Imperva API Security is a unified platform that provides API discovery, risk assessment, detection, and mitigation capabilities across cloud, on-premises, and hybrid environments. The platform continuously discovers public, private, and shadow APIs, performing data classification and risk assessment to identify vulnerabilities aligned with the OWASP API Security Top 10. The solution includes business logic threat protection with real-time BOLA (Broken Object Level Authorization) detection and response using hybrid behavioral and rule-based engines. It offers automated inline mitigation through integration with Cloud WAF and WAF Gateway. The platform supports multiple deployment models including agent-based and agentless configurations, with options for cloud-managed or self-managed implementations. API Security Testing functionality enables shift-left security by scanning API specification files to identify posture gaps, design flaws, and configuration weaknesses before deployment. The platform provides continuous monitoring of API changes, tracks design flaws, and detects vulnerabilities to prevent attacks. Integration capabilities extend to bot protection through coordination with Imperva Advanced Bot Protection, as well as connections to API gateways, proxies, and load balancers. The solution supports monitoring of both north-south and east-west traffic patterns, including encrypted applications and microservices architectures.