Sites
NOTE
Next-Gen WAF documentation has been moved to the Fastly Documentation website. You can continue to find Next-Gen WAF API reference documentation at this website.

Next-Gen WAF API docs


Accessing the API

Base URL
                          https://dashboard.signalsciences.net/api/v0
                        
Examples

For examples on how to authenticate against and use the API, see Using our API.

Auth

Log into the API

post /auth

Request

Form Parameters
Name
Type
Description
email
string
required: true
password
string
min len: 8
required: true

Responses

HTTP 200
Name
Type
Description
token
string
required: true

Token to be used in subsequent requests for authentication

Response Example
{
                          "token": "a3024fcf-0c8a-43d8-b70b-ed537fe50650"
                        }
                        
HTTP 401

Login failed

Log out the session

get /auth/logout

Request

No request parameters.

Responses

HTTP 302

Redirects to the login page

Corps

List corps

get /corps

Request

Query Parameters
Name
Type
Description
pretty
boolean

Pretty print the json output

Responses

HTTP 200
Name
Type
Description
data
name
string
read only: true

Identifying name of the corp

displayName
string
min len: 3
max len: 100

Display name of the corp

smallIconURI
string
max len: 200

Small icon URI

created
string
format: date-time
read only: true

Created RFC3339 date time

siteLimit
integer
read only: true

Site limit

sites
uri
string
read only: true

URI sub sites

authType
string
read only: true

Authentication method

sessionMaxAgeDashboard
integer
default: 2592000
min len: 60
max len: 31536000

Dashboard session timeout (seconds)

Response Example
{
                          "data": [
                              {
                                  "name": "testcorp",
                                  "displayName": "Test Corporation",
                                  "smallIconURI": "",
                                  "created": "2014-12-09T10:43:54-08:00",
                                  "siteLimit": 5,
                                  "sites": {
                                      "uri": "/api/v0/corps/testcorp/sites"
                                  },
                                  "authType": "builtin",
                                  "sessionMaxAgeDashboard": 2592000,
                              }
                          ]
                        }
                        

Get corp by name

get /corps/{corpName}

Request

URI Parameters
Name
Type
Description
corpName
string
matching: [0-9a-z_.-]+
required: true

Corp shortname

Query Parameters
Name
Type
Description
pretty
boolean

Pretty print the json output

Responses

HTTP 200
Name
Type
Description
name
string
read only: true

Identifying name of the corp

displayName
string
min len: 3
max len: 100

Display name of the corp

smallIconURI
string
max len: 200

Small icon URI

created
string
format: date-time
read only: true

Created RFC3339 date time

siteLimit
integer
read only: true

Site limit

sites
uri
string
read only: true

URI sub sites

authType
string
read only: true

Authentication method

sessionMaxAgeDashboard
integer
default: 2592000
min len: 60
max len: 31536000

Dashboard session timeout (seconds)

Response Example
{
                              "name": "testcorp",
                              "displayName": "Test Corporation",
                              "smallIconURI": "",
                              "created": "2014-12-09T10:43:54-08:00",
                              "siteLimit": 5,
                              "sites": {
                                  "uri": "/api/v0/corps/testcorp/sites"
                              },
                              "authType": "builtin",
                              "sessionMaxAgeDashboard": 2592000,
                            }
                            

Update corp by name

patch /corps/{corpName}

Request

URI Parameters
Name
Type
Description
corpName
string
matching: [0-9a-z_.-]+
required: true

Corp shortname

Query Parameters
Name
Type
Description
pretty
boolean

Pretty print the json output

Body (application/json)
Name
Type
Description
displayName
string
min len: 3
max len: 100

Display name of the corp

smallIconURI
string
max len: 200

Small icon URI

sessionMaxAgeDashboard
integer
default: 2592000
min len: 60
max len: 31536000

Dashboard session timeout (seconds)

Request Example
{
                              "displayName": "Test Corporation1"
                            }
                            

Responses

HTTP 200

Successful update

Name
Type
Description
name
string
read only: true

Identifying name of the corp

displayName
string
min len: 3
max len: 100

Display name of the corp

smallIconURI
string
max len: 200

Small icon URI

created
string
format: date-time
read only: true

Created RFC3339 date time

siteLimit
integer
read only: true

Site limit

sites
uri
string
read only: true

URI sub sites

authType
string
read only: true

Authentication method

sessionMaxAgeDashboard
integer
default: 2592000
min len: 60
max len: 31536000

Dashboard session timeout (seconds)

Response Example
{
                              "name": "testcorp",
                              "displayName": "Test Corporation1",
                              "smallIconURI": "",
                              "created": "2014-12-09T10:43:54-08:00",
                              "siteLimit": 5,
                              "sites": {
                                  "uri": "/api/v0/corps/testcorp/sites"
                              },
                              "authType": "builtin",
                              "sessionMaxAgeDashboard": 2592000,
                            }
                            
HTTP 400

Failed due to data input

Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"Invalid displayName - must be between 3 and 100 characters."}
                            

Get corp overview report

get /corps/{corpName}/reports/attacks

Request

Query Parameters
Name
Type
Description
pretty
boolean

Pretty print the json output

from
string
default: -7d

Number of days ago to begin the data window. Takes the format "-Nd" where N is the number of days (maximum 30).

until
string
default: now

Number of days ago to end the data window. Takes the format "-Nd" where N is the number of days (maximum 30).

Responses

HTTP 200
Name
Type
Description
data
overviewSite array
required: true
name
string

Identifying name of the site

displayName
string

Display name of the site

totalCount
integer

Total number of requests

attackCount
integer

Number of malicious requests

blockedCount
integer

Number of malicious requests blocked

flaggedCount
integer

Number of malicious requests that would have been blocked in blocking mode

flaggedIPCount
integer

Number of IPs that triggered blocking events due to malicious signals

topAttackTypes
topAttackType array
tagName
string

Attack tag name

tagCount
integer

Number of instances of this attack tag

totalCount
integer

Total attack tags seen (note - requests can have multiple tags)

topAttackSources
topAttackSource array
countryCode
string

Two-letter ISO country code (note - empty for "Unknown", "private" for "Private Network"

