What this looks like in the scanner
securecompass.io/public-exposure-scanner
Critical
prod-data-api
API Gateway REST API has 12 methods with Authorization set to NONE
High
payment-processing-api
API Gateway resource policy allows access from any IP address (0.0.0.0/0)
Medium
internal-tools-api
API Gateway stage has no usage plan or throttling configured
What does API Gateway public exposure mean?
API Gateway endpoints are typically public by design, but the risk lies in endpoints deployed without authorization - no API keys, no IAM auth, no Cognito authorizer. This means anyone who discovers the endpoint URL can call your API.
Why it matters
Unauthenticated API endpoints can expose backend data, allow unauthorized actions, and generate unexpected costs. APIs are increasingly targeted by automated tools that discover and enumerate endpoints.
How to check manually
- 1Open API Gateway console and review each method's authorization setting
- 2Check for methods with Authorization: NONE
- 3Review usage plans and API key requirements
- 4Check resource policies for overly permissive access
Quick check with AWS CLI
List all REST APIs and their endpoint types
aws apigateway get-rest-apis --query "items[].{Name:name,Id:id,EndpointType:endpointConfiguration.types[0]}"Find methods without authorization on an API
aws apigateway get-resources --rest-api-id YOUR_API_ID --query "items[].{Path:path,Methods:resourceMethods}" --output tableCheck a specific API's resource policy
aws apigateway get-rest-api --rest-api-id YOUR_API_ID --query "policy"Common misconfigurations
Methods deployed without an authorizer
API key requirement not enforced on all stages
Resource policy allowing access from any IP
CORS configuration too permissive
Check all 22 resource types at once
Instead of checking each service manually, scan your entire AWS account and see every public exposure ranked by risk.
Scan My Account