Publish API discovery docs

documentation/waap/api-discovery-and-protection.md

@@ -12,4 +12,8 @@ API endpoints may expose sensitive data or functionality that's not accessible t
 
 To ensure that your domain is fully protected with Gcore WAAP, extend your web security with advanced API protection settings: 
 
+* **API Discovery**: set up automated detection of potential APIs; add and manage existing endpoints. 
+
+* **API base path**: configure API protection by manually specifying the base paths of your API endpoints.
+
 * **Configure API access with reserved tags**: group APIs by access level and determine which user roles are permitted to access each group. 

documentation/waap/api-discovery-and-protection/api-discovery.md

@@ -1,7 +1,7 @@
 ---
 title: api-discovery
 displayName: 'API discovery'
-published: false
+published: true
 order: 20
 pageTitle: 'Learn about Gcore API discovery | Gcore'
 pageDescription: 'Learn about Gcore API discovery measures.'

documentation/waap/api-discovery-and-protection/configure-api-access-with-reserved-tags.md

@@ -30,14 +30,20 @@ Here’s the list of reserved tags applicable only for the API protection:
 * Ignore CCN Detection
 * Ignore SSN Detection
 
-These tags can be added to your API endpoints using <a href="https://gcore.com/docs/waap/waap-rules/custom-rules" target="_blank">custom rules</a>.
+These tags can be added to your API endpoints either via the <a href="https://gcore.com/docs/waap/api-discovery-and-protection/api-discovery" target="_blank">API Discovery</a> feature or by using <a href="https://gcore.com/docs/waap/waap-rules/custom-rules" target="_blank">custom rules</a>.
 
 ## Configure API protection 
 
 The following steps will guide you through the process of protecting your endpoints from unauthorized access.  
 
 After you complete the steps, it’s important to enable the relevant policies within the <a href="https://gcore.com/docs/waap/waap-policies/advanced-api-protection" target="_blank">Advanced API protection</a> policy group to make sure everything is set up correctly. 
 
+<alert-element type="info" title="Info">
+
+To ensure that your APIs are fully protected, enable the <a href="https://gcore.com/docs/waap/api-discovery-and-protection/api-discovery" target="_blank">API Discovery</a> feature or manually add your endpoints to the <a href="https://gcore.com/docs/waap/api-discovery-and-protection/configure-api-base-path" target="_blank">API base path</a> so that WAAP correctly recognizes these endpoints as associated with your domain.
+
+</alert-element>
+
 ### Step 1. Group endpoints based on their access levels 
 
 The first step in API protection is to categorize your endpoints based on their authorization levels: 

documentation/waap/api-discovery-and-protection/configure-api-base-path.md

@@ -1,7 +1,7 @@
 ---
 title: configure-api-base-path
 displayName: 'Manually add endpoints to API base path'
-published: false
+published: true
 order: null
 toc: 10
 pageTitle: 'A guide on how to configure API base path in Gcore WAAP | Gcore'

documentation/waap/getting-started/configure-waap-for-a-domain.md

@@ -10,7 +10,8 @@ toc:
    --1--Step 4. View your domain’s traffic: "step-4-view-your-domain-traffic"
    --1--Step 5. Test your WAAP configuration: "step-5-test-your-waap-configuration"
    --1--Step 6. Allow admins, bots, and CMS: "step-6-allow-admins-bots-and-cms"  
-   --1--Step 7. Enable protect mode: "step-8-enable-protect-mode"
+   --1--Step 7. Configure your APIs: "step-7-configure-your-apis"
+   --1--Step 8. Enable protect mode: "step-8-enable-protect-mode"
 pageTitle: Set up Gcore WAAP for your domain | Gcore
 pageDescription: Learn how to integrate your domain with our WAAP and configure the initial settings.
 ---
@@ -178,7 +179,13 @@ Follow these steps to allow crawlers, scanners, monitoring bots, and similar too
 
 The <a href="https://gcore.com/docs/waap/waap-policies/common-automated-services" target="_blank">common automated services</a> policy group allows a few trusted bots by default, which is why we recommend reviewing this list before enabling the protect mode.
 
-## Step 7: Enable protect mode 
+## Step 7: Configure your APIs
+
+If you plan to serve JSON requests through an API on your domain, you can disable the JavaScript injection and CAPTCHA functionalities for specified API endpoints.
+
+You can <a href="https://gcore.com/docs/waap/api-discovery-and-protection/configure-api-base-path" target="_blank">manually add endpoints to API base path</a> or <a href="https://gcore.com/docs/waap/api-discovery-and-protection/api-discovery" target="_blank">configure the API Discovery feature</a> to automatically detect and protect your APIs.
+
+## Step 8: Enable protect mode 
 
 1\. In the <a href="https://accounts.gcore.com/reports/dashboard" target="_blank">Gcore Customer Portal</a>, navigate to **WAAP** > **Domains**.
 

documentation/waap/waap-policies/advanced-api-protection.md

@@ -71,8 +71,10 @@ There are three levels of API endpoint authorization:
 
 * **Non-privileged**: Users who will be blocked from all access endpoints that are privileged or admin. 
 
-To ensure only admins and privileged users can access sensitive endpoints, you can create tags that will be applied when the defined header, token, or other identifier is present. You can then create <a href="https://gcore.com/docs/waap/api-discovery-and-protection/configure-api-access-with-reserved-tags" target="_blank">WAAP rules</a> to control API access based on these tags. 
+To ensure only admins and privileged users can access sensitive endpoints, you can create tags that will be applied when the defined header, token, or other identifier is present. You can then use the <a href="https://gcore.com/docs/waap/api-discovery-and-protection/api-discovery" target="_blank">API Discovery</a> feature and create <a href="https://gcore.com/docs/waap/api-discovery-and-protection/configure-api-access-with-reserved-tags" target="_blank">WAAP rules</a> to control API access based on these tags. 
 
 ### Non-baselined API requests 
 
-Enable a positive security policy that blocks requests to endpoints that aren’t part of the API baseline—a defined version of your API where all protected endpoints are listed. 
+Enable a positive security policy that blocks requests to endpoints that aren’t part of the API baseline—a defined version of your API where all protected endpoints are listed. 
+
+You can also add endpoints to the <a href="https://gcore.com/docs/waap/api-discovery-and-protection/api-discovery#api-baseline" target="_blank">API baseline</a> if you don’t want to perform a network or API specification file scan.

documentation/waap/waap-rules/custom-rules/tag-rules.md

@@ -59,4 +59,4 @@ Consider that rules with user-defined tags run before the rules, which use our p
 
 </alert-element>
 
-For more examples of tag generating rules, check out the <a href="https://gcore.com/docs/waap/waap-rules/custom-rules/tag-rules/reserved-tags" target="_blank">Reserved tags (user-defined)</a> guide.
+For more examples of tag generating rules, check out the following guides: <a href="https://gcore.com/docs/waap/waap-rules/custom-rules/tag-rules/reserved-tags" target="_blank">Reserved tags</a> (user-defined) and <a href="https://gcore.com/docs/waap/api-discovery-and-protection/configure-api-access-with-reserved-tags" target="_blank">Configure API access with reserved tags</a>.