countryName
string

Descriptive country name

requestCount
integer

Number of requests originating from this country

totalCount
integer

Total attack requests

Response Example
{
                                  "data": [
                                    {
                                      "name":"www.example.com",
                                      "displayName":"Example Site",
                                      "totalCount":49285068291,
                                      "blockedCount":29184,
                                      "flaggedCount":0,
                                      "attackCount":43129,
                                      "previousPeriodAttackCount": 40218,
                                      "previousPeriodBlockedCount": 39190,
                                      "flaggedIPCount":15,
                                      "topAttackTypes":[
                                          {
                                              "tagName":"Attack Tooling",
                                              "tagCount":32551,
                                              "totalCount":49712
                                          },
                                          {
                                              "tagName":"CMDEXE",
                                              "tagCount":5065,
                                              "totalCount":49712
                                          },
                                          {
                                              "tagName":"XSS",
                                              "tagCount":4383,
                                              "totalCount":49712
                                          }
                                      ],
                                      "topAttackSources":[
                                          {
                                              "countryCode":"CA",
                                              "countryName":"Canada",
                                              "requestCount":12414,
                                              "totalCount":43129
                                          },
                                          {
                                              "countryCode":"private",
                                              "countryName":"Private Network",
                                              "requestCount":6204,
                                              "totalCount":43129
                                          },
                                          {
                                              "countryCode":"",
                                              "countryName":"",
                                              "requestCount":5322,
                                              "totalCount":43129
                                          }
                                      ]
                                    }
                                  ]
                                }
                                
HTTP 400
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"Invalid parameter - from"}
                                

List corp activity events

get /corps/{corpName}/activity

Request

Query Parameters
Name
Type
Description
from
integer

The POSIX Unix time to start

until
integer

The POSIX Unix time to end

sort
one of (asc,desc)
default: desc
enum: asc,desc

The sort order

since_id
string

The id of the last object in the set

max_id
string

The id of the last object in the set

limit
integer
default: 100
max: 1000

The number of entries to be returned per page

page
integer

The page of the results. Each page is limited to 1,000 requests, and a maximum of 10,000 requests in total will be returned.

pretty
boolean

Pretty print the json output

events
one of (corpEvents,userEvents)
enum: corpEvents,userEvents

Filter on events

eventType
string

Filter on event type

Responses

HTTP 200
Name
Type
Description
totalCount
integer
format: int32

Total number of matching documents

next
uri
string

Reference to the next page of data

data
activityevent array
required: true
id
string

Unique ID of the activity event

eventType
string

Event type

msgData
object

Data used to format the message

attachments
0
Title
string
required: true
Fields
tuple array
required: true
0
Title
string
required: true
Value
string
required: true
Short
boolean
required: true
MarkdownFields
boolean
required: true
message
string

Message of the event

created
string
format: date-time
read only: true

Created RFC3339 date time

Response Example
{
                                  "totalCount": 5,
                                  "next": {
                                    "uri": "/api/v0/corps/testcorp/activity?limit=1&page=2"
                                  },
                                  "data": [
                                    {
                                      "id": "random-uuid-string",
                                      "eventType": "userMultiFactorAuthEnabled",
                                      "msgData": {},
                                      "message": "User (user@example.com) enabled 2FA",
                                      "attachments": [],
                                      "created": "2018-04-12T01:00:33Z"
                                    }
                                  ]
                                }
                                
HTTP 400
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"Invalid parameter - from"}
                                

List users in corp

get /corps/{corpName}/users

Request

Query Parameters
Name
Type
Description
expand
string

Expand hidden properties for nested object

pretty
boolean

Pretty print the json output

Responses

HTTP 200
Name
Type
Description
data
corpUser array
required: true
name
string
read only: true
required: true

Full name of the user

email
string
read only: true
required: true

Email of the user

announcements
object
required: true
uri
string
read only: true

Reference to site announcements of the user

defaultDashboards
object
required: true
uri
string
read only: true

Reference to default dashboards of the user

memberships
object
required: true
data
data
site
object
required: true
name
string
required: true
displayName
string
required: true
role
string
required: true
uri
string
required: true
uri
string
read only: true

Reference to site memberships of the user

role
string
read only: true
required: true

Role of the user (owner, admin, user, observer)

status
string
read only: true
required: true

Status of the user

mfaEnabled
boolean
read only: true
required: true

Whether this user has two-factor auth enabled or not

authStatus
string
read only: true
required: true

Auth-specific status of the user

corpAuthType
string
read only: true
required: true

Corp auth type of the user

created
string
format: date-time
read only: true
required: true

Created RFC3339 date time

apiUser
boolean
read only: true
required: true

Is the user an API user

Response Example
{
                                  "data": [
                                    {
                                      "name": "Test User",
                                      "email": "user@example.com",
                                      "announcements": {
                                          "uri": "/api/v0/user/announcements"
                                      },
                                      "defaultDashboards": {
                                          "uri": "/api/v0/user/defaultDashboards"
                                      },
                                      "memberships": {
                                        "uri": "/api/v0/corps/testcorp/users/user@example.com/memberships"
                                      }
                                      "role": "user",
                                      "status": "active"
                                      "mfaEnabled": false,
                                      "authStatus": "none",
                                      "created": "2014-12-09T10:43:54-08:00",
                                    }
                                  ]
                                }
                                

Get corp user by email

get /corps/{corpName}/users/{userEmail}

Request

URI Parameters
Name
Type
Description
userEmail
string
matching: [0-9a-z_.-@]+
required: true
Query Parameters
Name
Type
Description
expand
string

Expand hidden properties for nested object

pretty
boolean

Pretty print the json output

Responses

HTTP 200
Name
Type
Description
name
string
read only: true
required: true

Full name of the user

email
string
read only: true
required: true

Email of the user

announcements
object
required: true
uri
string
read only: true

Reference to site announcements of the user

defaultDashboards
object
required: true
uri
string
read only: true

Reference to default dashboards of the user

memberships
object
required: true
data
data
site
object
required: true
name
string
required: true
displayName
string
required: true
role
string
required: true
uri
string
required: true
uri
string
read only: true

Reference to site memberships of the user

role
string
read only: true
required: true

Role of the user (owner, admin, user, observer)

status
string
read only: true
required: true

Status of the user

mfaEnabled
boolean
read only: true
required: true

Whether this user has two-factor auth enabled or not

authStatus
string
read only: true
required: true

Auth-specific status of the user

corpAuthType
string
read only: true
required: true

Corp auth type of the user

created
string
format: date-time
read only: true
required: true

Created RFC3339 date time

apiUser
boolean
read only: true
required: true

Is the user an API user

Response Example
{
                                      "name": "Test User",
                                      "email": "user@example.com",
                                      "memberships": {
                                        "uri": "/api/v0/corps/testcorp/users/user@example.com/memberships"
                                      }
                                      "role": "user",
                                      "status": "active"
                                      "mfaEnabled": false,
                                      "corpAuthType": "builtin",
                                      "authStatus": "none",
                                      "created": "2014-12-09T10:43:54-08:00"
                                      "apiUser": false
                                    }
                                    

