Application Security API v1

Manage the Web Application Firewall (WAF) configuration for your Akamai security products.

Learn more:


Overview

The Application Security API allows you to access and modify your Security Configurations for Kona Site Defender and Client Reputation. You can create, update, activate, and export versions of a security configuration. You can retrieve selectable hostnames and add them to the selected list to protect your website or API content. You also can add, modify, or delete custom rules and assign policy actions.

A Web Application Firewall (WAF) is an application security measure deployed between a web client and a web server that performs a deep inspection of every request and response for all common forms of web traffic. Identifying and isolating or blocking abnormal malicious traffic, a WAF effectively prevents threats from reaching the server.

All Custom Rule APIs and resources are in Beta.

Who should use this API

This API is for security operations teams and developers who implement Akamai security products for their organization. You need to have a working knowledge of your application and how the configurable objects interact. If you are not familiar with these topics, see Resources for more information.

Getting started

Before using the Application Security API for the first time:

  • Review Get Started with APIs for details on how to set up client tokens to access any Akamai API. These tokens appear as custom hostnames that look like this: https://akzz-XXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXX.luna.akamaiapis.net.

  • To enable this API, choose the API service named Application Security, and set the access level to READ-WRITE.

Example 1: add a hostname to a new configuration version

The following example presents the order of operations to modify a configuration, provide additional hostnames, and activate the new configuration version:

  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a verisonNumber.

  3. Run Get configuration version details to retrieve a Configuration object.

  4. You cannot edit the configuration version if it is ACTIVE on staging or production servers. To create a new version, craft a ConfigurationClone object and make a POST request to /appsec/v1/configs/{configId}/versions.

  5. Run List selectable hostnames to retrieve a list of Set objects containing hostname information.

  6. List selected hostnames to retrieve a SelectedHostnames object.

  7. Modify the SelectedHostnames object.

  8. Make a PUT request to /appsec/v1/configs/{configId}/versions/{versionNumber}/selected-hostnames.

  9. Run List security policies and select a policyId.

  10. Run Create a match target to create a new MatchTarget object. Note the targetId in the response.

  11. Run Get a match target

  12. Modify the MatchTarget object.

  13. Make a PUT request to /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/{targetId}.

  14. Run List match targets.

  15. Craft a MatchTargetOrder object using the targetIds.

  16. Make a PUT request to /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/sequence.

  17. Create an Activation object.

  18. Make a POST request to /appsec/v1/activations to activate the configuration version.

  19. Run Get activation status to check the activation status. The response is an Activation object.

Example 2: add a custom rule to an existing configuration version

The following example presents the order of operations to modify a configuration, add a new custom rule, and activate the new configuration version:

  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a verisonNumber.

  3. Run Get configuration version details to retrieve a Configuration object.

  4. You cannot edit the configuration version if it is ACTIVE on staging or production servers. To create a new version, craft a ConfigurationClone object and make a POST request to /appsec/v1/configs/{configId}/versions.

  5. Run Create a custom rule to create a new CustomRule object. Note the ruleId in the response.

  6. Run Get a custom rule.

  7. Modify the CustomRule object.

  8. Make a PUT request to /appsec/v1/configs/{configId}/custom-rules/{ruleId}.

  9. Run List security policies and select a policyId.

  10. Make a PUT request with a single-member object containing the specified action to /appsec/v1/configs/{configId}/versions/1/security-policies/{policyId}/custom-rules/{ruleId}.

  11. Create an Activation object.

  12. Make a POST request to /appsec/v1/activations to activate the configuration version.

  13. Run Get activation status to check the activation status. The response is an Activation object.

Example 3: export an existing configuration version

The following example presents the order of operations to retrieve and export an existing configuration version:

  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a verisonNumber.

  3. Make a GET request to /appsec/v1/export/configs/{configId}/versions/{versionNumber}.

Resources

This section provides details on each API operation.

The following list provides a road map of all the conceptual objects you deal with when interacting with the Application Security API, and provides pointers to where you can learn more.

  • Configuration: A security configuration specifies hostnames, security policies, custom rules, and match targets. You activate a security configuration to Akamai’s edge servers, where it works with your delivery configuration to evaluate requests, and determines how to handle them.

    Security configurations are versioned. This is a handy way to update a configuration, even if it’s active on staging or production. Clone a version and edit it. When it’s ready, activate and test the new version. As you refine and test your updates, you have an audit trail of changes and can rollback to prior versions. You can also export the details of a configuration version.

  • Hostnames: Selecting a hostname lets you specify the web content you want to protect in your configuration. You can retrieve a list of selectable hostnames and add new entries to the selected hostnames object in your configuration.

    You can associate a security configuration with many hostnames, but a single hostname is covered by only one active security configuration at a time.

  • Security Policy: Security policies control how to respond to different requests and define the response action that occurs. If necessary, you can create more than one security policy. For example, you may need to apply one set of protections to website pages and a different set to APIs.

  • Custom Rule: Custom rules can handle scenarios not covered by the included standard rules and quickly patch new website vulnerabilities. You can trigger an alert or denial based on various components of the request, such as method, path, file extension, headers, cookies,query string, and POST body variables. Custom rules are configuration-level resources, which means they’re available to all policies in a security configuration, but they don’t version in lock-step. When you change a custom rule, it affects all inactive versions of your security configuration, but not activated ones. To roll back, you must choose a previously activated version.

  • Match Target: Defines which security policy applies to which API, hostname, or path. You can use a match target to focus a policy on a specific set of requests, such as those for .asp, .jsp, or .php file types. When your security configuration assesses a request, it checks to see if the request meets match target criteria. If it does, protections apply. If not, content delivery starts.

API summary

Download the RAML descriptors for this API.

Operation Method Endpoint
Security Configurations  
List configurations GET /appsec/v1/configs
Security Configuration Versions  
List configuration versions GET /appsec/v1/configs/{configId}/versions{?page,pageSize,detail}
Clone a configuration version POST /appsec/v1/configs/{configId}/versions
Security Configuration Version  
Get configuration version details GET /appsec/v1/configs/{configId}/versions/{versionNumber}
Security Configuration Version Export  
Export configuration version GET /appsec/v1/export/configs/{configId}/versions/{versionNumber}
Hostnames  
List selectable hostnames GET /appsec/v1/configs/{configId}/versions/{versionNumber}/selectable-hostnames
List selected hostnames GET /appsec/v1/configs/{configId}/versions/{versionNumber}/selected-hostnames
Modify selected hostnames PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/selected-hostnames
Security Policies  
List security policies GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies{?notMatched,detail}
Match Targets  
List match targets GET /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets{?policyId,includeChildObjectName}
Create a match target POST /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets
Modify match target order PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/sequence
Get a match target GET /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/{targetId}{?includeChildObjectName}
Modify a match target PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/{targetId}
Remove a match target DELETE /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/{targetId}
Custom Rules Builder  
List custom rules GET /appsec/v1/configs/{configId}/custom-rules
Create a custom rule POST /appsec/v1/configs/{configId}/custom-rules
Get a custom rule GET /appsec/v1/configs/{configId}/custom-rules/{ruleId}
Modify a custom rule PUT /appsec/v1/configs/{configId}/custom-rules/{ruleId}
Remove a custom rule DELETE /appsec/v1/configs/{configId}/custom-rules/{ruleId}
Custom Rules Actions  
List custom rule actions GET /appsec/v1/configs/{configId}/versions/1/security-policies/{policyId}/custom-rules
Modify a custom rule action PUT /appsec/v1/configs/{configId}/versions/1/security-policies/{policyId}/custom-rules/{ruleId}
Security Config Activation  
Activate a configuration version POST /appsec/v1/activations
Get an activation request status GET /appsec/v1/activations/status/{statusId}
Get activation status GET /appsec/v1/activations/{activationId}

List configurations

Retrieves a list of available security configurations.

GET /appsec/v1/configs

Status 200 application/json

Response Body:

{
    "configurations": [
        {
            "id": 22330,
            "latestVersion": 5,
            "name": "CaroTestTransition2Versioning",
            "description": "(user notes)"
        },
        {
            "id": 7180,
            "latestVersion": 9,
            "name": "Corporate Sites WAF",
            "productionHostnames": [
                "example.com",
                "www.example.net",
                "m.example.com"
            ],
            "productionVersion": 1,
            "stagingVersion": 2
        }
    ]
}

List configuration versions

Retrieves a list of versions available for the specified security configuration.

GET /appsec/v1/configs/{configId}/versions{?page,pageSize,detail}

Sample: /appsec/v1/configs/8277/versions?page=1&pageSize=10&detail=false

Parameter Type Sample Description
URL parameters
configId Integer 8277 A unique identifier for each configuration.
Optional query parameters
detail Boolean false When true, results contain detailed information on items. When false, results contain summary information on items.
page Integer 1 The index of the result page. If the value is -1, then pagination is ignored. The default value is 1.
pageSize Integer 10 The number of items in the result page. The default value is 25.

Status 200 application/json

Response Body:

{
    "totalSize": 3,
    "pageSize": 3,
    "page": 1,
    "configId": 8277,
    "configName": "TestConfig",
    "stagingExpediteRequestId": 5861,
    "productionExpediteRequestId": 6951,
    "productionActiveVersion": 9,
    "stagingActiveVersion": 8,
    "lastCreatedVersion": 9,
    "versionList": [
        {
            "version": 9,
            "versionNotes": "Membership Benefits",
            "createDate": "2013-10-07T17:58:52Z",
            "createdBy": "user1",
            "basedOn": 8,
            "production": {
                "status": "Active",
                "time": "2014-07-08T07:40:00Z"
            },
            "staging": {
                "status": "Inactive"
            }
        },
        {
            "version": 8,
            "versionNotes": "Membership Benefits",
            "createDate": "2013-10-07T17:41:52Z",
            "createdBy": "user2",
            "basedOn": 7,
            "production": {
                "status": "Inactive"
            },
            "staging": {
                "status": "Active",
                "time": "2014-07-08T07:40:00Z"
            }
        },
        {
            "version": 7,
            "versionNotes": "Membership Benefits",
            "createDate": "2013-08-07T17:41:52Z",
            "createdBy": "user3",
            "production": {
                "status": "Inactive"
            },
            "staging": {
                "status": "Inactive"
            }
        }
    ]
}
  1. Run List configurations and select a configId.

  2. Optionally, set the pageSize and page query parameters to control the size of each page, and navigate to specific pages of results.

  3. Optionally, enable the detail query parameter for detailed information on the items returned.

  4. Make a GET request to /appsec/v1/configs/{configId}/versions{?page,pageSize,detail}.

Clone a configuration version

Creates a new version of the specified security configuration.

POST /appsec/v1/configs/{configId}/versions

Sample: /appsec/v1/configs/8277/versions

Content-Type: application/json

Request Body:

{
    "createFromVersion": 1,
    "ruleUpdate": false
}
Parameter Type Sample Description
URL parameters
configId Integer 8277 A unique identifier for each configuration.

Status 200 application/json

Response Body:

{
    "configId": 8277,
    "configName": "TestConfig",
    "version": 2,
    "versionNotes": "Membership Benefits",
    "createDate": "2013-10-07T17:58:52Z",
    "createdBy": "user1",
    "basedOn": 1,
    "production": {
        "status": "Active",
        "time": "2014-07-08T07:40:00Z"
    },
    "staging": {
        "status": "Inactive"
    }
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a verisonNumber.

  3. Create a ConfigurationClone object.

  4. Make a POST request to /appsec/v1/configs/{configId}/versions.

The response reflects the new Configuration object.

Get configuration version details

Retrieves details for a configuration version.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}

Sample: /appsec/v1/configs/8277/versions/2

Parameter Type Sample Description
URL parameters
configId Integer 8277 A unique identifier for each configuration.
versionNumber Integer 2 A unique identifier for each version of a configuration.

Status 200 application/json

Response Body:

{
    "configId": 8277,
    "configName": "TestConfig",
    "version": 2,
    "versionNotes": "Membership Benefits",
    "createDate": "2013-10-07T17:58:52Z",
    "createdBy": "user1",
    "basedOn": 1,
    "production": {
        "status": "Active",
        "time": "2014-07-08T07:40:00Z"
    },
    "staging": {
        "status": "Inactive"
    }
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a verisonNumber.

  3. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}.

The response is a Configuration object.

Export configuration version

Retrieves all the details for a configuration version.

