Risk Management

Apiway tracks operational security events in real time and classifies them by severity. The risk dashboard gives you a continuous view of your API security posture.

How It Works

The gateway detects security events at request time and pushes them to the Risk Service for aggregation:

WAF Stage, Security Stage, and Rate Limit Stage detect events during request processing
Events are buffered in OperationalRiskTracker (in-memory, per gateway instance)
Every 30 seconds, OperationalRiskFlushService batches events to the Risk Service
Risk Service classifies severity and publishes to TenantEventChannel
SSE subscribers receive real-time notifications

Event Categories

Category	Source	Severity
WAF Violation	Web Application Firewall	Always Critical
Auth Failure	Security stage	Critical (10+ events), Warning otherwise
Rate Limit Breach	Rate limit stage	Critical (50+ events), Warning otherwise

Severity escalates automatically based on event volume — a few auth failures might be typos, but a burst of 50 signals an attack.

Risk Dashboard

The management UI surfaces risks at multiple levels:

Home Dashboard

The Active Risks KPI card shows a colour-coded indicator:

Red — Critical risks requiring immediate attention
Amber — Warning-level risks
Green — No active risks

API Detail Page

Each API has a Risks tab showing:

Direct risks for this API
Dependency risks (risks on APIs this one depends on)
Risk category breakdown

Tenant Risk Page

The /risks page provides a full risk dashboard:

All risk categories with severity badges
Complete risk list with filtering
Trends over time

Real-Time Events

Risk events are published via Server-Sent Events (SSE). Your applications can subscribe for real-time notifications:

curl -N https://risk.api.apiway.net/v1/events/subscribe \
  -H "Authorization: Bearer $TOKEN" \
  -H "Accept: text/event-stream"

Events are tenant-isolated — you only receive events for your own tenant. The tenant is determined from the JWT, not a query parameter, so it can’t be forged.