials. Customers can enable their existing SSO provider to administer easier access to their Traceable AI deployment. We currently support Google single sign-on (SSO).
Trace Explorer for threat hunting & forensics

Trace Explorer for threat hunting & forensics

Search potential threats and ensure you are ahead of your attackers. Enables admins to search through their data-lake of stored traces for potential threats,  track suspicious user activity, and perform post-mortem analysis.
Full data privacy mode

Full data privacy mode

Protects sensitive data from being viewed by unauthorized persons. Sensitive data that is sent to the Traceable AI platform is redacted to ensure privacy.
Sampling of payload content

Sampling of payload content

Data sampling is done under Traceable AI standard mode. Traceable collects metadata and extracts relevant API insights for protected API endpoints.
Advanced Protection and Analytics

Advanced Protection and Analytics = Full payload content (request & response), Trace Explorer (richer details), Sensitive data auto-detection, User behavior anomaly detection, detection and blocking of advanced API attacks (eg. BOLA). Priced per edge call.
Full payload content

Full payload content

Full payload content is enabled as part of Advanced Protection and Analytics for up to the number of edge calls licensed. Sends all payload data to the Traceable AI cloud. Enables a more complete and accurate endpoint behavioral model.
Sensitive data auto-detection

Sensitive data auto-detection

Automated detection of sensitive data that is accessed from within your application. Auto-detection of sensitive data is based on information located within parameters or headers.
User behavior anomaly detection

User behavior anomaly detection

Detect unknown attacks that not have been previously seen in the past. Surfaces anomalies from the baseline model of end-user activities that could indicate potentially unusual or malicious activity.
Advanced API detection & blocking  (eg. BOLA)

Advanced API detection & blocking (eg. BOLA)

Protects against exploitation of API vulnerabilities such as BOLA. Surfaces anomalies from baseline tracking of session traffic.
Redacted sensitive data tracing

Redacted sensitive data tracing

Enables the tracing of redacted sensitive data(based on meta-data) even in full privacy mode. Requires an admin to configure which data is sensitive.
User attribution

User attribution

Machine Learning models are built to accurately identify users, regardless if they change IP address or location. For Enterprise Edition, identification is based on meta-data obtained across different API requests that include: session ID, authorization token, basic authentication string, or encrypted authorization token. For Free and Team Edition, identification is done based on JWT.
Threat blocking (automated)

Threat blocking (automated)

Enables automated threat blocking without any user intervention. Identifies and blocks threat activity based on the threat-score level that is reached. The threat score criteria includes: user, IP range, anomaly detection, and threat signatures.
API rate limit blocking

Rate limiting

Protects against ATO and brute force attacks. Enables the blockage of any IP address that exceeds a predefined usage threshold for a login API Endpoint.
Multi-environment support

Multi-environment support

Automatically discovers applications, microservices, API endpoints, and security events from the application environment. Traceable AI agent can auto-detect the environment where it is installed, filtering relevant views and metrics for the following environments: Test, Staging, or Production.
Custom webhooks

Custom webhooks

Enable real-time notification of critical events. Implements alert integration to Microsoft Teams, Pager Duty, Jira, and other external systems for real-time notification of key events for Admins.
Custom alerts

Custom alerts

Ensures that only relevant alerts are received by the admin. Customize alert generation based on specific criteria such as events, threats, auto-blocking, and security rules.
Advanced integrations
Advanced  admin features
Maximum endpoints
Up to 50
Up to 500
Unlimited
Purchase additional endpoints
N/A
increments of 25 endpoints
increments of 100 endpoints
Support
Email
Standard
Enterprise
Service SLAs
Premium Support
Dedicated Customer Success Manager

Common Questions

What is Traceable AI’s definition of an endpoint?

APIs allow distributed applications, services, and network components to communicate. API endpoints are important aspects of how APIs interact with distributed applications, as they specify where resources and methods can be accessed remotely. Usually, the access is via a URI to which HTTP requests are posted, and from which the response is thus expected.

Traceable defines a unique API endpoint as a combination of a host or service, API version, access method (sometimes called verbs), and the path to the actual resource. An API Endpoint might be external or internal. Parameters of any type do not constitute a new endpoint.

Is there any grace period if you reach a limit?

Short answer, yes. We will provide notification and updates if you’re approaching an important threshold. But, we know things happen. So, we allocate between 10-20% flex usage to ensure you’re properly protected and can make updates to your plan.

On the Team plan, what happens when I hit my limits (endpoints or edge calls)?

For the Team plan, when you hit your limit of endpoints we will notify you and after a grace period, we will bill you in increments of 25 according to the plan. For edge calls (the unit of measure for Advanced Protection and Analytics) we will revert down to Standard processing after 120% of your purchased call count is reached. (i.e. 1.2M calls if you purchased 1M calls).

On the Enterprise plan, what happens when I hit my limits (endpoints or edge calls)?

For the Enterprise plan, when you hit your limit of endpoints we will notify you and after a grace period, we will bill you in increments of 100 according to the plan. For edge calls (the unit of measure for Advanced Protection and Analytics) we will revert down to Standard processing after 120% of your purchased call count is reached. (i.e. 1.2M calls if you purchased 1M calls).

Is there ever a point when Traceable will stop protecting my APIs?

Yes, if you exceed 200% of what you purchased, we will stop protecting your application.

What capabilities do I get with Advanced Protection and Analytics?

Advanced Protection and Analytics is the name of the data processing setting that sends all trace data to our cloud servers for our AI engine to learn and derive insights about your apps and environment. Advanced Protection and Analytics brings even greater security and protection to your APIs. The usage unit of ACP is measured in edge calls and purchased in MEC (millions of edge calls).

ACP enables the following capabilities: Full payload content (request & response), Trace Explorer (deeper visibility), Sensitive data auto-detection, User behavior anomaly detection, and detection and blocking of advanced API attacks (eg. BOLA).

Ready to
learn more?

view a demo book a call