GET /appsec/v1/export/configs/{configId}/versions/{versionNumber}

Sample: /appsec/v1/export/configs/8277/versions/2

Parameter Type Sample Description
URL parameters
configId Integer 8277 A unique identifier for each configuration.
versionNumber Integer 2 A unique identifier for each version of a configuration.

Status 200 application/json

Response Body:

{
    "configId": 8277,
    "configName": "New Security Config",
    "version": 2,
    "basedOn": 1,
    "staging": {
        "status": "Inactive"
    },
    "production": {
        "status": "Inactive"
    },
    "createDate": "2017-09-08T22:24:41Z",
    "createdBy": "disharma",
    "selectableHosts": [
        "www.example1.com",
        "www.example2.com"
    ],
    "selectedHosts": [
        "www.example3.com",
        "www.example4.com"
    ],
    "errorHosts": [
        {
            "hostname": "bankoflaverty.com",
            "reasonCode": 400,
            "reason": "property is not active in either production or staging"
        },
        {
            "hostname": "culledentropy.com",
            "reasonCode": 403,
            "reason": "You don't have access to this property"
        }
    ],
    "ratePolicies": [
        {
            "allTraffic": false,
            "averageThreshold": 3,
            "burstThreshold": 2,
            "clientIdentifier": "",
            "createDate": "2017-09-08T22:24:42Z",
            "id": 672601,
            "matchType": "path",
            "name": "dsafsfdsf",
            "pathMatchType": "RequestDisabled",
            "pathUriPositiveMatch": true,
            "queryParameters": [
                {
                    "name": "dasdasdasd*",
                    "positiveMatch": true,
                    "valueInRange": false,
                    "values": [
                        "dasdasdas8*&^"
                    ]
                }
            ],
            "requestType": "ClientRequest",
            "sameActionOnIpv6": true,
            "type": "BOTMAN",
            "updateDate": "2017-09-08T22:24:42Z",
            "useXForwardForHeaders": false,
            "used": false
        },
        {
            "additionalMatchOptions": [
                {
                    "positiveMatch": true,
                    "type": "NetworkListCondition",
                    "values": [
                        "25620_REPUTATIONWHITELIST174",
                        "11212_BYPASSURR"
                    ]
                },
                {
                    "positiveMatch": true,
                    "type": "RequestMethodCondition",
                    "values": [
                        "GET",
                        "HTTP_DELETE"
                    ]
                },
                {
                    "positiveMatch": true,
                    "type": "UserAgentCondition",
                    "values": [
                        "MOZILLA",
                        "Googlebot"
                    ]
                },
                {
                    "positiveMatch": true,
                    "type": "RequestMethodCondition",
                    "values": [
                        "GET",
                        "POST",
                        "HEAD"
                    ]
                },
                {
                    "positiveMatch": true,
                    "type": "ResponseStatusCondition",
                    "values": [
                        "400",
                        "401",
                        "402",
                        "403",
                        "404",
                        "405",
                        "406",
                        "407",
                        "408",
                        "409",
                        "410",
                        "500",
                        "501",
                        "502",
                        "503",
                        "504"
                    ]
                }
            ],
            "allTraffic": false,
            "averageThreshold": 1000,
            "burstThreshold": 10,
            "clientIdentifier": "ip",
            "createDate": "2017-09-08T22:24:42Z",
            "description": "These Shared Resources will be available to all policies within the Security Configuration",
            "id": 672607,
            "matchType": "path",
            "name": "These Shared Resources will be available to all policies within the Security Configuration",
            "pathMatchType": "Custom",
            "pathUriPositiveMatch": true,
            "queryParameters": [
                {
                    "name": "param1",
                    "positiveMatch": false,
                    "valueInRange": true,
                    "values": [
                        "value1"
                    ]
                }
            ],
            "requestType": "ClientRequest",
            "sameActionOnIpv6": true,
            "type": "WAF",
            "updateDate": "2017-09-08T22:24:42Z",
            "useXForwardForHeaders": false,
            "used": true
        }
    ],
    "reputationProfiles": [
        {
            "context": "SCANTL",
            "contextReadable": "Scanning Tools",
            "enabled": true,
            "id": 210588,
            "name": "Scanning Tools (Low Threat)",
            "threshold": 5
        },
        {
            "condition": {
                "atomicConditions": [
                    {
                        "className": "RequestHeaderCondition",
                        "index": 1,
                        "name": [
                            "test*"
                        ],
                        "nameWildcard": false,
                        "positiveMatch": true,
                        "value": [
                            "test*"
                        ],
                        "valueCase": false,
                        "valueWildcard": false
                    },
                    {
                        "className": "RequestHeaderCondition",
                        "index": 2,
                        "name": [
                            "Head",
                            "Header"
                        ],
                        "nameWildcard": true,
                        "positiveMatch": true,
                        "value": [
                            "Header value"
                        ],
                        "valueCase": false,
                        "valueWildcard": true
                    },
                    {
                        "checkIps": "connecting",
                        "className": "NetworkListCondition",
                        "index": 3,
                        "positiveMatch": true,
                        "value": [
                            "14121_IMAGEMANAGERSERVERS"
                        ]
                    },
                    {
                        "className": "RequestCookieCondition",
                        "index": 4,
                        "name": "cookieName",
                        "nameCase": false,
                        "nameWildcard": true,
                        "positiveMatch": true,
                        "value": [
                            "cookieValue"
                        ],
                        "valueCase": false,
                        "valueWildcard": true
                    },
                    {
                        "checkIps": "connecting",
                        "className": "AsNumberCondition",
                        "index": 5,
                        "positiveMatch": true,
                        "value": [
                            "5"
                        ]
                    }
                ],
                "canDelete": false,
                "configVersionId": 152889,
                "id": 88112456,
                "name": "Cloned of 87956156 for version 152889",
                "positiveMatch": true,
                "uuid": "SEC_COND_88112456",
                "version": 1504909482545
            },
            "context": "WEBATCK",
            "contextReadable": "Web Attackers",
            "enabled": false,
            "id": 210578,
            "name": "Web Attackers (Low Threat)",
            "threshold": 5
        }
    ],
    "customRules": [
        {
            "conditions": [
                {
                    "type": "requestMethodMatch",
                    "positiveMatch": true,
                    "value": [
                        "GET"
                    ]
                }
            ],
            "configId": 17027,
            "id": 667828,
            "name": "UXR-715 RE2 Second Test with Flags",
            "ruleActivated": false,
            "structured": true,
            "tag": [
                "tagfor",
                "17.2"
            ],
            "version": 1
        },
        {
            "conditions": [
                {
                    "type": "extensionMatch",
                    "positiveMatch": true,
                    "value": [
                        "fdf"
                    ],
                    "valueCase": true,
                    "valueWildcard": false
                }
            ],
            "configId": 17027,
            "description": "Test CR",
            "id": 600001,
            "name": "Test CR",
            "ruleActivated": false,
            "structured": true,
            "tag": [
                "Test",
                "Tag"
            ],
            "version": 1
        },
        {
            "conditions": [
                {
                    "type": "cookieMatch",
                    "name": "kids",
                    "nameCase": true,
                    "nameWildcard": false,
                    "positiveMatch": true,
                    "value": [
                        "dsds",
                        "dasdqw",
                        "dsa",
                        "dqwd",
                        "csqw"
                    ],
                    "valueCase": true,
                    "valueWildcard": true
                }
            ],
            "configId": 17027,
            "description": "Test CR",
            "id": 600006,
            "name": "Test CR",
            "ruleActivated": false,
            "structured": true,
            "tag": [
                "k"
            ],
            "version": 1
        },
        {
            "conditions": [
                {
                    "type": "pathMatch",
                    "positiveMatch": true,
                    "value": [
                        "/login"
                    ]
                }
            ],
            "configId": 17027,
            "id": 606713,
            "name": "Test",
            "ruleActivated": false,
            "structured": true,
            "tag": [
                "adsa"
            ],
            "version": 1
        },
        {
            "conditions": [
                {
                    "type": "argsPostMatch",
                    "name": "fvfv",
                    "positiveMatch": true,
                    "value": [
                        "fgbr"
                    ]
                },
                {
                    "type": "requestHeaderMatch",
                    "name": [
                        "test"
                    ],
                    "nameWildcard": true,
                    "positiveMatch": true,
                    "value": [
                        "test1"
                    ],
                    "valueCase": false,
                    "valueWildcard": true
                }
            ],
            "configId": 17027,
            "description": "Test CR",
            "id": 690265,
            "name": "Test CR2",
            "ruleActivated": false,
            "structured": true,
            "tag": [
                "ee"
            ],
            "version": 1
        },
        {
            "configId": 17027,
            "id": 667825,
            "inspectRequest": false,
            "inspectResponse": false,
            "metadata": "<match:variable name=\"MY_SAMPLE_THREAT_DETECTED\" result=\"true\" value=\"execute rule\">\n<match:regex impl=\"re2\" regex=\"^\\d+$\" result=\"false\" select=\"REQUEST_HEADERS:Content-Length\" strict-err-check-re2=\"on\" transform=\"urlDecodeUni\">\n<security:firewall.action>\n<msg>UXR-715 CRB Metadata testing</msg>\n<tag>CUSTOM/TEST</tag>\n<id>667825</id>\n<deny>%(WAF_CUSTOM_R667825_DENY)</deny>\n<data>threat indicated from data %(MY_SAMPLE_THREAT_DETECTED)</data>\n<http-status>403</http-status>\n</security:firewall.action>\n</match:regex>\n</match:variable>\n",
            "name": "UXR-715 RE27890",
            "ruleActivated": false,
            "structured": false,
            "version": 1
        }
    ],
    "rulesets": [
        {
            "id": 41,
            "rulesetVersionId": 327550,
            "type": "Kona",
            "releaseDate": "2017-04-21T16:00:38Z",
            "attackGroups": [
                {
                    "group": "DDOS",
                    "groupName": "Anomaly Score Exceeded for DDoS",
                    "threshold": 5
                },
                {
                    "group": "IN",
                    "groupName": "Anomaly Score Exceeded for Inbound",
                    "threshold": 30
                },
                {
                    "group": "SQL",
                    "groupName": "Anomaly Score Exceeded for SQL Injection",
                    "threshold": 19
                },
                {
                    "group": "TROJAN",
                    "groupName": "Anomaly Score Exceeded for Trojan",
                    "threshold": 4
                },
                {
                    "group": "XSS",
                    "groupName": "Anomaly Score Exceeded for Cross-Site Scripting",
                    "threshold": 9
                }
            ],
            "rules": [
                {
                    "id": 699989,
                    "inspectRequestBody": false,
                    "inspectResponseBody": false,
                    "ruleVersion": 1,
                    "score": 5,
                    "tag": "<AKAMAI/PRAGMA_DEFLECTION>",
                    "title": "Akamai-X debug Pragma header detected and removed"
                },
                {
                    "id": 699990,
                    "inspectRequestBody": false,
                    "inspectResponseBody": false,
                    "ruleVersion": 1,
                    "score": 5,
                    "tag": "<AKAMAI/EDGESCAPE_ANONYMOUS_PROXY_v1>",
                    "title": "Detected request from anonymous proxy"
                },
                {
                    "id": 981252,
                    "inspectRequestBody": true,
                    "inspectResponseBody": false,
                    "attackGroups": [
                        "SQL",
                        "IN"
                    ],
                    "ruleVersion": 4,
                    "score": 5,
                    "tag": "<OWASP_CRS/WEB_ATTACK/SQL_INJECTION>",
                    "title": "MySQL Charset Switch and MSSQL DoS Attempts"
                },
                {
                    "id": 3000060,
                    "inspectRequestBody": true,
                    "inspectResponseBody": false,
                    "attackGroups": [
                        "IN",
                        "DDOS"
                    ],
                    "ruleVersion": 2,
                    "score": 1000,
                    "tag": "<AKAMAI/AUTOMATION/MALICIOUS>",
                    "title": "Mirai / Kaiten DDoS Detection - HTTP Attacks"
                },
                {
                    "id": 3000061,
                    "inspectRequestBody": true,
                    "inspectResponseBody": false,
                    "attackGroups": [
                        "XSS",
                        "IN"
                    ],
                    "ruleVersion": 1,
                    "score": 5,
                    "tag": "<AKAMAI/WEB_ATTACK/XSS>",
                    "title": "Referer Header From OpenBugBounty Website - Potential XSS"
                }
            ]
        }
    ],
    "matchTargets": {
        "websiteTargets": [
            {
                "type": "website",
                "bypassNetworkLists": [
                    {
                        "id": "11212_BYPASSURR",
                        "name": "bypass-URR"
                    }
                ],
                "defaultFile": "NO_MATCH",
                "effectiveSecurityControls": {
                    "applyApplicationLayerControls": true,
                    "applyApiConstraints": true,
                    "applyNetworkLayerControls": false,
                    "applyRateControls": true,
                    "applyReputationControls": false,
                    "applySlowPostControls": false
                },
                "fileExtensions": [
                    "jpg"
                ],
                "filePaths": [
                    "/path"
                ],
                "id": 1362593,
                "isNegativeFileExtensionMatch": false,
                "isNegativePathMatch": false,
                "securityPolicy": {
                    "policyId": "qik3_38800"
                },
                "sequence": 1
            },
            {
                "type": "website",
                "defaultFile": "NO_MATCH",
                "effectiveSecurityControls": {
                    "applyApplicationLayerControls": true,
                    "applyApiConstraints": true,
                    "applyNetworkLayerControls": true,
                    "applyRateControls": true,
                    "applyReputationControls": true,
                    "applySlowPostControls": false
                },
                "filePaths": [
                    "/images",
                    "/image1",
                    "/path"
                ],
                "hostnames": [
                    "b2c.div1.akamaniac.com"
                ],
                "id": 1362594,
                "isNegativeFileExtensionMatch": false,
                "isNegativePathMatch": false,
                "securityPolicy": {
                    "policyId": "qik2_38799"
                },
                "sequence": 2
            }
        ],
        "apiTargets": [
            {
                "type": "api",
                "apis": [
                    {
                        "id": 1041,
                        "name": "hmm test"
                    }
                ],
                "bypassNetworkLists": [
                    {
                        "id": "1024_AMAZONELASTICCOMPUTECLOU",
                        "name": "Ec2 Akamai Network List"
                    },
                    {
                        "id": "1283_MICROSOFTWINDOWSAZUREDAT",
                        "name": "Azure IP range cloud services"
                    }
                ],
                "effectiveSecurityControls": {
                    "applyApplicationLayerControls": false,
                    "applyApiConstraints": false,
                    "applyNetworkLayerControls": false,
                    "applyRateControls": true,
                    "applyReputationControls": false,
                    "applySlowPostControls": false
                },
                "id": 1362597,
                "securityPolicy": {
                    "policyId": "99e_47293"
                },
                "sequence": 6
            },
            {
                "type": "api",
                "apis": [
                    {
                        "id": 1001,
                        "name": "1001"
                    },
                    {
                        "id": 1041,
                        "name": "hmm test"
                    }
                ],
                "bypassNetworkLists": [
                    {
                        "id": "11212_BYPASSURR",
                        "name": "bypass-URR"
                    }
                ],
                "effectiveSecurityControls": {
                    "applyApplicationLayerControls": false,
                    "applyApiConstraints": true,
                    "applyNetworkLayerControls": true,
                    "applyRateControls": false,
                    "applyReputationControls": true,
                    "applySlowPostControls": false
                },
                "id": 1362598,
                "securityPolicy": {
                    "policyId": "4444_44572"
                },
                "sequence": 7
            }
        ]
    },
    "securityPolicies": [
        {
            "id": "qik2_38799",
            "name": "Generated Quick Policy - 4/10/17 7:13:18 PM GMT",
            "hasRatePolicyWithApiKey": false,
            "ruleActions": [
                {
                    "action": "alert",
                    "id": 960912,
                    "rulesetVersionId": 327550
                },
                {
                    "action": "alert",
                    "id": 960035,
                    "rulesetVersionId": 327550
                },
                {
                    "action": "alert",
                    "id": 981300,
                    "rulesetVersionId": 327550
                },
                {
                    "action": "deny",
                    "id": 3000001,
                    "rulesetVersionId": 327550
                },
                {
                    "action": "alert",
                    "conditions": [
                        {
                            "type": "hostMatch",
                            "hosts": [
                                "www.example.com",
                                "*.example.com"
                            ],
                            "positiveMatch": true
                        },
                        {
                            "type": "pathMatch",
                            "paths": [
                                "/a/d",
                                "/test/"
                            ],
                            "positiveMatch": false
                        },
                        {
                            "type": "uriQueryMatch",
                            "caseSensitive": false,
                            "name": "test",
                            "nameCase": false,
                            "positiveMatch": false,
                            "value": "value",
                            "wildcard": false
                        },
                        {
                            "type": "requestHeaderMatch",
                            "header": "user-agent",
                            "positiveMatch": false,
                            "value": "test-agent-*",
                            "valueCase": false,
                            "valueWildcard": true
                        }
                    ],
                    "exception": {
                        "selectors": [
                            {
                                "type": "GENERIC",
                                "selector": "REQUEST_COOKIES"
                            },
                            {
                                "type": "EXACT",
                                "name": "cccx",
                                "selector": "XML_PAIRS",
                                "value": "vvv"
                            },
                            {
                                "type": "GENERIC",
                                "selector": "REQUEST_COOKIES"
                            },
                            {
                                "type": "GENERIC",
                                "selector": "ARGS"
                            }
                        ],
                        "values": [
                            "test",
                            "sdfasf"
                        ]
                    },
                    "id": 970903,
                    "rulesetVersionId": 327550
                }
            ],
            "attackGroupActions": [
                {
                    "action": "deny",
                    "group": "SQL",
                    "rulesetVersionId": 327550
                },
                {
                    "action": "deny",
                    "group": "XSS",
                    "rulesetVersionId": 327550
                },
                {
                    "action": "deny",
                    "group": "IN",
                    "rulesetVersionId": 327550
                }
            ],
            "customRuleActions": [
                {
                    "action": "deny",
                    "id": 628035
                },
                {
                    "action": "alert",
                    "id": 628037
                }
            ],
            "reputationProfileActions": [
                {
                    "action": "alert",
                    "id": 281778
                },
                {
                    "action": "deny",
                    "id": 210588
                }
            ],
            "ratePolicyActions": [
                {
                    "id": 0,
                    "ipv4Action": "alert",
                    "ipv6Action": "deny"
                },
                {
                    "id": 0,
                    "ipv4Action": "alert",
                    "ipv6Action": "none"
                }
            ],
            "networkLayerControls": {
                "block": "blockSpecificIPGeo",
                "geoControls": {
                    "blockedIPNetworkLists": {
                        "additional": [
                            "AF",
                            "AS"
                        ],
                        "networkList": [
                            "4389_BLANKLIST"
                        ]
                    }
                },
                "slowPost": {
                    "action": "alert",
                    "durationThreshold": {
                        "timeout": 5
                    },
                    "slowRateThreshold": {
                        "rate": 10,
                        "period": 60
                    }
                },
                "ipControls": {
                    "allowedIPNetworkLists": {
                        "additional": [
                            "2.2.2.2"
                        ],
                        "networkList": [
                            "12801_25000",
                            "19440_1671"
                        ]
                    },
                    "blockedIPNetworkLists": {
                        "additional": [
                            "1.1.1.1"
                        ],
                        "networkList": [
                            "16656_CPISERVERS",
                            "18460_166RELEASETESTING"
                        ]
                    }
                }
            }
        },
        {
            "id": "qqqq_39297",
            "name": "qqqqqq",
            "hasRatePolicyWithApiKey": false
        },
        {
            "id": "178t_48704",
            "name": "Copy of Tet-a-Tet with 17.8",
            "hasRatePolicyWithApiKey": false,
            "reputationProfileActions": [
                {
                    "action": "alert",
                    "id": 281778
                },
                {
                    "action": "alert",
                    "id": 281776
                }
            ],
            "networkLayerControls": {
                "block": "blockSpecificIPGeo",
                "ipControls": {
                    "blockedIPNetworkLists": {
                        "networkList": [
                            "24321_TESTNW"
                        ]
                    }
                }
            },
            "apiRequestConstraints": {
                "action": "alert"
            }
        }
    ],
    "siem": {
        "configId": 17027,
        "configVersion": 22,
        "enableForAllPolicies": false,
        "enableSiem": true,
        "enabledBotmanSiemEvents": false,
        "firewallPolicyIds": [
            "qik2_38799",
            "4444_44572",
            "teet_39295",
            "ds22_48583"
        ],
        "siemDefinitionId": 1
    },
    "advancedOptions": {
        "logging": {
            "allowSampling": true,
            "cookies": {
                "type": "exclude",
                "values": [
                    "_updated_By_SoapUI",
                    "w",
                    "NEW_VAL_ADDED_BY_SoapUI"
                ]
            },
            "customHeaders": {
                "type": "only",
                "values": [
                    "112",
                    "sdasd",
                    "ds"
                ]
            },
            "standardHeaders": {
                "type": "only"
            }
        },
        "prefetch": {
            "allExtensions": false,
            "enableAppLayer": true,
            "enableRateControls": false,
            "extensions": [
                "cgi",
                "jsp",
                "EMPTY_STRING",
                "aspx",
                "php",
                "py",
                "asp"
            ]
        }
    }
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a verisonNumber.

