APIsec Endpoints will get only discovered when all the below conditions are met
In the API response, http status code should be between 2xx and 3xx. If http status code contains 1xx, 4xx or 5xx, then APIsec endpoints will not be discovered.
If the Response body or Content-length of API response is <10000 bytes. Currently this is hard coded limit and cant be changed
If Content-type indicates that response is an API response. Content-type for valid API response would be application/json, application/xml
When all the above 3 conditions are matched, only then the API endpoints will be discovered.
If API call satisfy all the above 3 criteria and ...