The Enterprise Threat Protector Configuration API

The Enterprise Threat Protector (ETP) Configuration API offers a programmatic OPEN interface to manage policy settings to protect against enterprise security and acceptable user policy related events. A distributed configuration encapsulates all the rules for how to process DNS requests for your enterprise.

Who Should Use This API

This API is for site administrators, project managers, and technical support providers who implement Enterprise Threat Protector (ETP) for your organization. It assumes that you have a working knowledge of ETP and how the configurable objects interact. If you are not familiar with these topics, see ETP Configuration Resources for more information.

Getting Started

Before using the ETP Configuration API for the first time:

  • Contact your Akamai representative to enable it for your account.

  • Review the OPEN API Introduction on tools that Akamai provides.

  • Review OPEN API Provisioning to create your OPEN API access credentials and authorizations. As detailed in the OPEN API Identity Model, you then access the API using custom hostnames that looks like this:

Object Versioning

High-level objects such as Site, Policy, and CustomList use a timestamp for revision control. With each create, update, or delete, the object’s timestamp must be up to date. Requests fail with a 412 Precondition failed response if an older timestamp is provided in the request.

GET and POST operations pass the timestamp value in an Etag HTTP header. UPDATE and DELETE operations pass the timestamp in an If-Match HTTP header, with the correct ETag value.

TLS Certificates

TLS termination is possible with an Akamai-issued certificate or a customer-provisioned certificate, so long as it is from an approved Akamai certificate authorty (CA).

  • To use an Akamai CA, you need to trust the Akamai CA and use an Akamai generated certificate. You also need to install the Akamai generated certificate manually or with the use of an MDM solution on the client device.

  • To use a customer-owned certificate, you need to generate a certificate signing request (CSR) using the Enterprise Threat Protector Application, sign it, and upload the signed certificate using the API.

Last modified: 4/10/2018