  3. Make a GET request to /appsec/v1/export/configs/{configId}/versions/{versionNumber}.

The response is a Configuration object containing all configured hostnames, match targets, and custom rules.

List selectable hostnames

Retrieves a list of hostnames that a given configuration version has the ability to protect, under the current context. Hostnames may show as error hosts when they are not currently available, for example, when a contract expires.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/selectable-hostnames

Status 200 application/json

Response Body:

{
    "configId": 123,
    "configVersion": 2,
    "protectARLInclusionHost": true,
    "availableSet": [
        {
            "arlInclusion": true,
            "activeInProduction": true,
            "activeInStaging": true,
            "configIdInProduction": 5443,
            "configNameInProduction": "WAF Security File",
            "hostname": "example.com"
        },
        {
            "arlInclusion": true,
            "activeInProduction": false,
            "activeInStaging": true,
            "configIdInProduction": 11882,
            "configNameInProduction": "A PUBLIC CONFIG",
            "hostname": "www.example.com"
        },
        {
            "arlInclusion": true,
            "activeInProduction": true,
            "activeInStaging": true,
            "configIdInProduction": 6018,
            "configNameInProduction": "Other Security Configuration",
            "hostname": "www.example-123.com"
        }
    ],
    "selectedSet": [
        {
            "arlInclusion": false,
            "activeInProduction": true,
            "activeInStaging": true,
            "configIdInProduction": 11887,
            "configNameInProduction": "Rbac Test Config",
            "hostname": "m.example.com"
        },
        {
            "arlInclusion": false,
            "activeInProduction": true,
            "activeInStaging": true,
            "configIdInProduction": null,
            "configNameInProduction": null,
            "hostname": "m.example-123.com"
        }
    ],
    "errorSet": [
        {
            "hostname": "*.example.net",
            "reason": "property is not active in either production or staging",
            "reasonCode": 400
        },
        {
            "hostname": "test-example.net",
            "reason": "You don't have access to this property",
            "reasonCode": 403
        }
    ]
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a verisonNumber.

  3. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/selectable-hostnames.

The response is a SelectableHostnames object.

List selected hostnames

Retrieves a list of hostnames that the configuration version selects as candidates of protected hostnames, which you can use in match targets.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/selected-hostnames

Status 200 application/json

Response Body:

{
    "hostnameList": [
        {
            "hostname": "*.example.net"
        },
        {
            "hostname": "example.com"
        },
        {
            "hostname": "m.example.com"
        }
    ]
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a verisonNumber.

  3. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/selected-hostnames.

The response is a SelectedHostnames object.

Modify selected hostnames

Updates the list of selected hostnames for a configuration version.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/selected-hostnames

Content-Type: application/json

Request Body:

{
    "hostnameList": [
        {
            "hostname": "*.example.net"
        },
        {
            "hostname": "example.com"
        },
        {
            "hostname": "m.example.com"
        }
    ]
}

Status 200 application/json

Response Body:

{
    "hostnameList": [
        {
            "hostname": "*.example.net"
        },
        {
            "hostname": "example.com"
        },
        {
            "hostname": "m.example.com"
        }
    ]
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a verisonNumber.

  3. Run List selectable hostnames to retrieve a list of Set objects containing hostname information.

  4. List selected hostnames to retrieve a SelectedHostnames object.

  5. Modify the SelectedHostnames object.

  6. Make a PUT request to /appsec/v1/configs/{configId}/versions/{versionNumber}/selected-hostnames.

The response reflects the modified SelectedHostnames object.