Update corp user by email

patch /corps/{corpName}/users/{userEmail}

Request

URI Parameters
Name
Type
Description
userEmail
string
matching: [0-9a-z_.-@]+
required: true
Query Parameters
Name
Type
Description
expand
string

Expand hidden properties for nested object

pretty
boolean

Pretty print the json output

Body (application/json)
Name
Type
Description
role
string
read only: true

Role of the user (owner, admin, user, observer)

memberships
data
site
name
string
read only: true

Name of the site

Request Example
{
                                      "role": "user",
                                      "memberships": {
                                        "data": [{
                                          "site": {
                                            "name": "staging"
                                          }
                                        }, {
                                          "site": {
                                            "name": "production"
                                          }
                                        }]
                                      }
                                    }
                                    

Responses

HTTP 200
Name
Type
Description
name
string
read only: true
required: true

Full name of the user

email
string
read only: true
required: true

Email of the user

announcements
object
required: true
uri
string
read only: true

Reference to site announcements of the user

defaultDashboards
object
required: true
uri
string
read only: true

Reference to default dashboards of the user

memberships
object
required: true
data
data
site
object
required: true
name
string
required: true
displayName
string
required: true
role
string
required: true
uri
string
required: true
uri
string
read only: true

Reference to site memberships of the user

role
string
read only: true
required: true

Role of the user (owner, admin, user, observer)

status
string
read only: true
required: true

Status of the user

mfaEnabled
boolean
read only: true
required: true

Whether this user has two-factor auth enabled or not

authStatus
string
read only: true
required: true

Auth-specific status of the user

corpAuthType
string
read only: true
required: true

Corp auth type of the user

created
string
format: date-time
read only: true
required: true

Created RFC3339 date time

apiUser
boolean
read only: true
required: true

Is the user an API user

Response Example
{
                                      "name": "",
                                      "email": "user@example.com",
                                      "memberships": {
                                        "uri": "/api/v0/corps/testcorp/users/user@example.com/memberships"
                                      }
                                      "role": "user",
                                      "status": "active"
                                      "mfaEnabled": false,
                                      "corpAuthType": "builtin",
                                      "authStatus": "none",
                                      "created": "2014-12-09T10:43:54-08:00"
                                      "apiUser": false
                                    }
                                    

Delete user from corp

delete /corps/{corpName}/users/{userEmail}

Request

URI Parameters
Name
Type
Description
userEmail
string
matching: [0-9a-z_.-@]+
required: true

Responses

HTTP 204

Delete successful

Invite user to corp

post /corps/{corpName}/users/{userEmail}/invite

Request

Query Parameters
Name
Type
Description
expand
string

Expand hidden properties for nested object

pretty
boolean

Pretty print the json output

Body (application/json)
Name
Type
Description
role
string
read only: true

Role of the user (owner, admin, user, observer)

memberships
data
site
name
string
read only: true

Name of the site

Request Example
{
                                          "role": "user",
                                          "memberships": {
                                            "data": [{
                                              "site": {
                                                "name": "staging"
                                              }
                                            }, {
                                              "site": {
                                                "name": "production"
                                              }
                                            }]
                                          }
                                        }
                                        

Responses

HTTP 200
Name
Type
Description
name
string
read only: true
required: true

Full name of the user

email
string
read only: true
required: true

Email of the user

announcements
object
required: true
uri
string
read only: true

Reference to site announcements of the user

defaultDashboards
object
required: true
uri
string
read only: true

Reference to default dashboards of the user

memberships
object
required: true
data
data
site
object
required: true
name
string
required: true
displayName
string
required: true
role
string
required: true
uri
string
required: true
uri
string
read only: true

Reference to site memberships of the user

role
string
read only: true
required: true

Role of the user (owner, admin, user, observer)

status
string
read only: true
required: true

Status of the user

mfaEnabled
boolean
read only: true
required: true

Whether this user has two-factor auth enabled or not

authStatus
string
read only: true
required: true

Auth-specific status of the user

corpAuthType
string
read only: true
required: true

Corp auth type of the user

created
string
format: date-time
read only: true
required: true

Created RFC3339 date time

apiUser
boolean
read only: true
required: true

Is the user an API user

Response Example
{
                                          "name": "",
                                          "email": "example@example.com",
                                          "memberships": {
                                            "uri": "/api/v0/corps/testcorp/users/user@example.com/memberships"
                                          }
                                          "role": "user",
                                          "status": "active"
                                          "mfaEnabled": false,
                                          "corpAuthType": "builtin",
                                          "authStatus": "none",
                                          "created": "2014-12-09T10:43:54-08:00"
                                          "apiUser": false
                                        }
                                        
HTTP 400
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"Invalid site"}
                                        

List rules in corp

get /corps/{corpName}/rules

Request

Query Parameters
Name
Type
Description
type
one of (rateLimit,request,signal)
enum: rateLimit,request,signal
page
integer

The page of the results. Each page is limited to 1,000 requests, and a maximum of 10,000 requests in total will be returned.

limit
integer
default: 100
max: 1000

The number of entries to be returned per page

pretty
boolean

Pretty print the json output

Responses

HTTP 200
Name
Type
Description
totalCount
number
required: true

Total count of Corp Rules

data
corpRule array
required: true
unique items: true
id
string
required: true
siteNames
string array
read only: true
required: true
unique items: true

Sites with the rule available. Rules with a global corpScope will return '[]'.

type
string
required: true

Type of rule (request, signal exclusion)

corpScope
string
required: true

Whether the rule is applied to all sites or to specific sites. (global, specificSites)

enabled
boolean
required: true
groupOperator
string
required: true

Conditions that must be matched when evaluating the request (all, any)

conditions
object array
min items: 1
required: true
unique items: true
type
string
required: true

