APIsec Endpoints will get only discovered when all the below conditions are met
- In the API response, http status code should be between 2xx and 3xx. If http status code contains 1xx, 4xx or 5xx, then APIsec endpoints will not be discovered.
- If the Response body or Content-length of API response is <10000 bytes. Currently this is hard coded limit and cant be changed
- If Content-type indicates that response is an API response. Content-type for valid API response would be application/json, application/xml
When all the above 3 conditions are matched, only then the API endpoints will be discovered.
If API call satisfy all the above 3 criteria and still API call is not getting discovered, Kindly open a support case with Imperva Support Team for further investigation.