List security policies

Returns a list of security policies available for the specified security configuration.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies{?notMatched,detail}

Sample: /appsec/v1/configs/8225/versions/2/security-policies?notMatched=false&detail=true

Parameter Type Sample Description
URL parameters
configId Integer 8225 A unique identifier for each configuration.
versionNumber Integer 2 A unique identifier for each version of a configuration.
Optional query parameters
detail Boolean true When enabled, the response features a richer set of data than the default, which includes only the name and ID of each item.
notMatched Boolean false If true, returns all security policies in the configuration version which do not have a match target. If false, returns all security policies in the configuration version.

Status 200 application/json

Response Body:

{
    "configId": 1232,
    "version": 8,
    "policies": [
        {
            "policyId": "NN3_61",
            "policyName": "NN FW 3",
            "policySecurityControls": {
                "applyApplicationLayerControls": true,
                "applyNetworkLayerControls": true,
                "applyRateControls": false,
                "applyReputationControls": false,
                "applyBotmanControls": true,
                "applyApiConstraints": false,
                "applySlowPostControls": false
            },
            "hasRatePolicyWithApiKey": true
        },
        {
            "policyId": "NN_2",
            "policyName": "NN FW 1",
            "policySecurityControls": {
                "applyApplicationLayerControls": true,
                "applyNetworkLayerControls": true,
                "applyRateControls": false,
                "applyReputationControls": false,
                "applyBotmanControls": false,
                "applyApiConstraints": false,
                "applySlowPostControls": false
            },
            "hasRatePolicyWithApiKey": false
        },
        {
            "policyId": "NN-2_3",
            "policyName": "NN FW 2",
            "policySecurityControls": {
                "applyApplicationLayerControls": true,
                "applyNetworkLayerControls": true,
                "applyRateControls": false,
                "applyReputationControls": false,
                "applyBotmanControls": false,
                "applyApiConstraints": false,
                "applySlowPostControls": false
            },
            "hasRatePolicyWithApiKey": true
        }
    ]
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a verisonNumber.

  3. Optionally, enable the notMatched query parameter to return all security policies in the configuration version which do not have a match target

  4. Optionally, enable the detail query parameter to see detailed information on the returned items.

  5. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies{?notMatched,detail}.

List match targets

Retrieves a list of match targets defined in the specified security configuration version.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets{?policyId,includeChildObjectName}

Sample: /appsec/v1/configs/17027/versions/25/match-targets?policyId=ancv_1234&includeChildObjectName=true

Parameter Type Sample Description
URL parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
Optional query parameters
includeChildObjectName Boolean true Specifies if the name for network list and API endpoint objects to return in the payload.
policyId String ancv_1234 Specifies the security policy to filter match targets.

Status 200 application/json

Response Body:

{
    "matchTargets": {
        "apiTargets": [
            {
                "apis": [
                    {
                        "id": 1111,
                        "name": "API Endpoint 1"
                    },
                    {
                        "id": 2222,
                        "name": "API Endpoint 2"
                    }
                ],
                "bypassNetworkLists": [
                    {
                        "id": "522825_CCCBYPASSLIST",
                        "name": "Example network list 11"
                    },
                    {
                        "id": "1622566_XXAABYPASSL",
                        "name": "Example network list 12"
                    }
                ],
                "configId": 17027,
                "configVersion": 25,
                "effectiveSecurityControls": {
                    "applyApiConstraints": true,
                    "applyApplicationLayerControls": true,
                    "applyNetworkLayerControls": true,
                    "applyRateControls": true,
                    "applyReputationControls": true,
                    "applySlowPostControls": false
                },
                "securityPolicy": {
                    "policyId": "ancv_1234"
                },
                "sequence": 3,
                "targetId": 1222208,
                "type": "api"
            }
        ],
        "websiteTargets": [
            {
                "bypassNetworkLists": [
                    {
                        "id": "222825_AAABYPASSLIST",
                        "name": "Example network list 21"
                    },
                    {
                        "id": "2622566_YYAABYPASSL",
                        "name": "Example network list 22"
                    }
                ],
                "configId": 17027,
                "configVersion": 25,
                "defaultFile": "NO_MATCH",
                "effectiveSecurityControls": {
                    "applyApiConstraints": false,
                    "applyApplicationLayerControls": true,
                    "applyNetworkLayerControls": true,
                    "applyRateControls": true,
                    "applyReputationControls": true,
                    "applySlowPostControls": false
                },
                "fileExtensions": [
                    "html"
                ],
                "filePaths": [
                    "/*"
                ],
                "securityPolicy": {
                    "policyId": "ancv_1234"
                },
                "hostnames": [],
                "isNegativeFileExtensionMatch": false,
                "isNegativePathMatch": false,
                "sequence": 1,
                "targetId": 1221059,
                "type": "website"
            },
            {
                "bypassNetworkLists": [],
                "configId": 17027,
                "configVersion": 25,
                "defaultFile": "NO_MATCH",
                "effectiveSecurityControls": {
                    "applyApiConstraints": false,
                    "applyApplicationLayerControls": true,
                    "applyNetworkLayerControls": false,
                    "applyRateControls": true,
                    "applyReputationControls": true,
                    "applySlowPostControls": false
                },
                "fileExtensions": [],
                "filePaths": [
                    "/path"
                ],
                "securityPolicy": {
                    "policyId": "ancv_1234"
                },
                "hostnames": [
                    "example.com",
                    "www.example.net",
                    "m.example.com"
                ],
                "isNegativeFileExtensionMatch": false,
                "isNegativePathMatch": false,
                "sequence": 2,
                "targetId": 1222207,
                "type": "website"
            }
        ]
    }
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a verisonNumber.

  3. Optionally, Run List security policies and select a policyId.

  4. Optionally, enable the includeChildObjectName query parameter to return the object name in the payload.

  5. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets{?policyId,includeChildObjectName}.

Create a match target

Creates a new Match Target in the specified Configuration Version.

POST /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets

Sample: /appsec/v1/configs/17027/versions/25/match-targets

Content-Type: application/json

Request Body:

{
    "securityPolicy": {
        "policyId": "fwsf_32432"
    },
    "type": "website",
    "hostnames": [
        "example.com",
        "www.example.net",
        "m.example.com"
    ],
    "filePaths": [
        "/sssi/*",
        "/cache/aaabbc*",
        "/price_toy/*"
    ],
    "isNegativePathMatch": false,
    "fileExtensions": [
        "wmls",
        "jpeg",
        "pws",
        "carb",
        "pdf",
        "js",
        "hdml",
        "cct",
        "swf",
        "pct"
    ],
    "isNegativeFileExtensionMatch": true,
    "defaultFile": "BASE_MATCH",
    "bypassNetworkLists": [
        {
            "id": "888518_ACDDCKERS"
        },
        {
            "id": "1304427_AAXXBBLIST"
        }
    ],
    "targetSecurityControls": {
        "applyApiConstraints": false,
        "applyApplicationLayerControls": true,
        "applyNetworkLayerControls": true,
        "applyRateControls": true,
        "applyReputationControls": false,
        "applySlowPostControls": true
    }
}
Parameter Type Sample Description
URL parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.

Status 201 application/json

Response Body:

{
    "targetId": 112231,
    "securityPolicy": {
        "policyId": "fwsf_32432"
    },
    "configId": 17027,
    "configVersion": 25,
    "type": "website",
    "sequence": 1,
    "hostnames": [
        "example.com",
        "www.example.net",
        "m.example.com"
    ],
    "filePaths": [
        "/sssi/*",
        "/cache/aaabbc*",
        "/price_toy/*"
    ],
    "isNegativePathMatch": false,
    "fileExtensions": [
        "wmls",
        "jpeg",
        "pws",
        "carb",
        "pdf",
        "js",
        "hdml",
        "cct",
        "swf",
        "pct"
    ],
    "isNegativeFileExtensionMatch": true,
    "defaultFile": "BASE_MATCH",
    "bypassNetworkLists": [
        {
            "id": "888518_ACDDCKERS",
            "name": "Test network list 1"
        },
        {
            "id": "1304427_AAXXBBLIST",
            "name": "Test network list 2"
        }
    ],
    "effectiveSecurityControls": {
        "applyApiConstraints": false,
        "applyApplicationLayerControls": true,
        "applyNetworkLayerControls": false,
        "applyRateControls": true,
        "applyReputationControls": false,
        "applySlowPostControls": false
    }
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a verisonNumber.

  3. Create a MatchTarget object.

  4. Make a POST request to /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets.

The response reflects the complete MatchTarget object.

Modify match target order

Updates the sequence of Match Targets in a configuration version. The website and api match targets’ sequence requires updates from separate requests by passing the type attribute in the json request.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/sequence

Sample: /appsec/v1/configs/17027/versions/25/match-targets/sequence

Content-Type: application/json

Request Body:

{
    "targetSequence": [
        {
            "targetId": 1217289,
            "sequence": 1
        },
        {
            "targetId": 1217339,
            "sequence": 2
        }
    ],
    "type": "website"
}
Parameter Type Sample Description
URL parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.

Status 200 application/json

Response Body:

{
    "targetSequence": [
        {
            "targetId": 1217289,
            "sequence": 1
        },
        {
            "targetId": 1217339,
            "sequence": 2
        }
    ],
    "type": "website"
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a verisonNumber.

  3. Run List match targets.

  4. Craft a MatchTargetOrder object using the targetIds.

  5. Make a PUT request to /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/sequence.

The response reflects the modified MatchTargetOrder object.

Get a match target

Retrieves the specified match target.

GET /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/{targetId}{?includeChildObjectName}

Sample: /appsec/v1/configs/17027/versions/25/match-targets/{targetId}?includeChildObjectName=true

Parameter Type Sample Description
URL parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.
Optional query parameters
includeChildObjectName Boolean true Specify whether to return the object name in the payload.

Status 200 application/json

Response Body:

{
    "targetId": 112231,
    "securityPolicy": {
        "policyId": "fwsf_32432"
    },
    "configId": 17027,
    "configVersion": 25,
    "type": "website",
    "sequence": 1,
    "hostnames": [
        "example.com",
        "www.example.net",
        "m.example.com"
    ],
    "filePaths": [
        "/sssi/*",
        "/cache/aaabbc*",
        "/price_toy/*"
    ],
    "isNegativePathMatch": false,
    "fileExtensions": [
        "wmls",
        "jpeg",
        "pws",
        "carb",
        "pdf",
        "js",
        "hdml",
        "cct",
        "swf",
        "pct"
    ],
    "isNegativeFileExtensionMatch": true,
    "defaultFile": "BASE_MATCH",
    "bypassNetworkLists": [
        {
            "id": "888518_ACDDCKERS",
            "name": "Test network list 1"
        },
        {
            "id": "1304427_AAXXBBLIST",
            "name": "Test network list 2"
        }
    ],
    "effectiveSecurityControls": {
        "applyApiConstraints": false,
        "applyApplicationLayerControls": true,
        "applyNetworkLayerControls": false,
        "applyRateControls": true,
        "applyReputationControls": false,
        "applySlowPostControls": false
    }
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a verisonNumber.

  3. Run List match targets and select a targetId.

  4. Optionally, enable the includeChildObjectName query parameter to return the object name in the payload.

  5. Make a GET request to /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/{targetId}{?includeChildObjectName}.

The response is a MatchTarget object.

Modify a match target

Updates details about the specified match target.

PUT /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/{targetId}

Sample: /appsec/v1/configs/17027/versions/25/match-targets/{targetId}

Content-Type: application/json

Request Body:

{
    "targetId": 112231,
    "type": "website",
    "hostnames": [
        "example.com",
        "www.example.net",
        "m.example.com"
    ],
    "securityPolicy": {
        "policyId": "fwsf_32432"
    },
    "filePaths": [
        "/sssi/*",
        "/cache/aaabbc*",
        "/price_toy/*"
    ],
    "isNegativePathMatch": false,
    "fileExtensions": [
        "wmls",
        "jpeg",
        "pws",
        "carb",
        "pdf",
        "js",
        "hdml",
        "cct",
        "swf",
        "pct"
    ],
    "isNegativeFileExtensionMatch": true,
    "defaultFile": "BASE_MATCH",
    "bypassNetworkLists": [
        {
            "id": "888518_ACDDCKERS"
        },
        {
            "id": "1304427_AAXXBBLIST"
        }
    ],
    "targetSecurityControls": {
        "applyApiConstraints": false,
        "applyApplicationLayerControls": true,
        "applyNetworkLayerControls": true,
        "applyRateControls": true,
        "applyReputationControls": false,
        "applySlowPostControls": true
    }
}
Parameter Type Sample Description
URL parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.