(group, single, multival)

groupOperator
string

type: group - Conditions that must be matched when evaluating the request (all, any)

field
string

type: single - (scheme, method, path, useragent, domain, ip, responseCode, agentname, paramname, paramvalue, country, name, valueString, valueInt, valueIp, signalType, ja3Fingerprint)

type: multival - (postParameter, queryParameter, requestCookie, requestHeader, responseHeader, signal)

operator
string

type: single - (equals, doesNotEqual, contains, doesNotContain, greaterEqual, lesserEqual, like, notLike, exists, doesNotExist, matches, doesNotMatch, inList, notInList)

value
string

type: single - See request fields

actions
object array
min items: 1
required: true
unique items: true
type
string
required: true

(block, allow, exclude)

requestlogging
string
default: sampled
enum: sampled,none

Indicates whether to store the logs for requests that match the rule's conditions (sampled) or not store them (none). This field is only available for request rules.

signal
string
required: true

The signal id of the signal being excluded

reason
string
required: true

Description of the rule

expiration
string
required: true

Date the rule will automatically be disabled. If rule is always enabled, will return empty string

createdBy
string
required: true

The user that created the rule

created
string
required: true

Created RFC3339 date time

updated
string
required: true

Last updated RFC3339 date time

Response Example
{
                                  "data": {
                                    "totalCount": 1,
                                    "data": [
                                        {
                                            "id": "5e191909c931498586c6f537",
                                            "siteNames": [],
                                            "type": "request",
                                            "corpScope": "global",
                                            "enabled": true,
                                            "groupOperator": "all",
                                            "conditions": [
                                                {
                                                    "type": "single",
                                                    "field": "ip",
                                                    "operator": "equals",
                                                    "value": "233.252.0.1/8"
                                                }
                                            ],
                                            "actions": [
                                                {
                                                    "type": "block"
                                                }
                                            ],
                                            "requestlogging": "sampled",
                                            "reason": "foo",
                                            "expiration": "",
                                            "created": "2015-02-14T21:17:16Z",
                                            "updated": "2015-02-14T21:17:16Z"
                                        }
                                    ]
                                  }
                                }
                                

Create corp rule

post /corps/{corpName}/rules

Request

Query Parameters
Name
Type
Description
pretty
boolean

Pretty print the json output

Body (application/json)
Name
Type
Description
siteNames
string array
read only: true
required: true
unique items: true

Sites with the rule available. Rules with a global corpScope will return '[]'.

type
string
required: true

Type of rule (request, signal exclusion)

corpScope
string
required: true

Whether the rule is applied to all sites or to specific sites. (global, specificSites)

enabled
boolean
required: true
groupOperator
string
required: true

Conditions that must be matched when evaluating the request (all, any)

conditions
object array
min items: 1
required: true
unique items: true
type
string
required: true

(group, single, multival)

groupOperator
string

type: group - Conditions that must be matched when evaluating the request (all, any)

field
string

type: single - (scheme, method, path, useragent, domain, ip, responseCode, agentname, paramname, paramvalue, country, name, valueString, valueInt, valueIp, signalType, ja3Fingerprint)

type: multival - (postParameter, queryParameter, requestCookie, requestHeader, responseHeader, signal)

operator
string

type: single - (equals, doesNotEqual, contains, doesNotContain, greaterEqual, lesserEqual, like, notLike, exists, doesNotExist, matches, doesNotMatch, inList, notInList)

value
string

type: single - See request fields

actions
object array
min items: 1
required: true
unique items: true
type
string
required: true

(block, allow, exclude)

requestlogging
string
default: sampled
enum: sampled,none

Indicates whether to store the logs for requests that match the rule's conditions (sampled) or not store them (none). This field is only available for request rules.

signal
string
required: true

The signal id of the signal being excluded

reason
string
required: true

Description of the rule

expiration
string
required: true

Date the rule will automatically be disabled. If rule is always enabled, will return empty string

Request Example
{
                                    "siteNames": [
                                        "staging",
                                        "production"
                                    ],
                                    "type": "signal",
                                    "groupOperator": "all",
                                    "conditions": [
                                        {
                                            "type": "single",
                                            "field": "ip",
                                            "operator": "equals",
                                            "value": "192.0.2.204"
                                        },
                                        {
                                            "type": "group",
                                            "groupOperator": "any",
                                            "conditions": [
                                                {
                                                    "type": "single",
                                                    "field": "ip",
                                                    "operator": "equals",
                                                    "value": "233.252.0.123"
                                                }
                                            ]
                                        }
                                    ],
                                    "actions": [
                                        {
                                            "type": "excludeSignal"
                                        }
                                    ],
                                    "requestlogging": "sampled",
                                    "enabled": true,
                                    "reason": "test",
                                    "signal": "SQLI",
                                    "expiration": "",
                                    "corpScope": "specificSites"
                                }
                                

Responses

HTTP 200
Name
Type
Description
id
string
required: true
siteNames
string array
read only: true
required: true
unique items: true

Sites with the rule available. Rules with a global corpScope will return '[]'.

type
string
required: true

Type of rule (request, signal exclusion)

corpScope
string
required: true

Whether the rule is applied to all sites or to specific sites. (global, specificSites)

enabled
boolean
required: true
groupOperator
string
required: true

Conditions that must be matched when evaluating the request (all, any)

conditions
object array
min items: 1
required: true
unique items: true
type
string
required: true

(group, single, multival)

groupOperator
string

type: group - Conditions that must be matched when evaluating the request (all, any)

field
string

type: single - (scheme, method, path, useragent, domain, ip, responseCode, agentname, paramname, paramvalue, country, name, valueString, valueInt, valueIp, signalType, ja3Fingerprint)

type: multival - (postParameter, queryParameter, requestCookie, requestHeader, responseHeader, signal)

operator
string

type: single - (equals, doesNotEqual, contains, doesNotContain, greaterEqual, lesserEqual, like, notLike, exists, doesNotExist, matches, doesNotMatch, inList, notInList)

value
string

type: single - See request fields

actions
object array
min items: 1
required: true
unique items: true
type
string
required: true

(block, allow, exclude)

requestlogging
string
default: sampled
enum: sampled,none

Indicates whether to store the logs for requests that match the rule's conditions (sampled) or not store them (none). This field is only available for request rules.

