diff --git a/documentation/waap/api-discovery-and-protection.md b/documentation/waap/api-discovery-and-protection.md
index 098d89a6..123b561e 100644
--- a/documentation/waap/api-discovery-and-protection.md
+++ b/documentation/waap/api-discovery-and-protection.md
@@ -12,4 +12,8 @@ API endpoints may expose sensitive data or functionality that's not accessible t
To ensure that your domain is fully protected with Gcore WAAP, extend your web security with advanced API protection settings:
+* **API Discovery**: set up automated detection of potential APIs; add and manage existing endpoints.
+
+* **API base path**: configure API protection by manually specifying the base paths of your API endpoints.
+
* **Configure API access with reserved tags**: group APIs by access level and determine which user roles are permitted to access each group.
diff --git a/documentation/waap/api-discovery-and-protection/api-discovery.md b/documentation/waap/api-discovery-and-protection/api-discovery.md
index 955969c9..b14e7ab8 100644
--- a/documentation/waap/api-discovery-and-protection/api-discovery.md
+++ b/documentation/waap/api-discovery-and-protection/api-discovery.md
@@ -1,7 +1,7 @@
---
title: api-discovery
displayName: 'API discovery'
-published: false
+published: true
order: 20
pageTitle: 'Learn about Gcore API discovery | Gcore'
pageDescription: 'Learn about Gcore API discovery measures.'
diff --git a/documentation/waap/api-discovery-and-protection/configure-api-access-with-reserved-tags.md b/documentation/waap/api-discovery-and-protection/configure-api-access-with-reserved-tags.md
index 20bfcedf..e9e47fcb 100644
--- a/documentation/waap/api-discovery-and-protection/configure-api-access-with-reserved-tags.md
+++ b/documentation/waap/api-discovery-and-protection/configure-api-access-with-reserved-tags.md
@@ -30,7 +30,7 @@ Here’s the list of reserved tags applicable only for the API protection:
* Ignore CCN Detection
* Ignore SSN Detection
-These tags can be added to your API endpoints using custom rules.
+These tags can be added to your API endpoints either via the API Discovery feature or by using custom rules.
## Configure API protection
@@ -38,6 +38,12 @@ The following steps will guide you through the process of protecting your endpoi
After you complete the steps, it’s important to enable the relevant policies within the Advanced API protection policy group to make sure everything is set up correctly.
+
+
+To ensure that your APIs are fully protected, enable the API Discovery feature or manually add your endpoints to the API base path so that WAAP correctly recognizes these endpoints as associated with your domain.
+
+
+
### Step 1. Group endpoints based on their access levels
The first step in API protection is to categorize your endpoints based on their authorization levels:
diff --git a/documentation/waap/api-discovery-and-protection/configure-api-base-path.md b/documentation/waap/api-discovery-and-protection/configure-api-base-path.md
index 3c0c71e5..06823ab2 100644
--- a/documentation/waap/api-discovery-and-protection/configure-api-base-path.md
+++ b/documentation/waap/api-discovery-and-protection/configure-api-base-path.md
@@ -1,7 +1,7 @@
---
title: configure-api-base-path
displayName: 'Manually add endpoints to API base path'
-published: false
+published: true
order: null
toc: 10
pageTitle: 'A guide on how to configure API base path in Gcore WAAP | Gcore'
diff --git a/documentation/waap/getting-started/configure-waap-for-a-domain.md b/documentation/waap/getting-started/configure-waap-for-a-domain.md
index 8b301677..fc486a42 100644
--- a/documentation/waap/getting-started/configure-waap-for-a-domain.md
+++ b/documentation/waap/getting-started/configure-waap-for-a-domain.md
@@ -10,7 +10,8 @@ toc:
--1--Step 4. View your domain’s traffic: "step-4-view-your-domain-traffic"
--1--Step 5. Test your WAAP configuration: "step-5-test-your-waap-configuration"
--1--Step 6. Allow admins, bots, and CMS: "step-6-allow-admins-bots-and-cms"
- --1--Step 7. Enable protect mode: "step-8-enable-protect-mode"
+ --1--Step 7. Configure your APIs: "step-7-configure-your-apis"
+ --1--Step 8. Enable protect mode: "step-8-enable-protect-mode"
pageTitle: Set up Gcore WAAP for your domain | Gcore
pageDescription: Learn how to integrate your domain with our WAAP and configure the initial settings.
---
@@ -178,7 +179,13 @@ Follow these steps to allow crawlers, scanners, monitoring bots, and similar too
The common automated services policy group allows a few trusted bots by default, which is why we recommend reviewing this list before enabling the protect mode.
-## Step 7: Enable protect mode
+## Step 7: Configure your APIs
+
+If you plan to serve JSON requests through an API on your domain, you can disable the JavaScript injection and CAPTCHA functionalities for specified API endpoints.
+
+You can manually add endpoints to API base path or configure the API Discovery feature to automatically detect and protect your APIs.
+
+## Step 8: Enable protect mode
1\. In the Gcore Customer Portal, navigate to **WAAP** > **Domains**.
diff --git a/documentation/waap/waap-policies/advanced-api-protection.md b/documentation/waap/waap-policies/advanced-api-protection.md
index 60a1dfb8..35983960 100644
--- a/documentation/waap/waap-policies/advanced-api-protection.md
+++ b/documentation/waap/waap-policies/advanced-api-protection.md
@@ -71,8 +71,10 @@ There are three levels of API endpoint authorization:
* **Non-privileged**: Users who will be blocked from all access endpoints that are privileged or admin.
-To ensure only admins and privileged users can access sensitive endpoints, you can create tags that will be applied when the defined header, token, or other identifier is present. You can then create WAAP rules to control API access based on these tags.
+To ensure only admins and privileged users can access sensitive endpoints, you can create tags that will be applied when the defined header, token, or other identifier is present. You can then use the API Discovery feature and create WAAP rules to control API access based on these tags.
### Non-baselined API requests
-Enable a positive security policy that blocks requests to endpoints that aren’t part of the API baseline—a defined version of your API where all protected endpoints are listed.
\ No newline at end of file
+Enable a positive security policy that blocks requests to endpoints that aren’t part of the API baseline—a defined version of your API where all protected endpoints are listed.
+
+You can also add endpoints to the API baseline if you don’t want to perform a network or API specification file scan.
\ No newline at end of file
diff --git a/documentation/waap/waap-rules/custom-rules/tag-rules.md b/documentation/waap/waap-rules/custom-rules/tag-rules.md
index 8e2ec286..cfc79cbb 100644
--- a/documentation/waap/waap-rules/custom-rules/tag-rules.md
+++ b/documentation/waap/waap-rules/custom-rules/tag-rules.md
@@ -59,4 +59,4 @@ Consider that rules with user-defined tags run before the rules, which use our p
-For more examples of tag generating rules, check out the Reserved tags (user-defined) guide.
\ No newline at end of file
+For more examples of tag generating rules, check out the following guides: Reserved tags (user-defined) and Configure API access with reserved tags.
\ No newline at end of file