Status 200 application/json

Response Body:

{
    "targetId": 112231,
    "securityPolicy": {
        "policyId": "fwsf_32432"
    },
    "configId": 17027,
    "configVersion": 25,
    "type": "website",
    "sequence": 1,
    "hostnames": [
        "example.com",
        "www.example.net",
        "m.example.com"
    ],
    "filePaths": [
        "/sssi/*",
        "/cache/aaabbc*",
        "/price_toy/*"
    ],
    "isNegativePathMatch": false,
    "fileExtensions": [
        "wmls",
        "jpeg",
        "pws",
        "carb",
        "pdf",
        "js",
        "hdml",
        "cct",
        "swf",
        "pct"
    ],
    "isNegativeFileExtensionMatch": true,
    "defaultFile": "BASE_MATCH",
    "bypassNetworkLists": [
        {
            "id": "888518_ACDDCKERS",
            "name": "Test network list 1"
        },
        {
            "id": "1304427_AAXXBBLIST",
            "name": "Test network list 2"
        }
    ],
    "effectiveSecurityControls": {
        "applyApiConstraints": false,
        "applyApplicationLayerControls": true,
        "applyNetworkLayerControls": false,
        "applyRateControls": true,
        "applyReputationControls": false,
        "applySlowPostControls": false
    }
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a verisonNumber.

  3. Run List match targets and select a targetId.

  4. Run Get a match target.

  5. Modify the MatchTarget object.

  6. Make a PUT request to /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/{targetId}.

The response reflects the modified MatchTarget object.

Remove a match target

Deletes the specified match target.

DELETE /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/{targetId}

Sample: /appsec/v1/configs/17027/versions/25/match-targets/{targetId}

Parameter Type Sample Description
URL parameters
configId Integer 17027 A unique identifier for each configuration.
versionNumber Integer 25 A unique identifier for each version of a configuration.

Status 204

  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a verisonNumber.

  3. Run List match targets and select a targetId.

  4. Make a DELETE request to /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/{targetId}.

List custom rules

Retrieves a list of custom rules defined in a security configuration.

GET /appsec/v1/configs/{configId}/custom-rules

Status 200 application/json

Response Body:

{
    "customRules": [
        {
            "link": "/appsec/v1/configs/99999/customRules/111111",
            "name": "Example 1",
            "status": "activated",
            "id": 111111,
            "version": 1
        },
        {
            "link": "/appsec/v1/configs/99999/customRules/111112",
            "name": "Example 2",
            "status": "published",
            "id": 111112,
            "version": 1
        },
        {
            "link": "/appsec/v1/configs/99999/customRules/111113",
            "name": "Example 3",
            "status": "unused",
            "id": 111113,
            "version": 2
        }
    ]
}
  1. Run List configurations and select a configId.

  2. Make a GET request to /appsec/v1/configs/{configId}/custom-rules.

The response is a CustomRule object.

Create a custom rule

Creates a new custom rule.

POST /appsec/v1/configs/{configId}/custom-rules

Content-Type: application/json

Request Body:

{
    "tag": [
        "test"
    ],
    "conditions": [
        {
            "type": "requestMethodMatch",
            "positiveMatch": true,
            "value": [
                "GET",
                "CONNECT",
                "TRACE",
                "PUT",
                "POST",
                "OPTIONS",
                "DELETE",
                "HEAD"
            ]
        },
        {
            "type": "pathMatch",
            "positiveMatch": true,
            "value": [
                "/H",
                "/Li",
                "/He"
            ]
        },
        {
            "type": "extensionMatch",
            "positiveMatch": true,
            "value": [
                "Li",
                "He",
                "H"
            ],
            "valueWildcard": true,
            "valueCase": true
        },
        {
            "type": "filenameMatch",
            "positiveMatch": true,
            "value": [
                "He",
                "H",
                "Li"
            ],
            "valueWildcard": false,
            "valueCase": false
        },
        {
            "type": "requestProtocolVersionMatch",
            "positiveMatch": true,
            "value": [
                "HTTP/0.9"
            ]
        },
        {
            "type": "requestHeaderMatch",
            "positiveMatch": true,
            "name": [
                "H",
                "He"
            ],
            "value": [
                "Li",
                "He",
                "H"
            ],
            "valueCase": true,
            "valueWildcard": true,
            "nameWildcard": true
        },
        {
            "type": "requestHeaderMatch",
            "positiveMatch": true,
            "name": [
                "He"
            ],
            "value": [
                "C",
                "Be",
                "B"
            ],
            "valueCase": true,
            "valueWildcard": true,
            "nameWildcard": true
        },
        {
            "type": "headerOrderMatch",
            "positiveMatch": true,
            "value": "H:He"
        },
        {
            "type": "cookieMatch",
            "positiveMatch": true,
            "name": "H",
            "nameWildcard": true,
            "nameCase": true,
            "value": [
                "H",
                "He",
                "Li"
            ],
            "valueCase": true,
            "valueWildcard": true
        },
        {
            "type": "cookieMatch",
            "positiveMatch": true,
            "name": "Be",
            "nameWildcard": true,
            "nameCase": true,
            "value": [
                "O",
                "N",
                "C"
            ],
            "valueCase": true,
            "valueWildcard": true
        },
        {
            "type": "uriQueryMatch",
            "positiveMatch": true,
            "name": "C",
            "nameCase": true,
            "nameWildcard": true,
            "value": [
                "Carbon",
                "C"
            ],
            "valueWildcard": true,
            "valueCase": true
        },
        {
            "type": "uriQueryMatch",
            "positiveMatch": true,
            "name": "N",
            "nameCase": false,
            "nameWildcard": false,
            "value": [
                "Nitrogen",
                "N"
            ],
            "valueWildcard": false,
            "valueCase": false
        },
        {
            "type": "argsPostMatch",
            "positiveMatch": true,
            "name": "H",
            "value": [
                "H",
                "Hydrogen"
            ]
        },
        {
            "type": "argsPostMatch",
            "positiveMatch": true,
            "name": "He",
            "value": [
                "He",
                "Helium"
            ]
        },
        {
            "type": "argsPostNamesMatch",
            "positiveMatch": true,
            "value": [
                "Carbon",
                "Oxygen",
                "Nitrogen",
                "Chlorine"
            ]
        }
    ],
    "name": "Fat Rule",
    "description": "Can I create all conditions?"
}

Status 200 application/json

Response Body:

{
    "tag": [
        "test"
    ],
    "id": 661699,
    "conditions": [
        {
            "type": "requestMethodMatch",
            "positiveMatch": true,
            "value": [
                "GET",
                "CONNECT",
                "TRACE",
                "PUT",
                "POST",
                "OPTIONS",
                "DELETE",
                "HEAD"
            ]
        },
        {
            "type": "pathMatch",
            "positiveMatch": true,
            "value": [
                "/H",
                "/Li",
                "/He"
            ]
        },
        {
            "type": "extensionMatch",
            "positiveMatch": true,
            "value": [
                "Li",
                "He",
                "H"
            ],
            "valueWildcard": true,
            "valueCase": true
        },
        {
            "type": "filenameMatch",
            "positiveMatch": true,
            "value": [
                "He",
                "H",
                "Li"
            ],
            "valueWildcard": false,
            "valueCase": false
        },
        {
            "type": "requestProtocolVersionMatch",
            "positiveMatch": true,
            "value": [
                "HTTP/0.9"
            ]
        },
        {
            "type": "requestHeaderMatch",
            "positiveMatch": true,
            "name": [
                "H",
                "He"
            ],
            "value": [
                "Li",
                "He",
                "H"
            ],
            "valueCase": true,
            "valueWildcard": true,
            "nameWildcard": true
        },
        {
            "type": "requestHeaderMatch",
            "positiveMatch": true,
            "name": [
                "He"
            ],
            "value": [
                "C",
                "Be",
                "B"
            ],
            "valueCase": true,
            "valueWildcard": true,
            "nameWildcard": true
        },
        {
            "type": "headerOrderMatch",
            "positiveMatch": true,
            "value": "H:He"
        },
        {
            "type": "cookieMatch",
            "positiveMatch": true,
            "name": "H",
            "nameWildcard": true,
            "nameCase": true,
            "value": [
                "H",
                "He",
                "Li"
            ],
            "valueCase": true,
            "valueWildcard": true
        },
        {
            "type": "cookieMatch",
            "positiveMatch": true,
            "name": "Be",
            "nameWildcard": true,
            "nameCase": true,
            "value": [
                "O",
                "N",
                "C"
            ],
            "valueCase": true,
            "valueWildcard": true
        },
        {
            "type": "uriQueryMatch",
            "positiveMatch": true,
            "name": "C",
            "nameCase": true,
            "nameWildcard": true,
            "value": [
                "Carbon",
                "C"
            ],
            "valueWildcard": true,
            "valueCase": true
        },
        {
            "type": "uriQueryMatch",
            "positiveMatch": true,
            "name": "N",
            "nameCase": false,
            "nameWildcard": false,
            "value": [
                "Nitrogen",
                "N"
            ],
            "valueWildcard": false,
            "valueCase": false
        },
        {
            "type": "argsPostMatch",
            "positiveMatch": true,
            "name": "H",
            "value": [
                "H",
                "Hydrogen"
            ]
        },
        {
            "type": "argsPostMatch",
            "positiveMatch": true,
            "name": "He",
            "value": [
                "He",
                "Helium"
            ]
        },
        {
            "type": "argsPostNamesMatch",
            "positiveMatch": true,
            "value": [
                "Carbon",
                "Oxygen",
                "Nitrogen",
                "Chlorine"
            ]
        }
    ],
    "name": "Fat Rule",
    "description": "Can I create all conditions?",
    "version": 1,
    "ruleActivated": false
}
  1. Run List configurations and select a configId.

  2. Create a CustomRule object.

  3. Make a POST request to /appsec/v1/configs/{configId}/custom-rules.

The response reflects the complete CustomRule object.

Get a custom rule

Returns the details of a custom rule.

GET /appsec/v1/configs/{configId}/custom-rules/{ruleId}

Sample: /appsec/v1/configs/{configId}/custom-rules/661699

Parameter Type Sample Description
URL parameters
ruleId Integer 661699 A unique identifier for each custom rule.

Status 200 application/json

Response Body:

{
    "tag": [
        "test"
    ],
    "id": 661699,
    "conditions": [
        {
            "type": "requestMethodMatch",
            "positiveMatch": true,
            "value": [
                "GET",
                "CONNECT",
                "TRACE",
                "PUT",
                "POST",
                "OPTIONS",
                "DELETE",
                "HEAD"
            ]
        },
        {
            "type": "pathMatch",
            "positiveMatch": true,
            "value": [
                "/H",
                "/Li",
                "/He"
            ]
        },
        {
            "type": "extensionMatch",
            "positiveMatch": true,
            "value": [
                "Li",
                "He",
                "H"
            ],
            "valueWildcard": true,
            "valueCase": true
        },
        {
            "type": "filenameMatch",
            "positiveMatch": true,
            "value": [
                "He",
                "H",
                "Li"
            ],
            "valueWildcard": false,
            "valueCase": false
        },
        {
            "type": "requestProtocolVersionMatch",
            "positiveMatch": true,
            "value": [
                "HTTP/0.9"
            ]
        },
        {
            "type": "requestHeaderMatch",
            "positiveMatch": true,
            "name": [
                "H",
                "He"
            ],
            "value": [
                "Li",
                "He",
                "H"
            ],
            "valueCase": true,
            "valueWildcard": true,
            "nameWildcard": true
        },
        {
            "type": "requestHeaderMatch",
            "positiveMatch": true,
            "name": [
                "He"
            ],
            "value": [
                "C",
                "Be",
                "B"
            ],
            "valueCase": true,
            "valueWildcard": true,
            "nameWildcard": true
        },
        {
            "type": "headerOrderMatch",
            "positiveMatch": true,
            "value": "H:He"
        },
        {
            "type": "cookieMatch",
            "positiveMatch": true,
            "name": "H",
            "nameWildcard": true,
            "nameCase": true,
            "value": [
                "H",
                "He",
                "Li"
            ],
            "valueCase": true,
            "valueWildcard": true
        },
        {
            "type": "cookieMatch",
            "positiveMatch": true,
            "name": "Be",
            "nameWildcard": true,
            "nameCase": true,
            "value": [
                "O",
                "N",
                "C"
            ],
            "valueCase": true,
            "valueWildcard": true
        },
        {
            "type": "uriQueryMatch",
            "positiveMatch": true,
            "name": "C",
            "nameCase": true,
            "nameWildcard": true,
            "value": [
                "Carbon",
                "C"
            ],
            "valueWildcard": true,
            "valueCase": true
        },
        {
            "type": "uriQueryMatch",
            "positiveMatch": true,
            "name": "N",
            "nameCase": false,
            "nameWildcard": false,
            "value": [
                "Nitrogen",
                "N"
            ],
            "valueWildcard": false,
            "valueCase": false
        },
        {
            "type": "argsPostMatch",
            "positiveMatch": true,
            "name": "H",
            "value": [
                "H",
                "Hydrogen"
            ]
        },
        {
            "type": "argsPostMatch",
            "positiveMatch": true,
            "name": "He",
            "value": [
                "He",
                "Helium"
            ]
        },
        {
            "type": "argsPostNamesMatch",
            "positiveMatch": true,
            "value": [
                "Carbon",
                "Oxygen",
                "Nitrogen",
                "Chlorine"
            ]
        }
    ],
    "name": "Fat Rule",
    "description": "Can I create all conditions?",
    "version": 1,
    "ruleActivated": false
}
  1. Run List configurations and select a configId.

