API Relay Scanner: Detect If Your API Goes Through a Middleman

How to scan your API endpoint for relay servers, data interception, and unauthorized intermediaries.

When you use a third-party API provider, your requests may pass through multiple servers before reaching the actual model. Each relay server is a potential security risk — it can log your data, inject content, and add latency. Here is how to detect them.

What is an API Relay?

An API relay (also called an API proxy or API gateway) sits between your application and the original API provider. While some relays are legitimate, many are unauthorized intermediaries that:

• Intercept and log your prompts and model responses
• Modify requests by injecting hidden system prompts
• Substitute models — routing to cheaper alternatives
• Inflate costs through token count manipulation

How API-DNA Detects Relays

Our relay scanner performs multiple checks on your API endpoint:

1. IP/ASN analysis — Compare the endpoint IP against known provider IP ranges
2. Server header inspection — Check for proxy headers (X-Forwarded-For, Via, etc.)
3. Response timing — Extra relay hops add measurable latency
4. Behavioral fingerprinting — Relay-injected system prompts change model behavior
5. TLS certificate analysis — Certificate mismatches reveal proxy servers