signal
string
required: true

The signal id of the signal being excluded

reason
string
required: true

Description of the rule

expiration
string
required: true

Date the rule will automatically be disabled. If rule is always enabled, will return empty string

createdBy
string
required: true

The user that created the rule

created
string
required: true

Created RFC3339 date time

updated
string
required: true

Last updated RFC3339 date time

Response Example
{
                                  "id": "5e18ee76f13d66138c3e587c",
                                  "siteNames": [
                                    "staging",
                                    "production"
                                  ],
                                  "type": "signal",
                                  "corpScope": "specificSites",
                                  "enabled": true,
                                  "groupOperator": "all",
                                  "conditions": [
                                    {
                                      "type": "single",
                                      "field": "ip",
                                      "operator": "equals",
                                      "value": "233.252.0.31"
                                    },
                                    {
                                      "type": "group",
                                      "groupOperator": "any",
                                      "conditions": [
                                        {
                                          "type": "single",
                                          "field": "ip",
                                          "operator": "equals",
                                          "value": "192.0.2.63"
                                        }
                                      ]
                                    }
                                  ],
                                  "actions": [
                                    {
                                      "type": "excludeSignal"
                                    }
                                  ],
                                  "requestlogging": "sampled",
                                  "signal": "SQLI",
                                  "reason": "test",
                                  "expiration": ""
                                }
                                

Get corp rule by id

get /corps/{corpName}/rules/{id}

Request

URI Parameters
Name
Type
Description
id
string
required: true

Responses

HTTP 200
Name
Type
Description
id
string
required: true
siteNames
string array
read only: true
required: true
unique items: true

Sites with the rule available. Rules with a global corpScope will return '[]'.

type
string
required: true

Type of rule (request, signal exclusion)

corpScope
string
required: true

Whether the rule is applied to all sites or to specific sites. (global, specificSites)

enabled
boolean
required: true
groupOperator
string
required: true

Conditions that must be matched when evaluating the request (all, any)

conditions
object array
min items: 1
required: true
unique items: true
type
string
required: true

(group, single, multival)

groupOperator
string

type: group - Conditions that must be matched when evaluating the request (all, any)

field
string

type: single - (scheme, method, path, useragent, domain, ip, responseCode, agentname, paramname, paramvalue, country, name, valueString, valueInt, valueIp, signalType, ja3Fingerprint)

type: multival - (postParameter, queryParameter, requestCookie, requestHeader, responseHeader, signal)

operator
string

type: single - (equals, doesNotEqual, contains, doesNotContain, greaterEqual, lesserEqual, like, notLike, exists, doesNotExist, matches, doesNotMatch, inList, notInList)

value
string

type: single - See request fields

actions
object array
min items: 1
required: true
unique items: true
type
string
required: true

(block, allow, exclude)

requestlogging
string
default: sampled
enum: sampled,none

Indicates whether to store the logs for requests that match the rule's conditions (sampled) or not store them (none). This field is only available for request rules.

signal
string
required: true

The signal id of the signal being excluded

reason
string
required: true

Description of the rule

expiration
string
required: true

Date the rule will automatically be disabled. If rule is always enabled, will return empty string

createdBy
string
required: true

The user that created the rule

created
string
required: true

Created RFC3339 date time

updated
string
required: true

Last updated RFC3339 date time

Response Example
{
                                      "data": {
                                        "totalCount": 1,
                                        "data": {
                                                "id": "5e191909c931498586c6f537",
                                                "siteNames": [],
                                                "type": "request",
                                                "corpScope": "global",
                                                "enabled": true,
                                                "groupOperator": "all",
                                                "conditions": [
                                                    {
                                                        "type": "single",
                                                        "field": "ip",
                                                        "operator": "equals",
                                                        "value": "203.0.113.1/8"
                                                    }
                                                ],
                                                "actions": [
                                                    {
                                                        "type": "block"
                                                    }
                                                ],
                                                "requestlogging": "sampled",
                                                "reason": "foo",
                                                "expiration": "",
                                                "created": "2015-02-14T21:17:16Z",
                                                "updated": "2015-02-14T21:17:16Z"
                                            }
                                      }
                                    }
                                    

Update corp rule

put /corps/{corpName}/rules/{id}

Request

URI Parameters
Name
Type
Description
id
string
required: true
Body (application/json)
Name
Type
Description
siteNames
string array
read only: true
required: true
unique items: true

Sites with the rule available. Rules with a global corpScope will return '[]'.

type
string
required: true

Type of rule (request, signal exclusion)

corpScope
string
required: true

Whether the rule is applied to all sites or to specific sites. (global, specificSites)

enabled
boolean
required: true
groupOperator
string
required: true

Conditions that must be matched when evaluating the request (all, any)

conditions
object array
min items: 1
required: true
unique items: true
type
string
required: true

(group, single, multival)

groupOperator
string

type: group - Conditions that must be matched when evaluating the request (all, any)

field
string

type: single - (scheme, method, path, useragent, domain, ip, responseCode, agentname, paramname, paramvalue, country, name, valueString, valueInt, valueIp, signalType, ja3Fingerprint)

type: multival - (postParameter, queryParameter, requestCookie, requestHeader, responseHeader, signal)

operator
string

type: single - (equals, doesNotEqual, contains, doesNotContain, greaterEqual, lesserEqual, like, notLike, exists, doesNotExist, matches, doesNotMatch, inList, notInList)

value
string

type: single - See request fields

actions
object array
min items: 1
required: true
unique items: true
type
string
required: true

(block, allow, exclude)

requestlogging
string
default: sampled
enum: sampled,none

Indicates whether to store the logs for requests that match the rule's conditions (sampled) or not store them (none). This field is only available for request rules.

signal
string
required: true

The signal id of the signal being excluded

reason
string
required: true

Description of the rule

expiration
string
required: true

Date the rule will automatically be disabled. If rule is always enabled, will return empty string

Request Example
{
                                      "id": "5e1914acf13d663e6d0178ea",
                                      "siteNames": [
                                        "staging",
                                        "production"
                                      ],
                                      "type": "signal",
                                      "corpScope": "specificSites",
                                      "enabled": true,
                                      "groupOperator": "all",
                                      "conditions": [
                                        {
                                          "type": "single",
                                          "field": "ip",
                                          "operator": "equals",
                                          "value": "198.51.100.76"
                                        },
                                        {
                                          "type": "group",
                                          "groupOperator": "any",
                                          "conditions": [
                                            {
                                              "type": "single",
                                              "field": "ip",
                                              "operator": "equals",
                                              "value": "203.0.113.156"
                                            }
                                          ]
                                        }
                                      ],
                                      "actions": [
                                        {
                                          "type": "excludeSignal"
                                        }
                                      ],
                                      "requestlogging": "sampled",
                                      "signal": "SQLI",
                                      "reason": "Known malicious IPs",
                                      "expiration": ""
                                    }
                                    