  2. Run List custom rules and select a ruleId.

  3. Make a GET request to /appsec/v1/configs/{configId}/custom-rules/{ruleId}.

The response is a CustomRule object.

Modify a custom rule

Updates an existing custom rule.

PUT /appsec/v1/configs/{configId}/custom-rules/{ruleId}

Sample: /appsec/v1/configs/{configId}/custom-rules/661699

Content-Type: application/json

Request Body:

{
    "tag": [
        "test"
    ],
    "id": 661699,
    "conditions": [
        {
            "type": "requestMethodMatch",
            "positiveMatch": true,
            "value": [
                "GET",
                "CONNECT",
                "TRACE",
                "PUT",
                "POST",
                "OPTIONS",
                "DELETE",
                "HEAD"
            ]
        },
        {
            "type": "pathMatch",
            "positiveMatch": true,
            "value": [
                "/H",
                "/Li",
                "/He"
            ]
        },
        {
            "type": "extensionMatch",
            "positiveMatch": true,
            "value": [
                "Li",
                "He",
                "H"
            ],
            "valueWildcard": true,
            "valueCase": true
        },
        {
            "type": "filenameMatch",
            "positiveMatch": true,
            "value": [
                "He",
                "H",
                "Li"
            ],
            "valueWildcard": false,
            "valueCase": false
        },
        {
            "type": "requestProtocolVersionMatch",
            "positiveMatch": true,
            "value": [
                "HTTP/0.9"
            ]
        },
        {
            "type": "requestHeaderMatch",
            "positiveMatch": true,
            "name": [
                "H",
                "He"
            ],
            "value": [
                "Li",
                "He",
                "H"
            ],
            "valueCase": true,
            "valueWildcard": true,
            "nameWildcard": true
        },
        {
            "type": "requestHeaderMatch",
            "positiveMatch": true,
            "name": [
                "He"
            ],
            "value": [
                "C",
                "Be",
                "B"
            ],
            "valueCase": true,
            "valueWildcard": true,
            "nameWildcard": true
        },
        {
            "type": "headerOrderMatch",
            "positiveMatch": true,
            "value": "H:He"
        },
        {
            "type": "cookieMatch",
            "positiveMatch": true,
            "name": "H",
            "nameWildcard": true,
            "nameCase": true,
            "value": [
                "H",
                "He",
                "Li"
            ],
            "valueCase": true,
            "valueWildcard": true
        },
        {
            "type": "cookieMatch",
            "positiveMatch": true,
            "name": "Be",
            "nameWildcard": true,
            "nameCase": true,
            "value": [
                "O",
                "N",
                "C"
            ],
            "valueCase": true,
            "valueWildcard": true
        },
        {
            "type": "uriQueryMatch",
            "positiveMatch": true,
            "name": "C",
            "nameCase": true,
            "nameWildcard": true,
            "value": [
                "Carbon",
                "C"
            ],
            "valueWildcard": true,
            "valueCase": true
        },
        {
            "type": "uriQueryMatch",
            "positiveMatch": true,
            "name": "N",
            "nameCase": false,
            "nameWildcard": false,
            "value": [
                "Nitrogen",
                "N"
            ],
            "valueWildcard": false,
            "valueCase": false
        },
        {
            "type": "argsPostMatch",
            "positiveMatch": true,
            "name": "H",
            "value": [
                "H",
                "Hydrogen"
            ]
        },
        {
            "type": "argsPostMatch",
            "positiveMatch": true,
            "name": "He",
            "value": [
                "He",
                "Helium"
            ]
        },
        {
            "type": "argsPostNamesMatch",
            "positiveMatch": true,
            "value": [
                "Carbon",
                "Oxygen",
                "Nitrogen",
                "Chlorine"
            ]
        }
    ],
    "name": "Fat Rule",
    "description": "Can I create all conditions?",
    "version": 1
}
Parameter Type Sample Description
URL parameters
ruleId Integer 661699 A unique identifier for each custom rule.

Status 200 application/json

Response Body:

{
    "tag": [
        "test"
    ],
    "id": 661699,
    "conditions": [
        {
            "type": "requestMethodMatch",
            "positiveMatch": true,
            "value": [
                "GET",
                "CONNECT",
                "TRACE",
                "PUT",
                "POST",
                "OPTIONS",
                "DELETE",
                "HEAD"
            ]
        },
        {
            "type": "pathMatch",
            "positiveMatch": true,
            "value": [
                "/H",
                "/Li",
                "/He"
            ]
        },
        {
            "type": "extensionMatch",
            "positiveMatch": true,
            "value": [
                "Li",
                "He",
                "H"
            ],
            "valueWildcard": true,
            "valueCase": true
        },
        {
            "type": "filenameMatch",
            "positiveMatch": true,
            "value": [
                "He",
                "H",
                "Li"
            ],
            "valueWildcard": false,
            "valueCase": false
        },
        {
            "type": "requestProtocolVersionMatch",
            "positiveMatch": true,
            "value": [
                "HTTP/0.9"
            ]
        },
        {
            "type": "requestHeaderMatch",
            "positiveMatch": true,
            "name": [
                "H",
                "He"
            ],
            "value": [
                "Li",
                "He",
                "H"
            ],
            "valueCase": true,
            "valueWildcard": true,
            "nameWildcard": true
        },
        {
            "type": "requestHeaderMatch",
            "positiveMatch": true,
            "name": [
                "He"
            ],
            "value": [
                "C",
                "Be",
                "B"
            ],
            "valueCase": true,
            "valueWildcard": true,
            "nameWildcard": true
        },
        {
            "type": "headerOrderMatch",
            "positiveMatch": true,
            "value": "H:He"
        },
        {
            "type": "cookieMatch",
            "positiveMatch": true,
            "name": "H",
            "nameWildcard": true,
            "nameCase": true,
            "value": [
                "H",
                "He",
                "Li"
            ],
            "valueCase": true,
            "valueWildcard": true
        },
        {
            "type": "cookieMatch",
            "positiveMatch": true,
            "name": "Be",
            "nameWildcard": true,
            "nameCase": true,
            "value": [
                "O",
                "N",
                "C"
            ],
            "valueCase": true,
            "valueWildcard": true
        },
        {
            "type": "uriQueryMatch",
            "positiveMatch": true,
            "name": "C",
            "nameCase": true,
            "nameWildcard": true,
            "value": [
                "Carbon",
                "C"
            ],
            "valueWildcard": true,
            "valueCase": true
        },
        {
            "type": "uriQueryMatch",
            "positiveMatch": true,
            "name": "N",
            "nameCase": false,
            "nameWildcard": false,
            "value": [
                "Nitrogen",
                "N"
            ],
            "valueWildcard": false,
            "valueCase": false
        },
        {
            "type": "argsPostMatch",
            "positiveMatch": true,
            "name": "H",
            "value": [
                "H",
                "Hydrogen"
            ]
        },
        {
            "type": "argsPostMatch",
            "positiveMatch": true,
            "name": "He",
            "value": [
                "He",
                "Helium"
            ]
        },
        {
            "type": "argsPostNamesMatch",
            "positiveMatch": true,
            "value": [
                "Carbon",
                "Oxygen",
                "Nitrogen",
                "Chlorine"
            ]
        }
    ],
    "name": "Fat Rule",
    "description": "Can I create all conditions?",
    "version": 1,
    "ruleActivated": false
}
  1. Run List configurations and select a configId.

  2. Run List custom rules and select a ruleId.

  3. Run Get a custom rule.

  4. Modify the CustomRule object.

  5. Make a PUT request to /appsec/v1/configs/{configId}/custom-rules/{ruleId}.

The response reflects the modified CustomRule object.

Remove a custom rule

Deletes a custom rule as long as it is not activated.

DELETE /appsec/v1/configs/{configId}/custom-rules/{ruleId}

Sample: /appsec/v1/configs/{configId}/custom-rules/661699

Parameter Type Sample Description
URL parameters
ruleId Integer 661699 A unique identifier for each custom rule.

Status 204

  1. Run List configurations and select a configId.

  2. Run List custom rules and select a ruleId.

  3. Make a DELETE request to /appsec/v1/configs/{configId}/custom-rules/{ruleId}.

List custom rule actions

Returns a list of all configured custom rules for the specified configuration. It includes information for rules that are associated with this policy, as well as the latest versions of the rules in the configuration that are not associated with the current policy. Unassociated rules have an action of none.

GET /appsec/v1/configs/{configId}/versions/1/security-policies/{policyId}/custom-rules

Status 200 application/json

Response Body:

{
    "customRules": [
        {
            "action": "alert",
            "link": "/appsec/v1/configs/16400/custom-rules/622918",
            "name": "Custom Rule Example 1",
            "id": 622918
        },
        {
            "action": "none",
            "link": "/appsec/v1/configs/16400/custom-rules/657604",
            "name": "Custom Rule Example 2",
            "id": 657604
        },
        {
            "action": "deny",
            "link": "/appsec/v1/configs/16400/custom-rules/615894",
            "name": "Custom Rule Example 3",
            "id": 615894
        }
    ]
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a verisonNumber.

  3. Run List security policies and select a policyId.

  4. Make a GET request to /appsec/v1/configs/{configId}/versions/1/security-policies/{policyId}/custom-rules.

The response is a CustomRuleActions object.

Modify a custom rule action

Updates the action of a custom rule.

PUT /appsec/v1/configs/{configId}/versions/1/security-policies/{policyId}/custom-rules/{ruleId}

Sample: /appsec/v1/configs/{configId}/versions/1/security-policies/{policyId}/custom-rules/661699

Content-Type: application/json

Request Body:

{
    "action": "alert"
}
Parameter Type Sample Description
URL parameters
ruleId Integer 661699 A unique identifier for each custom rule.

Status 200 application/json

Response Body:

{
    "action": "alert"
}
  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a verisonNumber.

  3. Run List security policies and select a policyId.

  4. Run List custom rule actions and select a ruleId.

  5. Make a PUT request with a single-member object containing the specified action to /appsec/v1/configs/{configId}/versions/1/security-policies/{policyId}/custom-rules/{ruleId}.

The response reflects the modified single-member object.

Activate a configuration version

Activates one or more configurations globally.

POST /appsec/v1/activations

Content-Type: application/json

Request Body:

{
    "action": "ACTIVATE",
    "network": "STAGING",
    "note": "Free text notes",
    "notificationEmails": [
        "a@abc.com",
        "b@abc.com"
    ],
    "activationConfigs": [
        {
            "configId": 1,
            "configVersion": 4
        }
    ]
}

Status 200 application/json

Response Body:

{
    "activationId": 1234,
    "action": "ACTIVATE",
    "status": "RECEIVED",
    "network": "PRODUCTION",
    "estimate": "PTM5",
    "activationConfigs": [
        {
            "configId": 1,
            "configName": "config 1",
            "configVersion": 4,
            "previousConfigVersion": 2
        }
    ],
    "createdBy": "user1",
    "createDate": "2013-10-07T17:41:52+00:00",
    "dispatchCount": 1
}

Status 202 application/json

Headers:

Location: /appsec/v1/activations/status/f81c92c5-b150-4c41-9b53-9cef7969150a

Response Body:

{
    "statusId": "f81c92c5-b150-4c41-9b53-9cef7969150a",
    "createDate": "2018-06-19T11:27:55Z",
    "links": {
        "check-status": {
            "href": "/appsec/v1/activations/status/f81c92c5-b150-4c41-9b53-9cef7969150a"
        }
    }
}
  1. Create an Activation object.

