Site Shield API v1

Access Site Shield with non-browser clients to cloak websites from the public Internet.

Learn more:


Overview

For customers who are already using the Akamai Network, Site Shield provides an additional layer of protection that helps prevent attackers from bypassing cloud-based protections to target the application origin. Site Shield cloaks websites and applications from the public Internet and restricts clients from directly accessing the origin. It is designed to complement the existing network infrastructure as well as advanced cloud security technologies available on the globally-distributed Akamai Intelligent Platform to mitigate the risks associated with network and application-layer threats that directly target the origin infrastructure.

The goal of the Site Shield API is to provide a Site Shield interface for consumption by nonbrowser clients. This API allows you to access and acknowledge Site Shield maps, which are sets of IP addresses and/or CIDR blocks. You must add these to the origin host’s firewall so as to able to serve requests only to traffic originating from the IPs belonging to the map. Once completed, you then acknowledge the map, confirming the new IP blocks/CIDRs have been added to the firewall.

Headers

Authorization: EG1-HMAC-SHA256 client_token=[value];access_token=[value];timestamp=[value];nonce=[value];signature=[value]
  • This is RFC2616-standard, with proprietary specifics.
  • SDKs will be available for some languages.

Example:

Authorization: EG1-HMAC-SHA256 client_token=akaa-275ca6de04b11b91-cf46074bf3b52950;access_token=akaa-d6cfbdb2d0594ae4-ad000cf3a5473a08;timestamp=20130817T02:49:13+0000;nonce=dd9957e2-4fe5-48ca-8d32-16a772ac6d8f;signature=Q3uWyssCz9qsNxekOX+PXP0WrtGT+J5qd6ssN1UmUmw=

Resources

For clients already on the Akamai network, Site Shield provides an additional layer of protection that helps prevent attackers from bypassing cloud-based protections and targeting the application origin. Site Shield cloaks web sites and applications from the public Internet and restricts clients from directly accessing the origin. It is designed to complement the existing network infrastructure as well as advanced cloud security technologies available on the globally distributed Akamai® Intelligent Platform™ to mitigate the risks associated with network and application-layer threats that directly target the origin infrastructure.

The goal of the Site Shield API is to provide a Site Shield interface for consumption by non browser clients. The Site Shield API allows you to access and acknowledge Site Shield maps, which are sets of IP addresses and/or CIDR blocks. You need to add these to the origin host’s firewall to able to serve requests only to traffic originating from the IPs belonging to the map. Once completed, the user would be able to acknowledge the map, confirming the new IP blocks/CIDRs have been added to the firewall.

API summary

Operation Method Endpoint
List Maps GET /siteshield/v1/maps
Get a Map GET /siteshield/v1/maps/{id}
Acknowledge a Map POST /siteshield/v1/maps/{id}/acknowledge

List maps

This operation lists all maps that belong to an account.

GET /siteshield/v1/maps

Status 200 application/json

Response:

{
    "siteShieldMaps": [
        {
            "acknowledged": true,
            "contacts": [ "kona@akamai.com" ],
            "currentCidrs": [
                "165.254.26.0/24", "165.254.94.0/24",
                "184.51.120.0/24", "63.162.234.0/24",
                "63.233.110.0/24", "64.145.75.0/24", "69.31.102.0/24"
            ],
            "id": 1234,
            "latestTicketId": 1,
            "mapAlias": "SampleTest1",
            "mcmMapRuleId": 123,
            "proposedCidrs": [],
            "ruleName": "a;s12.akamai.net",
            "service": "W",
            "shared": false,
            "type": "Production"
        },
        {
            "acknowledged": true,
            "contacts": [
                "luna@akamai.com",
                "new@email.com"
            ],
            "currentCidrs": [
                "107.14.42.0/24", "117.103.188.0/24",
                "195.59.54.0/24", "209.211.216.0/24",
                "216.246.75.0/24", "63.130.161.0/24",
                "63.235.29.0/24", "63.83.61.0/24", "69.22.163.0/24"
            ],
            "id": 7964,
            "latestTicketId": 5884,
            "mapAlias": "Sample Test-2",
            "mcmMapRuleId": 957,
            "proposedCidrs": [],
            "ruleName": "e;s9.akamaiedge.net",
            "service": "S",
            "shared": false,
            "type": "Production"
        },
        {
            "acknowledged": false,
            "contacts": [ "pulse@akamai.com" ],
            "currentCidrs": [],
            "id": 65,
            "latestTicketId": 883,
            "mapAlias": "mapAlias",
            "mcmMapRuleId": 4255,
            "proposedCidrs": [
                "131.103.136.0/24", "131.103.137.0/24", "165.254.137.0/24",
                "184.25.254.0/24", "184.51.199.0/24", "184.84.221.0/24",
                "184.84.223.0/24", "195.10.11.0/24", "204.156.15.0/24",
                "209.170.78.0/24", "216.246.75.0/24", "23.57.69.0/24",
                "23.57.74.0/24", "23.62.238.0/24", "61.246.63.0/24",
                "63.218.71.0/24", "66.171.227.0/24", "69.192.3.0/24",
                "69.192.4.0/24", "72.246.184.0/24", "77.67.40.0/24",
                "77.67.85.0/24", "80.157.149.0/24", "80.239.234.0/24"
            ],
            "ruleName": "e;s1.akamaiedge.net",
            "service": "S",
            "shared": false,
            "type": "Production"
        }
    ]
}

Get a map

This operation allows you to retrieve a single map object with all its details. You need access permissions to view the map details.

GET /siteshield/v1/maps/{id}

Example: /siteshield/v1/maps/1

Parameter Type Sample Description
Required
id Number 1 Numeric id of the Note to perform action with. Has example value.

Status 200 application/json

Response:

{
    "siteShieldMap": {
        "acknowledged": false,
        "contacts": [
            "test@akamai.com",
            "test2@akamai.com"
        ],
        "currentCidrs": [
            "131.103.136.0/24", "131.103.137.0/24",
            "165.254.127.0/24", "165.254.137.0/24", "184.25.254.0/24"
        ],
        "proposedCidrs": [
            "107.14.42.0/24", "117.103.188.0/24", "195.59.54.0/24",
            "209.211.216.0/24", "216.246.75.0/24"
        ],
        "ruleName": "a;s36.akamai.net",
        "type": "Production",
        "service": "S",
        "shared": false,
        "acknowledgeRequiredBy": 1392154239000,
        "previouslyAcknowledgedOn": 1392154239000
    }
}

Acknowledge a map

This operation allows you to update a map instance. You can perform this action only if you have permission to acknowledge the map.

POST /siteshield/v1/maps/{id}/acknowledge

Example: /siteshield/v1/maps/1/acknowledge

Parameter Type Sample Description
Required
id Number 1 Numeric id of the Note to perform action with. Has example value.

Status 200 application/json

Response:

{
    "siteShieldMap": {
        "acknowledged": true,
        "contacts": [
            "test@akamai.com",
            "test2@akamai.com"
        ],
        "currentCidrs": [
            "131.103.136.0/24", "131.103.137.0/24",
            "165.254.127.0/24", "165.254.137.0/24", "184.25.254.0/24"
        ],
        "ruleName": "a;s36.akamai.net",
        "type": "Production",
        "service": "S",
        "shared": false,
        "acknowledgeRequiredBy": 1392154239000,
        "previouslyAcknowledgedOn": 1392154239000
    }
}

Errors

Code Description
403 Authorization failure
404 Resource not found
500 Internal server error unexpected condition