Responses

HTTP 200
Name
Type
Description
id
string
required: true
siteNames
string array
read only: true
required: true
unique items: true

Sites with the rule available. Rules with a global corpScope will return '[]'.

type
string
required: true

Type of rule (request, signal exclusion)

corpScope
string
required: true

Whether the rule is applied to all sites or to specific sites. (global, specificSites)

enabled
boolean
required: true
groupOperator
string
required: true

Conditions that must be matched when evaluating the request (all, any)

conditions
object array
min items: 1
required: true
unique items: true
type
string
required: true

(group, single, multival)

groupOperator
string

type: group - Conditions that must be matched when evaluating the request (all, any)

field
string

type: single - (scheme, method, path, useragent, domain, ip, responseCode, agentname, paramname, paramvalue, country, name, valueString, valueInt, valueIp, signalType, ja3Fingerprint)

type: multival - (postParameter, queryParameter, requestCookie, requestHeader, responseHeader, signal)

operator
string

type: single - (equals, doesNotEqual, contains, doesNotContain, greaterEqual, lesserEqual, like, notLike, exists, doesNotExist, matches, doesNotMatch, inList, notInList)

value
string

type: single - See request fields

actions
object array
min items: 1
required: true
unique items: true
type
string
required: true

(block, allow, exclude)

requestlogging
string
default: sampled
enum: sampled,none

Indicates whether to store the logs for requests that match the rule's conditions (sampled) or not store them (none). This field is only available for request rules.

signal
string
required: true

The signal id of the signal being excluded

reason
string
required: true

Description of the rule

expiration
string
required: true

Date the rule will automatically be disabled. If rule is always enabled, will return empty string

createdBy
string
required: true

The user that created the rule

created
string
required: true

Created RFC3339 date time

updated
string
required: true

Last updated RFC3339 date time

Response Example
{
                                      "id": "5e18ee76f13d66138c3e587c",
                                      "siteNames": [
                                        "staging",
                                        "production"
                                      ],
                                      "type": "signal",
                                      "corpScope": "specificSites",
                                      "enabled": true,
                                      "groupOperator": "all",
                                      "conditions": [
                                        {
                                          "type": "single",
                                          "field": "ip",
                                          "operator": "equals",
                                          "value": "233.252.0.101"
                                        },
                                        {
                                          "type": "group",
                                          "groupOperator": "any",
                                          "conditions": [
                                            {
                                              "type": "single",
                                              "field": "ip",
                                              "operator": "equals",
                                              "value": "192.0.2.86"
                                            }
                                          ]
                                        }
                                      ],
                                      "actions": [
                                        {
                                          "type": "excludeSignal"
                                        }
                                      ],
                                      "requestlogging": "sampled",
                                      "signal": "SQLI",
                                      "reason": "test",
                                      "expiration": ""
                                    }
                                    

Delete rule from corp

delete /corps/{corpName}/rules/{id}

Request

URI Parameters
Name
Type
Description
id
string
required: true

Responses

HTTP 204

Delete successful

Create corp signal tag

post /corps/{corpName}/tags

Request

Query Parameters
Name
Type
Description
pretty
boolean

Pretty print the json output

Body (application/json)
Name
Type
Description
shortName
string
min len: 3
max len: 25
required: true

The display name of the signal tag

description
string
max len: 140

Optional signal tag description

Request Example
{
                                    "shortName": "example signal tag",
                                    "description": "An example of a custom signal tag"
                                }
                                

Responses

HTTP 200
Name
Type
Description
shortName
string
required: true

The display name of the signal tag

tagName
string
required: true

The identifier for the signal tag

longName
string
read only: true
required: true

The display name of the signal tag - deprecated

description
string
required: true

Optional signal tag description

configurable
boolean
read only: true
required: true
informational
boolean
read only: true
required: true
needsResponse
boolean
read only: true
required: true
createdBy
string
read only: true

Email address of the user that created the resource

created
string
read only: true
required: true

Created RFC3339 date time

Response Example
{
                                    "shortName": "example signal tag",
                                    "tagName": "corp.example-signal-tag",
                                    "longName": "example signal tag",
                                    "description": "An example of a custom signal tag",
                                    "configurable": false,
                                    "informational": false,
                                    "needsResponse": false,
                                    "createdBy": "user@example.com",
                                    "created": "2020-02-06T23:28:54Z"
                                }
                                

List signal tags in corp

get /corps/{corpName}/tags

Request

Query Parameters
Name
Type
Description
pretty
boolean

Pretty print the json output

Responses

HTTP 200
Name
Type
Description
data
corpSignalTag array
required: true
unique items: true
shortName
string
required: true

The display name of the signal tag

tagName
string
required: true

The identifier for the signal tag

longName
string
read only: true
required: true

The display name of the signal tag - deprecated

description
string
required: true

Optional signal tag description

configurable
boolean
read only: true
required: true
informational
boolean
read only: true
required: true
needsResponse
boolean
read only: true
required: true
createdBy
string
read only: true

Email address of the user that created the resource

created
string
read only: true
required: true

Created RFC3339 date time

Response Example
{
                                    "data": [
                                        {
                                            "shortName": "example signal tag",
                                            "tagName": "corp.example-signal-tag",
                                            "longName": "example signal tag",
                                            "description": "An example of a custom signal tag",
                                            "configurable": false,
                                            "informational": false,
                                            "needsResponse": false,
                                            "createdBy": "user@example.com",
                                            "created": "2020-02-06T23:28:54Z"
                                        },
                                        {
                                            "shortName": "test-signal",
                                            "tagName": "corp.test-signal",
                                            "longName": "Test Signal",
                                            "description": "This is a signal for use when testing",
                                            "configurable": false,
                                            "informational": false,
                                            "needsResponse": false,
                                            "createdBy": "user@example.com",
                                            "created": "2020-01-10T23:36:50Z"
                                        }
                                    ]
                                }
                                

Get corp signal tag by tagName

get /corps/{corpName}/tags/{tagName}

Request

URI Parameters
Name
Type
Description
tagName
string
required: true

Responses

HTTP 200
Name
Type
Description
shortName
string
required: true

The display name of the signal tag

tagName
string
required: true

The identifier for the signal tag

longName
string
read only: true
required: true

The display name of the signal tag - deprecated

description
string
required: true

Optional signal tag description

configurable
boolean
read only: true
required: true
informational
boolean
read only: true
required: true
needsResponse
boolean
read only: true
required: true
createdBy
string
read only: true

