Firewall Rules Notification API v1
Subscribe yourself and others to CIDR block changes and retrieve CIDR blocks to include in your firewall rules.
Learn more:
Download this API’s RAML and JSON schema descriptors.
Overview
Akamai periodically updates edge server IP addresses for routine maintenance and, when that happens, it is important that you update your company’s firewall to accept traffic from new IP addresses, or remove access to your origin from IP addresses that were decommissioned.
The Firewall Rules Notification API lets you manage who receives notifications about changes Akamai makes to IP addresses. You can subscribe or unsubscribe users to notifications for specific services, retrieve subscription and service information, and get CIDR block information with which to update your firewall rules. This API provides you with a programmatic interface to the same functionality available in Akamai Control Center.
Who should use this API
Use this API if you manage your company’s firewall and want to programmatically retrieve Akamai CIDR blocks so you can add or remove them from your company’s firewall. Additionally, use this API to automate adding or removing users from being notified about changes to the CIDR blocks.
Get started
Before using FRAPI for the first time:
Review Get Started with APIs for details on how to set up client tokens to access any Akamai API. These tokens appear as custom hostnames that look like this:
https://akzz-XXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXX.luna.akamaiapis.net.To access this API you need to have certain credentials. You assign credentials in the Manage APIs application in Control Center.
Log in to Control Center at
control.akamai.com.Navigate to the Manage APIs application.
Create new credentials for yourself including the specific scope you need, either READ-ONLY or READ-WRITE.
Resources
The following lists unique concepts for this API:
Activation date in Control Center is the same thing as the effective date in the API.
CIDRs with a status of
Deletedare still visible and returned in response objects.Deletedfor this API means that CIDR block is no longer in use and no longer serves traffic to your origin. You can remove that CIDR block from your firewall rules.
API summary
Download the RAML descriptors for this API.
| Operation | Method | Endpoint |
|---|---|---|
| List Services | GET | /firewall-rules-manager/ |
| Get a Service | GET | /firewall-rules-manager/ |
| List CIDR Blocks | GET | /firewall-rules-manager/ |
| List Subscriptions | GET | /firewall-rules-manager/ |
| Update Subscriptions | PUT | /firewall-rules-manager/ |
List services
Get a list of services you are subscribed to. To see additional services, subscribe to them first and then run the operation again.
GET /firewall-rules-manager/
Status 200
application/json
Response Body:
[
{
"serviceId": 3,
"serviceName": "TestIP",
"description": "Test IPs"
},
{
"serviceId": 4,
"serviceName": "TestIP again",
"description": "Test IPs"
}
]
Make a GET request to
/firewall-rules-manager/.v1/ services The response is an array of Service objects. Locate a
serviceIDand save it for later use.
Get a service
Get a specific service.
GET /firewall-rules-manager/
Sample: /firewall-rules-manager/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
serviceId |
Integer | 3 |
A unique identifier for a service. |
Status 200
application/json
Response Body:
{
"serviceId": 3,
"serviceName": "TestIP",
"description": "Test IPs"
}
Run List Services and choose a service from the array. Store the
serviceIdfor later use.Make a GET request to
/firewall-rules-manager/.v1/ services/ {serviceId} The response is a Service object
List CIDR blocks
List all CIDR blocks for all services you are subscribed to. To see additional CIDR blocks, subscribe yourself to more services and run this operation again.
GET /firewall-rules-manager/
Sample: /firewall-rules-manager/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| Optional query parameters | |||
effectiveDateGt |
String | 2017-02-21 |
The ISO 8601 date the CIDR block starts serving traffic to your origin. Please ensure your firewall rules are updated to allow this traffic to pass through before the effective date. |
lastAction |
Enumeration | add |
Whether a CIDR block was added, updated, or removed from service. You can use this parameter as a sorting mechanism and return only CIDR blocks with a change status of add, update, or delete. Note that a status of delete means the CIDR block is no longer in service, and you can remove it from your firewall rules. |
Status 200
application/json
Response Body:
[
{
"cidrId": 13742,
"serviceId": 9,
"serviceName": "PERF_ANALYTICS",
"cidr": "66.171.230.134",
"cidrMask": "/32",
"port": "80,443",
"creationDate": "2017-02-21",
"effectiveDate": "2017-02-21",
"changeDate": "2017-02-21",
"minIp": "66.171.230.134",
"maxIp": "66.171.230.134",
"lastAction": "add"
}
]
List subscriptions
List subscriptions you created for yourself and other users. You can only see subscription information based on what you created yourself, so if someone else subscribed you to a service, you will not see that subscription returned by this operation.
GET /firewall-rules-manager/
Status 200
application/json
Response Body:
{
"subscriptions": [
{
"serviceId": 13,
"serviceName": "Test IPs",
"email": "mp@mail.com",
"signupDate": "2017-03-28"
},
{
"serviceId": 15,
"serviceName": "CCUAPI",
"email": "abcd@akamai.com",
"signupDate": "2017-10-11"
}
]
}
Make a GET request to
/firewall-rules-manager/.v1/ subscriptions The response is an array of Subscription objects.
Update subscriptions
Subscribe or unsubscribe users to services.
