Capability

API Security

Show how API posture becomes a governed, proof-backed risk lane.

Discuss design-partner lane
Roadmap previewPublic / catalog-only

What VALTY owns

API inventory, contract governance, OWASP API validation, auth posture. VALTY owns the proof/remediation layer, source coverage, buyer workflow, and visible business impact for this lane.

What remains customer-owned

Dedicated API security page remains gated until FR-D14 surfaces are green.

Buyer path

AppSec, platform engineering should route through `/access` with source page and requested wedge preserved in Attio.

API Security product surface
API SecurityPlanned API contract and auth posture proof artifact

Proof matrix

Capability proof requirements

Each capability page keeps the claim, source, confidence, and publication boundary visible before it asks a buyer to believe the outcome.

ClaimSourceConfidenceFreshness
Capability claimAPI inventory, contract governance, OWASP API validation, auth postureRoadmap previewPublic / catalog-only
Evidence artifactPlanned API contract and auth posture proof artifactSource-linkedReviewed before publish
BoundaryDedicated API security page remains gated until FR-D14 surfaces are green.Claim-reviewedQuarterly or on product change