Cybersecurity, Endpoint and Data Stores Documentation Examples
Example Endpoint and Data Store Documentation
About Endpoint and Data Stores Documentation
The purpose of this document is to provide guidance and examples on how to properly document API endpoints and data stores.
Properly documenting endpoints and data stores is expected and helps comply with the IT-08 Development Process Standard IT-08.4.1.
In many cases a text table located in README.md in the code repository will suffice.
Example Endpoint Documentation
The documentation for an application should include a list of endpoints the application uses and their purposes.
Recording additional fields can assist during routine maintenance or when responding to a cybersecurity incident.
| Endpoint | Type | Purpose | Stage | Access | Contact |
|---|---|---|---|---|---|
| https://ldap.example.illinois.edu/api/v2/ | LDAP | User lookup | Prod | Read Only | < group contact email address > |
| https://chatbot.example.illinois.edu/rest/api/2/ | JSON REST API | Chat Bot Notification | Prod | Read/Write | < URL to group contact list page > |
| https://ticketing.example.illinois.edu/ticket/v3/ | XML API | Ticketing | Prod | Read/Write | < group contact email address > |
| https://ticketing-test.example.illinois.edu/ticket/v3/ | XML API | Ticketing - Testing | Test | Read/Write | See 'Prod' row. |
Example Data Store Documentation
The record for the data stores should list the highest data sensitivity of any data in that data store.
| Data Store | Data Type | Sensitivity | Notes |
|---|---|---|---|
| ICSDB | MySQL DB | Public | Read Only - For finding and comparing local ice cream shops |
| HeavyRock DB | MongoDB | Internal | Read Only - A list of potential rocks to send through the mail |
| WatcherDB | MySQL DB | High Risk | Read Only - For observing the universe. High sensitivity because it knows all and sees all. |