  2. Make a POST request to /appsec/v1/activations.

The response reflects the complete Activation object.

Get an activation request status

Get the status of the ongoing generation of a long-running activation request. Any errors that occur during the generation of the activation will cause this API to respond with the underlying error status.

GET /appsec/v1/activations/status/{statusId}

Sample: /appsec/v1/activations/status/f81c92c5-b150-4c41-9b53-9cef7969150a

Parameter Type Sample Description
URL parameters
statusId String f81c92c5-b150-4c41-9b53-9cef7969150a UUID of this activation request status

Status 200 application/json

Headers:

Retry-After: 300

Response Body:

{
    "statusId": "f81c92c5-b150-4c41-9b53-9cef7969150a",
    "createDate": "2018-06-19T11:27:55Z"
}

Status 303 application/json

Headers:

Location: /appsec/v1/activations/1234

Response Body:

{
    "activationId": 1234
}
  1. Activate a configuration version, if you have not already done so, and note the statusId in the response.

  2. Make a GET request to /appsec/v1/activations/status/{statusId}.

  3. The response produces an object with an HTTP status code and relevant activation request data in the header.

  4. The optional Retry-After response header indicates the number of seconds to wait before submitting another status request.

  5. The optional Location response header indicates the URL of the specified activation.

Get activation status

Retrieves the status of an activation.

GET /appsec/v1/activations/{activationId}

Sample: /appsec/v1/activations/1234

Parameter Type Sample Description
URL parameters
activationId Number 1234 A unique identifier for an activation.

Status 200 application/json

Response Body:

{
    "activationId": 1234,
    "action": "ACTIVATE",
    "status": "RECEIVED",
    "network": "PRODUCTION",
    "estimate": "PTM5",
    "activationConfigs": [
        {
            "configId": 1,
            "configName": "config 1",
            "configVersion": 4,
            "previousConfigVersion": 2
        }
    ],
    "createdBy": "user1",
    "createDate": "2013-10-07T17:41:52+00:00",
    "dispatchCount": 1
}
  1. Run Activate a configuration version and note the activationId in the response object.

  2. Make a GET request to /appsec/v1/activations/{activationId}.

The response is an Activation object.

Data

This section provides you with the data model for the Application Security API.

Download the JSON schemas for this API.

The data schema tables below list membership requirements as follows:

Member is required in requests, or always present in responses, even if its value is empty or null.
Member is optional, and may be omitted in some cases.
Member is out of scope, and irrelevant to the specified interaction context. If you include the member in that context, it either triggers an error, or is ignored.

Configuration

Encapsulates configuration version details.

Download schema: wafConfigVersionDto.json

Sample full GET response:

{
    "configId": 8277,
    "configName": "TestConfig",
    "version": 2,
    "versionNotes": "Membership Benefits",
    "createDate": "2013-10-07T17:58:52Z",
    "createdBy": "user1",
    "basedOn": 1,
    "production": {
        "status": "Active",
        "time": "2014-07-08T07:40:00Z"
    },
    "staging": {
        "status": "Inactive"
    }
}

Configuration members

Member Type Required Description
basedOn Integer Read-only. The version from which this version was cloned.
configId Integer Read-only. A unique identifier for the security configuration.
configName String The security configuration name.
createDate String Read-only. The date of creation.
createdBy String Read-only. The user who created the configuration version.
production Configuration.production Read-only. The activation status of the configuration version in production network.
staging Configuration.staging Read-only. The activation status of the configuration version in staging network.
version Integer The security configuration version.
versionNotes String User notes for the security configuration version.
Configuration.production: The activation status of the configuration version in production network.
action Enumeration Action taken on the Configuration Version. Either ACTIVATE or DEACTIVATE.
status Enumeration The activation status, either Active, Failed, Inactive, Deactivated, or Pending.
time String The activation time.
Configuration.staging: The activation status of the configuration version in staging network.
action Enumeration Action taken on the Configuration Version. Either ACTIVATE or DEACTIVATE.
status Enumeration The activation status, either Active, Failed, Inactive, Deactivated, or Pending.
time String ISO 8601 timestamp indicating the activation time.

ConfigurationClone

Specifies the settings for a new clone of a security configuration.

Download schema: configCloneCreate.json

Sample POST request:

{
    "createFromVersion": 1,
    "ruleUpdate": false
}

ConfigurationClone members

Member Type Required Description
createFromVersion Integer The configuration version to clone from.
ruleUpdate Boolean Specifies whether the application rules should be migrated to the latest version.

SelectableHostnames

Encapsulates the list of hostnames available for protection and its details.

Download schema: hostInfoInConfiguration.json

Sample GET response:

{
    "configId": 123,
    "configVersion": 2,
    "protectARLInclusionHost": true,
    "availableSet": [
        {
            "arlInclusion": true,
            "activeInProduction": true,
            "activeInStaging": true,
            "configIdInProduction": 5443,
            "configNameInProduction": "WAF Security File",
            "hostname": "example.com"
        },
        {
            "arlInclusion": true,
            "activeInProduction": false,
            "activeInStaging": true,
            "configIdInProduction": 11882,
            "configNameInProduction": "A PUBLIC CONFIG",
            "hostname": "www.example.com"
        },
        {
            "arlInclusion": true,
            "activeInProduction": true,
            "activeInStaging": true,
            "configIdInProduction": 6018,
            "configNameInProduction": "Other Security Configuration",
            "hostname": "www.example-123.com"
        }
    ],
    "selectedSet": [
        {
            "arlInclusion": false,
            "activeInProduction": true,
            "activeInStaging": true,
            "configIdInProduction": 11887,
            "configNameInProduction": "Rbac Test Config",
            "hostname": "m.example.com"
        },
        {
            "arlInclusion": false,
            "activeInProduction": true,
            "activeInStaging": true,
            "configIdInProduction": null,
            "configNameInProduction": null,
            "hostname": "m.example-123.com"
        }
    ],
    "errorSet": [
        {
            "hostname": "*.example.net",
            "reason": "property is not active in either production or staging",
            "reasonCode": 400
        },
        {
            "hostname": "test-example.net",
            "reason": "You don't have access to this property",
            "reasonCode": 403
        }
    ]
}

SelectableHostnames members

Member Type Required Description
availableSet Set array The available hosts set for the current user.
configId Integer A unique identifier for the security configuration.
configVersion Integer The version number of the security configuration.
errorSet SelectableHostnames.errorSet[] The requested hosts are not available in this configuration version.
protectARLInclusionHost Boolean Whether the host defined in the ARL file has legacy WAF enabled in the configuration.
selectedSet Set array The selected set of hosts in this configuration version.
SelectableHostnames.errorSet[]: The requested hosts are not available in this configuration version.
hostname String The hostname that triggers an error.
reason String The reason why the hosts are not protectable in this configuration version.
reasonCode Integer The error status code for the hostname.

Set

Details about the state of a hostname.

Download schema: hostNameObject.json

Set members

Member Type Required Description
activeInProduction Boolean True when the host is active in production network.
activeInStaging Boolean True when the host is active in staging network.
arlInclusion Boolean True when the host is Akamai Resource Locator (ARL) included.
configIdInProduction Integer The ID of the configuration protecting this property.
configNameInProduction String The name of the configuration protecting this property.
hostname String The name of the host.

SelectedHostnames

Encapsulates a list of selected hostnames for the specified configuration version.

Download schema: hostnameList.json

Sample Get response:

{
    "hostnameList": [
        {
            "hostname": "*.example.net"
        },
        {
            "hostname": "example.com"
        },
        {
            "hostname": "m.example.com"
        }
    ]
}

SelectedHostnames members

Member Type Required Description
hostnameList SelectedHostnames.hostnameList[] Specifies a selected hostname for a configuration version.
SelectedHostnames.hostnameList[]: Specifies a selected hostname for a configuration version.
hostname String The hostname.

SecurityPolicy

Specifies the details of a policy.

Download schema: securityPolicyDto.json

Sample full GET response:

{
    "configId": 1232,
    "version": 8,
    "policies": [
        {
            "policyId": "NN3_61",
            "policyName": "NN FW 3",
            "policySecurityControls": {
                "applyApplicationLayerControls": true,
                "applyNetworkLayerControls": true,
                "applyRateControls": false,
                "applyReputationControls": false,
                "applyBotmanControls": true,
                "applyApiConstraints": false,
                "applySlowPostControls": false
            },
            "hasRatePolicyWithApiKey": true
        },
        {
            "policyId": "NN_2",
            "policyName": "NN FW 1",
            "policySecurityControls": {
                "applyApplicationLayerControls": true,
                "applyNetworkLayerControls": true,
                "applyRateControls": false,
                "applyReputationControls": false,
                "applyBotmanControls": false,
                "applyApiConstraints": false,
                "applySlowPostControls": false
            },
            "hasRatePolicyWithApiKey": false
        },
        {
            "policyId": "NN-2_3",
            "policyName": "NN FW 2",
            "policySecurityControls": {
                "applyApplicationLayerControls": true,
                "applyNetworkLayerControls": true,
                "applyRateControls": false,
                "applyReputationControls": false,
                "applyBotmanControls": false,
                "applyApiConstraints": false,
                "applySlowPostControls": false
            },
            "hasRatePolicyWithApiKey": true
        }
    ]
}

SecurityPolicy members

Member Type Required Description
configId Integer A unique identifier for the security configuration.
hasRatePolicyWithApiKey Boolean Indicates whether this security policy has a rate policy which has API_KEY as client identifier. APIs are managed using the API Endpoint Definition API.
policyId String A unique identifier for the security policy.
policyName String The name of the security policy.
policySecurityControls SecurityPolicy.policySecurityControls The status of security controls defined in the security policy.
version Integer The version number of the security configuration.
SecurityPolicy.policySecurityControls: The status of security controls defined in the security policy.
applyApiConstraints Boolean True when API constraints are enabled.
applyApplicationLayerControls Boolean True when application layer controls are enabled.
applyBotmanControls Boolean True when Bot Manager controls are enabled.
applyNetworkLayerControls Boolean True when network layer controls are enabled.
applyRateControls Boolean True when rate controls are enabled.
applyReputationControls Boolean True when reputation controls are enabled.
applySlowPostControls Boolean True when slow post controls are enabled.

MatchTarget

Encapsulates information about a match target.

