The Application Security API

The Application Security API allows you to access and modify the Web Application Firewall (WAF) configuration of your Kona Site Defender or Bot Manager implementation. You can create, update, and activate versions of a security configuration. You can retrieve selectable hostnames and add them to the selected list to protect your website or API content. You also can add, modify, or delete custom rules and assign policy actions.

A Web Application Firewall (WAF) is an application security measure deployed between a web client and a web server that performs a deep inspection of every request and response for all common forms of web traffic. Identifying and isolating or blocking abnormal malicious traffic, a WAF effectively prevents threats from reaching the server.

This API is in beta and may be subject to change.

Who should use this API

This API is for security operations teams and developers who implement Akamai security products for their organization. You need to have a working knowledge of your application and how the configurable objects interact. If you are not familiar with these topics, see Resources for more information.

Getting started

Before using the Application Security API for the first time:

  • Review Get Started on tools that Akamai provides for all its APIs.

  • Review Authorize Your Client to create your API access credentials and authorizations. As detailed in the API Identity Model section, you then access the API using custom hostnames that looks like this: https://akzz-XXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXX.luna.akamaiapis.net.

  • Review the Authorize Your Client section to make sure the identity under which you provision the API can access its full range of functionality. Use the Identity Management application to expand access if necessary, or the Identity Management API as a programmatic alternative.

Example 1: add a hostname to a new configuration version

The following example presents the order of operations to modify a configuration, provide additional hostnames, and activate the new configuration version:

  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a verisonNumber.

  3. Run Get configuration version details to retrieve a Configuration object.

  4. You cannot edit the configuration version if it is ACTIVE on staging or production servers. To create a new version, craft a ConfigurationClone object and make a POST request to /appsec/v1/configs/{configId}/versions.

  5. Run List selectable hostnames to retrieve a list of Set objects containing hostname information.

  6. List selected hostnames to retrieve a SelectedHostnames object.

  7. Modify the SelectedHostnames object.

  8. Make a PUT request to /appsec/v1/configs/{configId}/versions/{versionNumber}/selected-hostnames.

  9. Run List security policies and select a policyId.

  10. Run Create a match target to create a new MatchTarget object. Note the targetId in the response.

  11. Run Get a match target

  12. Modify the MatchTarget object.

  13. Make a PUT request to /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/{targetId}.

  14. Run List match targets.

  15. Craft a MatchTargetOrder object using the targetIds.

  16. Make a PUT request to /appsec/v1/configs/{configId}/versions/{versionNumber}/match-targets/sequence.

  17. Create an Activation object.

  18. Make a POST request to /appsec/v1/activations to activate the configuration version.

  19. Run Get activation status to check the activation status. The response is an Activation object.

Example 2: add a custom rule to an existing configuration version

The following example presents the order of operations to modify a configuration, add a new custom rule, and activate the new configuration version:

  1. Run List configurations and select a configId.

  2. Run List configuration versions and select a verisonNumber.

  3. Run Get configuration version details to retrieve a Configuration object.

  4. You cannot edit the configuration version if it is ACTIVE on staging or production servers. To create a new version, craft a ConfigurationClone object and make a POST request to /appsec/v1/configs/{configId}/versions.

  5. Run Create a custom rule to create a new CustomRule object. Note the ruleId in the response.

  6. Run Get a custom rule.

  7. Modify the CustomRule object.

  8. Make a PUT request to /appsec/v1/configs/{configId}/custom-rules/{ruleId}.

  9. Run List security policies and select a policyId.

  10. Make a PUT request with a single-member object containing the specified action to /appsec/v1/configs/{configId}/versions/1/security-policies/{policyId}/custom-rules/{ruleId}.

  11. Create an Activation object.

  12. Make a POST request to /appsec/v1/activations to activate the configuration version.

  13. Run Get activation status to check the activation status. The response is an Activation object.


Last modified: 6/19/2018