Inventory

API risk scoring

Updated: June 19, 2025

apis inventory

FireTail's API Risk Scoring system evaluates and categorizes APIs based on open findings based. The severity of the findings-critical, high, medium, and low- determine the risk score.

How risk scores are banded

The risk score is divided into bands determined by the severity of the open findings associated with the API:

  • Critical: 80-100
  • High: 60-80
  • Medium: 40-60
  • Low: Below 40

Each severity level influences the score differently, and the number of open findings plays a role in determining the score. A log based scale is used to ensure that findings of higher severity have a larger impact on the overall risk score.

Score breakdown

  • Critical Findings:
    If there is at least one critical finding, the risk score will be set between 80-100.
  • High Findings:
    If no critical findings exist, the system evaluates high findings. Any high findings result in a score between 60 and 80.
  • Medium Findings:
    If neither critical nor high findings are present, the system checks for medium findings, with the score falling between 40 and 60.
  • Low Findings: If only low-severity findings exist, the risk score will be below 40.

This scoring system helps prioritize remediation efforts by highlighting the APIs that pose the greatest security risks.

Need help?

Contact FireTail support

Previous (Inventory - APIs)
Delete an API token
Next (Inventory - Applications)
Create an application