Download schema: matchTarget.json

Sample GET response:

{
    "targetId": 112231,
    "securityPolicy": {
        "policyId": "fwsf_32432"
    },
    "configId": 17027,
    "configVersion": 25,
    "type": "website",
    "sequence": 1,
    "hostnames": [
        "example.com",
        "www.example.net",
        "m.example.com"
    ],
    "filePaths": [
        "/sssi/*",
        "/cache/aaabbc*",
        "/price_toy/*"
    ],
    "isNegativePathMatch": false,
    "fileExtensions": [
        "wmls",
        "jpeg",
        "pws",
        "carb",
        "pdf",
        "js",
        "hdml",
        "cct",
        "swf",
        "pct"
    ],
    "isNegativeFileExtensionMatch": true,
    "defaultFile": "BASE_MATCH",
    "bypassNetworkLists": [
        {
            "id": "888518_ACDDCKERS",
            "name": "Test network list 1"
        },
        {
            "id": "1304427_AAXXBBLIST",
            "name": "Test network list 2"
        }
    ],
    "effectiveSecurityControls": {
        "applyApiConstraints": false,
        "applyApplicationLayerControls": true,
        "applyNetworkLayerControls": false,
        "applyRateControls": true,
        "applyReputationControls": false,
        "applySlowPostControls": false
    }
}

MatchTarget members

Member Type Required Description
apis MatchTarget.apis[] Encapsulates a list of objects containing an API endpoint ID and name. This field is applicable only for API match targets.
bypassNetworkLists MatchTarget.bypassNetworkLists[] A list of network list identifiers and names.
configId Integer A unique identifier for a security configuration.
configVersion Integer The version of security configuration.
defaultFile Enumeration A description of the rule to match on paths. Either NO_MATCH to not match on the default file, BASE_MATCH to match only requests for top-level hostnames ending in a trailing slash, or RECURSIVE_MATCH to match all requests for paths that end in a trailing slash.
effectiveSecurityControls MatchTarget.effectiveSecurityControls Read-only. Defines the security controls to apply. For a security control to be effectively turned on, it has to be enabled in both the match target and the security policy.
fileExtensions Array Encapsulates a list of file extensions.
filePaths Array Encapsulates a list of file paths.
hostnames Array Encapsulates a list of hostnames to protect.
isNegativeFileExtensionMatch Boolean Describes whether the match target applies when a match is found in the specified fileExtensions or when a match is not found.
isNegativePathMatch Boolean Describes whether the match target applies when a match is found in the specified paths or when a match is not found.
securityPolicy MatchTarget.securityPolicy The security policy associated with the match target.
sequence Integer The position in the sequence of match targets.
targetId Integer A unique identifier for the match target.
type Enumeration Describes the type of match target, either website or api.
validations MatchTarget.validations Read-only. Describes warnings, errors, or notices determined by a validation of this resource.
MatchTarget.apis[]: Encapsulates a list of objects containing an API endpoint ID and name. This field is applicable only for API match targets.
id Integer A unique identifier of an API endpoint.
name String The API endpoint name.
MatchTarget.bypassNetworkLists[]: A list of network list identifiers and names.
id String A unique identifier for a network list.
name String The name of the network list.
MatchTarget.effectiveSecurityControls: Defines the security controls to apply. For a security control to be effectively turned on, it has to be enabled in both the match target and the security policy.
applyApiConstraints Boolean True when API constraints are enabled.
applyApplicationLayerControls Boolean True when application layer controls are enabled.
applyBotmanControls Boolean True when Bot Manager controls are enabled.
applyNetworkLayerControls Boolean True when network layer controls are enabled.
applyRateControls Boolean True when rate controls are enabled.
applyReputationControls Boolean True when reputation controls are enabled.
applySlowPostControls Boolean True when slow post controls are enabled.
MatchTarget.securityPolicy: The security policy associated with the match target.
policyId String A unique identifier for security policy.
MatchTarget.validations: Describes warnings, errors, or notices determined by a validation of this resource.
errors Validation array List of errors.
notices Validation array List of notices.
warnings Validation array List of warnings.

Validation

Encapsulates feedback on validation.

Download schema: validation-dto.json

Validation members

Member Type Required Description
detail String An explanation of the error message.
fieldName String The name of the field causing the validation problem.
jsonReference String The JSON reference to the field in the resource.
title String The title for the error.
type String The URL for the error type.

MatchTargetOrder

Encapsulates match target settings and a list of objects containing match targets with their assigned sequence number.

Download schema: matchTargetsSequence.json

Sample GET response:

{
    "targetSequence": [
        {
            "targetId": 1217289,
            "sequence": 1
        },
        {
            "targetId": 1217339,
            "sequence": 2
        }
    ],
    "type": "website"
}

MatchTargetOrder members

Member Type Required Description
targetSequence MatchTargetOrder.targetSequence[] Contains the ID and sequence of a match target.
type Enumeration Describes the type of match target, either WEBSITE or API.
MatchTargetOrder.targetSequence[]: Contains the ID and sequence of a match target.
sequence Integer The position in the sequence of match targets.
targetId Integer A unique identifier for the match target.

CustomRule

Contains settings for a custom rule.

Download schema: customRule-schema.json

Sample GET example:

{
    "tag": [
        "test"
    ],
    "id": 661699,
    "conditions": [
        {
            "type": "requestMethodMatch",
            "positiveMatch": true,
            "value": [
                "GET",
                "CONNECT",
                "TRACE",
                "PUT",
                "POST",
                "OPTIONS",
                "DELETE",
                "HEAD"
            ]
        },
        {
            "type": "pathMatch",
            "positiveMatch": true,
            "value": [
                "/H",
                "/Li",
                "/He"
            ]
        },
        {
            "type": "extensionMatch",
            "positiveMatch": true,
            "value": [
                "Li",
                "He",
                "H"
            ],
            "valueWildcard": true,
            "valueCase": true
        },
        {
            "type": "filenameMatch",
            "positiveMatch": true,
            "value": [
                "He",
                "H",
                "Li"
            ],
            "valueWildcard": false,
            "valueCase": false
        },
        {
            "type": "requestProtocolVersionMatch",
            "positiveMatch": true,
            "value": [
                "HTTP/0.9"
            ]
        },
        {
            "type": "requestHeaderMatch",
            "positiveMatch": true,
            "name": [
                "H",
                "He"
            ],
            "value": [
                "Li",
                "He",
                "H"
            ],
            "valueCase": true,
            "valueWildcard": true,
            "nameWildcard": true
        },
        {
            "type": "requestHeaderMatch",
            "positiveMatch": true,
            "name": [
                "He"
            ],
            "value": [
                "C",
                "Be",
                "B"
            ],
            "valueCase": true,
            "valueWildcard": true,
            "nameWildcard": true
        },
        {
            "type": "headerOrderMatch",
            "positiveMatch": true,
            "value": "H:He"
        },
        {
            "type": "cookieMatch",
            "positiveMatch": true,
            "name": "H",
            "nameWildcard": true,
            "nameCase": true,
            "value": [
                "H",
                "He",
                "Li"
            ],
            "valueCase": true,
            "valueWildcard": true
        },
        {
            "type": "cookieMatch",
            "positiveMatch": true,
            "name": "Be",
            "nameWildcard": true,
            "nameCase": true,
            "value": [
                "O",
                "N",
                "C"
            ],
            "valueCase": true,
            "valueWildcard": true
        },
        {
            "type": "uriQueryMatch",
            "positiveMatch": true,
            "name": "C",
            "nameCase": true,
            "nameWildcard": true,
            "value": [
                "Carbon",
                "C"
            ],
            "valueWildcard": true,
            "valueCase": true
        },
        {
            "type": "uriQueryMatch",
            "positiveMatch": true,
            "name": "N",
            "nameCase": false,
            "nameWildcard": false,
            "value": [
                "Nitrogen",
                "N"
            ],
            "valueWildcard": false,
            "valueCase": false
        },
        {
            "type": "argsPostMatch",
            "positiveMatch": true,
            "name": "H",
            "value": [
                "H",
                "Hydrogen"
            ]
        },
        {
            "type": "argsPostMatch",
            "positiveMatch": true,
            "name": "He",
            "value": [
                "He",
                "Helium"
            ]
        },
        {
            "type": "argsPostNamesMatch",
            "positiveMatch": true,
            "value": [
                "Carbon",
                "Oxygen",
                "Nitrogen",
                "Chlorine"
            ]
        }
    ],
    "name": "Fat Rule",
    "description": "Can I create all conditions?",
    "version": 1,
    "ruleActivated": false
}

CustomRule members

Member Type Required Description
conditions CustomRule.conditions[] Specifies the conditions for the custom rule.
description String The custom rule description.
id Integer Read-only. A unique identifier for the rule.
inspectRequest Boolean Read-only. Inpsect HTTP request for unstructured custom rules.
inspectResponse Boolean Read-only. Inpsect HTTP response for unstructured custom rules.
metadata String Read-only. Metadata the user provided for unstructured custom rules.
name String The custom rule name.
ruleActivated Boolean Read-only. Indicates whether the rule is active in a configuration.
structured Boolean Read-only. Indicates if this rule was created with the structured custom rule builder or free-form XML.
tag Array A set of user-supplied label for the custom rule.
version Integer The custom rule version.
CustomRule.conditions[]: Specifies the conditions for the custom rule.
positiveMatch Boolean If true, the rule triggers when the condition is met. If false, the rule triggers when it is not met.
type Enumeration The type of condition, either cookieMatch, extensionMatch, filenameMatch, hoitMatch, hostnameMatch, ipMatch, pathMatch, requestHeaderMatch, requestMethodMatch, requestProtocolVersionMatch, uriQueryMatch, headerOrderMatch, argsPostMatch, or argsPostNamesMatch.
value Array, String The value to use in the condition. Can be a string or an array of strings, depending on type.

CustomRuleActions

Contains settings for custom rule actions.

Download schema: customRuleActions.json

Sample GET response:

{
    "customRules": [
        {
            "action": "alert",
            "link": "/appsec/v1/configs/16400/custom-rules/622918",
            "name": "Custom Rule Example 1",
            "id": 622918
        },
        {
            "action": "none",
            "link": "/appsec/v1/configs/16400/custom-rules/657604",
            "name": "Custom Rule Example 2",
            "id": 657604
        },
        {
            "action": "deny",
            "link": "/appsec/v1/configs/16400/custom-rules/615894",
            "name": "Custom Rule Example 3",
            "id": 615894
        }
    ]
}

CustomRuleActions members

Member Type Required Description
action String The action to assign to this custom rule, either alert, deny, or none. If the action is none, the rule is inactive in the policy.
link String Read-only. A link to more information about the rule associated with this policy or latest version of rule if action is set to none (unassociated).
name String Read-only. The name of the custom rule.
status String Read-only. The activation status of the custom rule action.
version Integer Read-only. Version of the rule.

Activation

Encapsulates the activation status and settings for a configuration version.

Download schema: activations-request.json, activation-status.json

Sample POST request:

{
    "action": "ACTIVATE",
    "network": "STAGING",
    "note": "Free text notes",
    "notificationEmails": [
        "a@abc.com",
        "b@abc.com"
    ],
    "activationConfigs": [
        {
            "configId": 1,
            "configVersion": 4
        }
    ]
}

Sample GET response:

{
    "activationId": 1234,
    "action": "ACTIVATE",
    "status": "RECEIVED",
    "network": "PRODUCTION",
    "estimate": "PTM5",
    "activationConfigs": [
        {
            "configId": 1,
            "configName": "config 1",
            "configVersion": 4,
            "previousConfigVersion": 2
        }
    ],
    "createdBy": "user1",
    "createDate": "2013-10-07T17:41:52+00:00",
    "dispatchCount": 1
}

Activation members

Member Type POST GET Description
action Enumeration The action to take, either ACTIVATE or DEACTIVATE.
activationConfigs Activation.activationConfigs[] Specifies the security configuration and version to activate or deactivate.
activationId Number A unique identifier for the activation.
completionDate String Read-only. The ISO 8601 timestamp at which the activation reaches a steady state and validates across the Akamai network.
createDate String Read-only. The ISO 8601 timestamp at which the activation request was submitted.
createdBy String Read-only. Username of the person that created the activation request.
dispatchCount Integer Read-only. The number of times which this activation has been dispatched to the Akamai edge network. A number greater than 1 indicates that this activation may be retried due to network safety concerns.
estimate String The estimated time remaining to complete the activation in ISO 8601 duration format, starting when the response is generated.
network Enumeration The target Akamai network or environment of the activation, either STAGING or PRODUCTION.
note String User-supplied notes associated with this activation.
notificationEmails Array Email IDs to notify when the activation happens.
status Enumeration The current status of the activation, either RECEIVED, LIVE, DEPLOYED, CANCELING, STOPPED, REMOVED, ROLLBACK, ACTIVATED, FAILED, CANCELLING, or UNDEPLOYED.
Activation.activationConfigs[]: Specifies the security configuration and version of the activation.
configId Number The ID of the origin or destination configuration to activate.
configName String The name of the configuration. This field is provided for information purposes and only appears in the API output.
configVersion Number The version of the origin or destination configuration to activate.
previousConfigVersion Number Read-only. The previous active configuration version.

Errors

This section provides details on the data object that reflects the API’s common response to error cases, and lists the API’s range of response status codes for both error and success cases.

Error responses

EdgeGrid responds with HTTP Problem error objects that provide details useful for debugging. For example:

{
    "type":"https://problems.luna.akamaiapis.net/appsec-resource/error-types/ACCESS-DENIED",
    "title":"Forbidden",
    "status":403,
    "detail":"You do not have the necessary access to perform this operation or the requested resource cannot be modified",
    "instance":"https://problems.luna.akamaiapis.net/appsec/error-instances/d54686b5-21cb-4ab7-a8d6-a92282cf1749"
}

HTTP status codes

The API produces the following set of HTTP status codes for both success and failure scenarios:

Code Description
200 The operation was successful.
201 Resource successfully created.
400 Bad Request.
403 Access is forbidden.
404 Resource not found.
409 Conflict with current state of resource.

Last modified: 12/3/2018