Automate Your Auditing Settings

November 12, 2020 · by Roy Martinez ·

I’m Roy Martinez, an Enterprise Architect in Akamai’s Global Consulting Services. My team makes up some of Akamai’s technical experts, providing our customers with the innovative designs and guidance they need to further their online business. 

In this blog, I’d like to share some code I created to help some of my customers automate auditing settings across hundreds of configurations on a regular basis to provide governance on their Akamai properties.  

This project is meant to allow teams to pull account details in order to create a snapshot in time. Our goal is to make it easier for you to get an account snapshot audited or get an offload summary for additional deep-dive analysis, and to provide a quick idea of where an account is in regard to offload. 

We have two types of audits right now, with more to come in the future:

  • Account Summary
    This audit gathers information from multiple Akamai API endpoints, providing an account resource summary (like Property Manager configurations, Enrollments (certificates), etc). You can view the output in ‘xlsx’ format.

  • Offload Summary
    This audit gathers the data collected from the total offload for each CPcode (grouped by extension or URL), the perc (percentage) of traffic that each CPcode represents to the total hits of all CPcodes reviewed, total bytes served and offloaded, and an extension offload summary for each of the CPcodes. You can view the output in ‘xlsx’ format.

You can see examples here: 

Account Summary


When this is run, it will create a folder within the current directory under the name "Account_Name". Within this folder, the following files will be created:

Sheet Name


Host Summary

Provides a high-level summary for each hostname under all PM Configurations and their App sec protection.


Lists all the contracts in the account.


Lists all the groups in the account.


Lists all the CP Codes in the account.


Pulls all the hostnames listed within the configurations. It will also list if the domain is CNAMED to Akamai, slot, and compare with the CNAME listed in the configuration.


Lists all the enrollments in the account and their corresponding slot.


Lists of all edge hostnames associated with this account


Lists all the properties associated with the account. For each property, it will list the following details: Property name, Current version in prod and staging, latest version, and first version details. Finally, it lists all the behaviors seen in the config.


Lists all behaviors available for each property (based on property type) and checks for their use.


Lists all the unique origin names defined within the configurations. It will also segregate as Customer origin or GTM Origin


Lists all the WAF security configurations in the account.


Lists all the WAF security configuration match targets in the account.


Lists all hostnames and corresponding configurations and match policies.

Host Summary

Provides a high-level summary for each hostname under all PM Configurations and their App sec protection.

Offload Summary

There are two types of offload summaries that we offer: Account offload and CPcode by extension. Below, you'll see an example of each. 

Account offload summary


CPcode summary by extention


This mode will collect offload data from the CPcodes provided in '--cpcodes' or if not provided it will do an account-wide review of all CPcodes. If no dates are provided it defaults to the last month.


  • Add the API credentials with access to the Property Manager API (PAPI) In your ~/.edgerc file under a section called ‘papi’ (or indicate the '--section' parameter followed by the section name if you use something else than ‘papi’).

  • Ensure you have python 3.x.

  • As a pre-installation step, please add the libraries that are required.

pip install -r requirements.txt 


python3 [parameters]



--type [as|os]

[REQUIRED] as: Account Summary (default), os: Offload Summary


[OPTIONAL] Allows Akamai employees and some partners to run the code on other accounts they can manage by indicating the Account ID to Audit.

Account ID found here:


[OPTIONAL] Print Additional details


[OPTIONAL] Section to use within the .edgerc file

 Account audit example

python3 --type as

python3 --switchKey {AccountID}

Offload summary example

python3 --type os --start {YYYY-MM-DD} --end {YYYY-MM-DD} --cpcodes {CPCODE_1} {CPCODE_2} {CPCODE_3}




[OPTIONAL] Start Date in the format 'YYYY-MM-DD'. If not provided default is last month's traffic.


[OPTIONAL] End Date in the format 'YYYY-MM-DD'. If not provided default is last month's traffic.


[OPTIONAL] List of cpcodes to query (space-delimited). If not provided, an account-wide analysis will be done.

--groupby [ext|url]

[OPTIONAL] By default this report aggregates by URL extension but in many cases like APIs, we will not have extensions. For those cases, we can aggregate by URLs.

You might also like

Here are great resources for you if you’d like to learn more:

About the author

Roy Martinez

Roy Martinez is a photography enthusiast, but in business hours he is an enterprise architect with 10 years of industry experience. He has a strong background in full-stack web development, DevOps, web performance, cloud computing, architecture changes, and advanced edge logic implementations, which allows him to provide consulting and support for customers.