Email address of the user that created the resource

created
string
read only: true
required: true

Created RFC3339 date time

Response Example
{
                                        "shortName": "example signal tag",
                                        "tagName": "corp.example-signal-tag",
                                        "longName": "example signal tag",
                                        "description": "An example of a custom signal tag",
                                        "configurable": false,
                                        "informational": false,
                                        "needsResponse": false,
                                        "createdBy": "user@example.com",
                                        "created": "2020-02-06T23:28:54Z"
                                    }
                                    

Update corp signal tag

patch /corps/{corpName}/tags/{tagName}

Request

URI Parameters
Name
Type
Description
tagName
string
required: true
Body (application/json)
Name
Type
Description
description
string
max len: 140
required: true

Optional signal tag description

Request Example
{
                                      "description": "An example of a custom signal tag - UPDATE"
                                    }
                                    

Responses

HTTP 200
Name
Type
Description
shortName
string
required: true

The display name of the signal tag

tagName
string
required: true

The identifier for the signal tag

longName
string
read only: true
required: true

The display name of the signal tag - deprecated

description
string
required: true

Optional signal tag description

configurable
boolean
read only: true
required: true
informational
boolean
read only: true
required: true
needsResponse
boolean
read only: true
required: true
createdBy
string
read only: true

Email address of the user that created the resource

created
string
read only: true
required: true

Created RFC3339 date time

Response Example
{
                                        "shortName": "example signal tag",
                                        "tagName": "corp.example-signal-tag",
                                        "longName": "example signal tag",
                                        "description": "An example of a custom signal tag - UPDATE.",
                                        "configurable": false,
                                        "informational": false,
                                        "needsResponse": false,
                                        "createdBy": "user@example.com",
                                        "created": "2020-02-06T23:28:54Z"
                                    }
                                    

Delete signal tag from corp

delete /corps/{corpName}/tags/{tagName}

Request

URI Parameters
Name
Type
Description
tagName
string
required: true

Responses

HTTP 204

Delete successful

Get all lists

get /corps/{corpName}/lists

Request

Responses

HTTP 200
Name
Type
Description
data
list array
required: true
id
string

Site-specific unique ID of the list

name
string
min len: 3
max len: 32

Descriptive list name

type
string

List types (string, ip, country, wildcard)

description
string
max len: 140

Optional list description

entries
string array

List entries

createdBy
string
read only: true

Email address of the user that created the item

created
string
format: date-time
read only: true

Created RFC3339 date time

updated
string
format: date-time
read only: true

Last updated RFC3339 date time

Response Example
{
                                  "data": [
                                    {
                                      "id": "corp.known-attackers",
                                      "name": "Known Attackers",
                                      "type": "ip",
                                      "description": "Malicious IPs we're tracking",
                                      "entries": [
                                        "198.51.100.165",
                                        "233.252.0.215",
                                        "192.0.2.186"
                                      ],
                                      "createdBy": "user@example.com",
                                      "created": "2018-08-06T18:57:55Z",
                                      "updated": "2018-08-13T15:26:01Z"
                                    },
                                    {
                                      "id": "corp.ofac-countries",
                                      "name": "OFAC Countries",
                                      "type": "country",
                                      "description": "Countries on the OFAC list",
                                      "entries": [
                                        "MM",
                                        "CI",
                                        "CU",
                                        "IR",
                                        "KP",
                                        "SY"
                                      ],
                                      "createdBy": "user@example.com",
                                      "created": "2018-08-03T20:50:54Z",
                                      "updated": "2018-08-03T20:50:59Z"
                                    }
                                  ]
                                }
                                

Create list

post /corps/{corpName}/lists

Request

Body (application/json)
Name
Type
Description
name
string
min len: 3
max len: 32

Descriptive list name

type
string

List types (string, ip, country, wildcard, signal)

description
string
max len: 140

Optional list description

entries
string array

List entries

Request Example
{
                                  "name": "My New List",
                                  "type": "ip",
                                  "description": "Some IPs we're putting in a list",
                                  "entries": [
                                    "192.0.2.186",
                                    "198.51.100.138",
                                    "233.252.0.174"
                                  ]
                                }
                                

Responses

HTTP 200
Name
Type
Description
id
string

Site-specific unique ID of the list

name
string
min len: 3
max len: 32

Descriptive list name

type
string

List types (string, ip, country, wildcard)

description
string
max len: 140

Optional list description

entries
string array

List entries

createdBy
string
read only: true

Email address of the user that created the item

created
string
format: date-time
read only: true

Created RFC3339 date time

updated
string
format: date-time
read only: true

Last updated RFC3339 date time

Response Example
{
                                  "id": "corp.my-new-list",
                                  "name": "My New List",
                                  "type": "ip",
                                  "description": "Some IPs we're putting in a list",
                                  "entries": [
                                    "192.0.2.186",
                                    "198.51.100.138",
                                    "233.252.0.174"
                                  ],
                                  "createdBy": "user@example.com",
                                  "created": "2018-08-16T17:38:27Z",
                                  "updated": "2018-08-16T17:38:27Z"
                                }
                                
HTTP 400
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"List cannot be deleted because a rule uses it"}
                                

Get list by id

get /corps/{corpName}/lists/{id}

Request

URI Parameters
Name
Type
Description
id
string
required: true

Responses

HTTP 200
Name
Type
Description
id
string

Site-specific unique ID of the list

name
string
min len: 3
max len: 32

Descriptive list name

type
string

List types (string, ip, country, wildcard)

description
string
max len: 140

Optional list description

entries
string array

List entries

createdBy
string
read only: true

Email address of the user that created the item

created
string
format: date-time
read only: true

Created RFC3339 date time

updated
string
format: date-time
read only: true

Last updated RFC3339 date time

Response Example
{
                                      "id": "corp.my-new-list",
                                      "name": "My New List",
                                      "type": "ip",
                                      "description": "Some IPs we're putting in a list",
                                      "entries": [
                                        "192.0.2.186",
                                        "198.51.100.138",
                                        "233.252.0.174"
                                      ],
                                      "createdBy": "user@example.com",
                                      "created": "2018-08-16T17:38:27Z",
                                      "updated": "2018-08-16T17:38:27Z"
                                    }
                                    
HTTP 404
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"id not found"}
                                    

Update list by id

patch /corps/{corpName}/lists/{id}

Request

URI Parameters
Name
Type
Description
id
string
required: true
Body (application/json)
Name
Type
Description
description
string
max len: 140

