Start protecting your APIs

In minutes, not months

No integration delays. See ROI within 7 days.

API pricing hero
Comprehensive Discovery
AI-driven threat detection
Inline Blocking
SaaS or Self-hosted

Find the right plan for your needs

Pick your Plan!
Get Started

Free

No credit card.
  • Included API Calls
    1M total (90 days)
  • Discovery & Inventory
    Automated
  • Threat Detection
    Baseline anomalies
  • Blocking
    Yes – Linked to CVEs
  • Payload Inspection
    Not included
  • Dashboards & Reporting
    Not included
  • Integrations
    Report-ready
  • Deployment
    SaaS
  • Compliance
    Not included
  • Support & SLA
    Email

Growth

Scales with your business
  • Included API Calls
    Starts at 1M/mo
  • Discovery & Inventory
    Automated
  • Threat Detection
    Fully automated (OWASP API Top 10, BOLA/BFLA)
  • Blocking
    Yes – Linked to CVEs
  • Payload Inspection
    Custom rules based*
  • Dashboards & Reporting
    Included
  • Integrations
    Customizable, SIEM-ready
  • Deployment
    SaaS
  • Compliance
    Report-ready forensic logs
  • Support & SLA
    Email/Phone

Enterprise

SaaS/Self-Hosted
  • Included API Calls
    Unlimited
  • Discovery & Inventory
    Automated
  • Threat Detection
    AI-driven, enterprise-grade (incl. business-logic abuse)
  • Blocking
    Yes – Linked to CVEs
  • Payload Inspection
    Included
  • Dashboards & Reporting
    Included
  • Integrations
    Full control, SIEM
  • Deployment
    Self-hosted / air-gapped
  • Compliance
    Report-ready forensic logs
  • Support & SLA
    99.95% uptime, Priority SLA
  • Blocking add-on available on Growth so SMBs can start observability-first, then turn on prevention.
  • Data retention: 90 days by default, customizable for enterprise plans.

Neglecting API Security

Can Cost Over $5.75M

API ROI visualization

Save REAL $$$ With A Free Plan

ROI of API Security Solution

Number of APIs

Internal & External

100

Pentesting frequency

How many API pentests do you conduct in a year?

1

Manual Log Monitoring Hours

(average hrs/month)

10

Avg. Unscheduled API Downtime

(average hrs/month)

3

Cost Saved in 1 Quarter

$10,710
$10,710 saved in one quarter
Calculate Your Savings

What you get on DAY 1

  • Current step

    Automated API discovery (including shadow & zombie)

    Automated API discovery (including shadow & zombie) (active)
  • Upcoming step

    AI-driven threat detection with deep payload analysis

    AI-driven threat detection with deep payload analysis (inactive)
  • Upcoming step

    Dashboards, reports, and SIEM-ready exports

    Dashboards, reports, and SIEM-ready exports (inactive)
  • Upcoming step

    Flexible deployment: SaaS or self-hosted

    Flexible deployment: SaaS or self-hosted (inactive)
FAQs
We meter external API requests—calls coming from outside your environment (users, mobile apps, partners) that pass through your ingress controllers or load balancers. Internal, inter-service traffic isn’t charged.
External interactions are your primary attack surface and business touchpoints. Rakuten SixthSense gives complete visibility of internal API calls for security purposes without penalizing the high volume of internal microservice communications that are essential for modern architectures.
A single inbound HTTP/S request to a routable endpoint counts as one request, regardless of any downstream work it triggers. Retries and 4xx/5xx responses count, since they consume analysis and protection. GraphQL over HTTP: each request equals one call. gRPC unary: each RPC equals one call. Streaming (gRPC/WebSocket): by default, session initiation equals one call; message-level metering is available for special cases (aligned during onboarding).
You choose a monthly commit (tiered volume). We include 70/90/100% usage alerts. If you exceed the buffer, simple overage per 1M calls applies, or you can upgrade with no disruption.
No. Comprehensive API discovery—including shadow and zombie APIs—is included in your subscription. Visibility should never be a penalty.
No. Pricing is based primarily on the volume of API requests, not the size of payloads transferred.
Yes. We provide a real-time dashboard to track API request volumes against your plan and predict potential cost implications. 70/90/100% usage alerts are included.
We secure REST, GraphQL, gRPC, SOAP, and event/stream APIs, inline or out-of-band depending on your architecture.
No. Your subscription includes continuous updates, platform enhancements, and new features during the agreed license period—no hidden costs for standard feature rollouts.
We scale to tens of millions of calls per day out of the box, with linear scale beyond that. Contact us for 1B+ monthly volumes.
No. You can monitor multiple apps and microservices. Pricing is based on API call volumes.
Growth (SMB Accelerator): available as an add-on (via WAF/API gateway/sidecar). Enterprise (Cloud & Self-Hosted): included—AI-driven detection with inline blocking and architecture-aware policies.

Scan your platform for

API threats within minutes

Just add your public API or URL. No integration needed.

Scan Now

Stay Updated

Subscribe to Rakuten SixthSense Spotlight.

Get the latest in security, news and insights.