PUT /firewall-rules-manager/
Content-Type: application/json
Request Body:
{
"subscriptions": [
{
"serviceId": 13,
"email": "mp@mail.com"
},
{
"serviceId": 15,
"email": "abcd@akamai.com"
}
]
}
Status 200
application/json
Response Body:
{
"subscriptions": [
{
"serviceId": 13,
"serviceName": "Test IPs",
"email": "mp@mail.com",
"signupDate": "2017-03-28"
},
{
"serviceId": 15,
"serviceName": "CCUAPI",
"email": "abcd@akamai.com",
"signupDate": "2017-10-11"
}
]
}
Run List Subscriptions.
The response is an array of Subscription objects. Modify the array of objects.
PUT the modified object back to
/firewall-rules-manager/.v1/ subscriptions
Data
This section provides details for each type of data object the API exchanges.
Download the JSON schemas for this API.
The data schema tables below list membership requirements as follows:
| ✓ | Member is required to be present, regardless of whether its value is empty or null. |
Subscription
Displays subscriptions for a service.
Download schema:
subscription.json
Sample GET response:
{
"subscriptions": [
{
"serviceId": 13,
"serviceName": "Test IPs",
"email": "mp@mail.com",
"signupDate": "2017-03-28"
},
{
"serviceId": 15,
"serviceName": "CCUAPI",
"email": "abcd@akamai.com",
"signupDate": "2017-10-11"
}
]
}
Subscription members
| Member | Type | Required | Description |
|---|---|---|---|
email |
String | ✓ | One or more emails belonging to people subscribing to a service. These email addresses receive the notifications for CIDR block updates. |
serviceId |
Integer | ✓ | A unique identifier for a service. |
serviceName |
String | ✓ | The name of a service. This is often the same as the product you purchased. |
signupDate |
String | ✓ | The date a subscriber signed up for notifications. The date is in ISO format. |
Service
Specifies service information.
Download schema:
service.json
Sample GET response:
{
"serviceId": 3,
"serviceName": "TestIP",
"description": "Test IPs"
}
Service members
| Member | Type | Required | Description |
|---|---|---|---|
description |
String | ✓ | A description of the service. |
serviceId |
Integer | ✓ | A unique identifier for a service. |
serviceName |
String | ✓ | The name of a service. This is often the same as the product you purchased. |
CidrBlock
Describes CIDR block and the services they belong to.
Download schema:
cidrBlock.json
Sample GET response:
[
{
"cidrId": 13742,
"serviceId": 9,
"serviceName": "PERF_ANALYTICS",
"cidr": "66.171.230.134",
"cidrMask": "/32",
"port": "80,443",
"creationDate": "2017-02-21",
"effectiveDate": "2017-02-21",
"changeDate": "2017-02-21",
"minIp": "66.171.230.134",
"maxIp": "66.171.230.134",
"lastAction": "add"
}
]
CidrBlock members
| Member | Type | Required | Description |
|---|---|---|---|
changeDate |
String | ✓ | The ISO 8601 date when the CIDR block was last updated. |
cidr |
String | ✓ | A list of IP addresses belonging to Akamai edge servers for a particular service. |
cidrId |
Integer | ✓ | A unique identifier for a CIDR block. |
cidrMask |
Enumeration | ✓ | Indicates the range (start and end IP) of the CIDR block. /32 and /64 denote whether the IP addresses in the CIDR block are IPv4 or IPv6, respectively. |
creationDate |
String | ✓ | The ISO 8601 date the CIDR block was created. |
effectiveDate |
String | ✓ | The ISO 8601 date the IP addresses start passing traffic. Make sure your firewall rules are updated to accept traffic before this date. This date is typically two weeks after the CIDR block’s creation date. |
lastAction |
Enumeration | ✓ | The last Action, or change, made to the CIDR block. Either add, update, or delete. |
maxIp |
String | ✓ | The maximum IP is the top of the range for the CIDR block. |
minIp |
String | ✓ | The minimum IP is the base of the range for the CIDR block. |
port |
String | ✓ | The set of comma-delimited ports through which your server receives traffic from Akamai servers. |
serviceId |
Integer | ✓ | A unique identifier for a service. |
serviceName |
String | ✓ | The name of a service. This is often the same as the product you purchased. |
Errors
This section tells you about the Firewall Rules Notification API’s error response format, and details the range of HTTP status codes the API produces.
Error Responses
The Identity Management API responds with HTTP Problem error objects that provide details useful for debugging.
The following shows a typical error response. The outer object
characterizes the overall problem, while the details array lists
potentially more than one problem detected in the request.
{
"type" : "/firewall-rules-manager/error-types/5",
"status" : 404,
"title" : "ServiceId doesn't exist",
"detail" : "ServiceId: 233 not found",
"instance" : "",
"errors" : [ ]
}
HTTP status codes
This section lists the range of HTTP response codes the API may produce for both success and error cases:
| Code | Description |
|---|---|
| 200 | Request OK. |
| 302 | The requested item is temporarily available at the link provided. |
| 400 | Bad Request. |
| 401 | Authentication failure. |
| 403 | Access Denied. |
| 404 | Resource not found. |
| 405 | Method not supported. |
| 415 | Unsupported media type. |
| 500 | Internal server error. |
| 502 | Platform timeout error. |
| 503 | Too many requests. Service is temporarily unavailable. |
Last modified: 6/1/2017