Optional list description

entries
additions
string array

List additions

deletions
string array

List deletions

Request Example
{
                                      "entries": {
                                        "additions": [
                                          "192.0.2.19"
                                        ],
                                        "deletions": [
                                          "192.0.2.186",
                                          "233.252.0.174"
                                        ]
                                      }
                                    }
                                    

Responses

HTTP 200
Name
Type
Description
id
string

Site-specific unique ID of the list

name
string
min len: 3
max len: 32

Descriptive list name

type
string

List types (string, ip, country, wildcard)

description
string
max len: 140

Optional list description

entries
string array

List entries

createdBy
string
read only: true

Email address of the user that created the item

created
string
format: date-time
read only: true

Created RFC3339 date time

updated
string
format: date-time
read only: true

Last updated RFC3339 date time

Response Example
{
                                      "id": "corp.my-new-list",
                                      "name": "My New List",
                                      "type": "ip",
                                      "description": "Some IPs we're still putting in a list",
                                      "entries": [
                                        "198.51.100.138",
                                        "192.0.2.19"
                                      ],
                                      "createdBy": "user@example.com",
                                      "created": "2018-08-16T17:38:27Z",
                                      "updated": "2018-08-16T21:43:08Z"
                                    }
                                    
HTTP 404
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"id not found"}
                                    

Replace list by id

put /corps/{corpName}/lists/{id}

Request

URI Parameters
Name
Type
Description
id
string
required: true
Body (application/json)
Name
Type
Description
description
string
max len: 140

Optional list description

entries
string array

List entries

Request Example
{
                                      "description": "Some IPs we're still putting in a list",
                                      "entries": [
                                        "192.0.2.186",
                                        "233.252.0.174",
                                        "198.51.100.193"
                                      ]
                                    }
                                    

Responses

HTTP 200
Name
Type
Description
id
string

Site-specific unique ID of the list

name
string
min len: 3
max len: 32

Descriptive list name

type
string

List types (string, ip, country, wildcard)

description
string
max len: 140

Optional list description

entries
string array

List entries

createdBy
string
read only: true

Email address of the user that created the item

created
string
format: date-time
read only: true

Created RFC3339 date time

updated
string
format: date-time
read only: true

Last updated RFC3339 date time

Response Example
{
                                      "id": "corp.my-new-list",
                                      "name": "My New List",
                                      "type": "ip",
                                      "description": "Some IPs we're still putting in a list",
                                      "entries": [
                                        "192.0.2.186",
                                        "233.252.0.174",
                                        "198.51.100.193"
                                      ],
                                      "createdBy": "user@example.com",
                                      "created": "2018-08-16T17:38:27Z",
                                      "updated": "2018-08-16T21:43:08Z"
                                    }
                                    
HTTP 404
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"ID not found"}
                                    

Delete list

delete /corps/{corpName}/lists/{id}

Request

URI Parameters
Name
Type
Description
id
string
required: true

Responses

HTTP 204

Successful removal from the list

HTTP 404
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"ID not found"}
                                    

List corp integrations

get /corps/{corpName}/integrations

Request

Responses

HTTP 200
Name
Type
Description
data
integration array
id
string
read only: true
required: true

Unique id of the integration

name
string
required: true

Integration name

type
string
required: true

Corp integration types: (mailingList, slack, microsoftTeams). Site integration types: (mailingList, slack, datadog, generic, pagerduty, microsoftTeams, jira, opsgenie, victorops, pivotaltracker)

url
string
required: true

Integration URL

fields
object,null
required: true
events
string array
required: true

Array of event types. Visit our integrations documentation to find out which events the service you are connecting allows.

active
boolean
read only: true
required: true
note
string

Integration note

createdBy
string
read only: true
required: true

Email address of the user that created the item

created
string
format: date-time
read only: true
required: true

Created RFC3339 date time

lastStatusCode
number
read only: true
required: true
required
Response Example
{
                                  "data": [
                                    {
                                      "id": "556a8abb3dfaa4ff28000002",
                                      "name": "Slack message",
                                      "type": "slack",
                                      "url": "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX",
                                      "fields": null,
                                      "events": [
                                        "corpUpdated"
                                      ],
                                      "active": true,
                                      "note": "Sample",
                                      "createdBy": "user@example.com",
                                      "created": "2015-02-14T21:17:16Z",
                                      "lastStatusCode": 0
                                    }
                                  ]
                                }
                                

Create corp integration

post /corps/{corpName}/integrations

Request

Body (application/json)
Name
Type
Description
url
string
required: true

Integration URL

type
string
required: true

Corp integration types (mailingList, slack, microsoftTeams). Site integration types (mailingList, slack, datadog, generic, pagerduty, microsoftTeams, jira, opsgenie, victorops, pivotaltracker)

events
string array
required: true

Array of event types. Visit our integrations documentation to find out which events the service you are connecting allows.

note
string

Integration note

Request Example
{
                                  "url":"https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX",
                                  "type":"slack",
                                  "events": [
                                    "corpUpdated"
                                  ],
                                  "note": ""
                                }
                                

Responses

HTTP 200
Name
Type
Description
ID
string
read only: true
required: true

Unique ID of the integration

Type
string
required: true

Corp integration types: (mailingList, slack, microsoftTeams). Site integration types: (mailingList, slack, datadog, generic, pagerduty, microsoftTeams, jira, opsgenie, victorops, pivotaltracker)

URL
string
required: true

Integration URL

ExtraFields
string,null
required: true
Events
string array
required: true

Array of event types. Visit our integrations documentation to find out which events the service you are connecting allows.

Active
boolean
read only: true
required: true
CreatedBy
string
read only: true
required: true

Email address of the user that created the integration

CreatedByID
string
read only: true

ID of the user that created the integration

Note
string
required: true

Integration note

Created
string
format: date-time
read only: true
required: true

Created RFC3339 date time

LastStatusCode
number
read only: true
required: true
Response Example
{
                                    "ID": "5e2f5d17f13d66152d396956",
                                    "Type": "slack",
                                    "URL": "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX",
                                    "ExtraFields": null,
                                    "Events": [
                                        "corpUpdated"
                                    ],
                                    "Active": true,
                                    "CreatedBy": "user@example.com",
                                    "CreatedByID": "5e222f75f13d666c9eaec7d9",
                                    "Note": "",
                                    "Created": "2020-01-27T21:58:47.608359Z",
                                    "LastStatusCode": 0
                                }
                                
HTTP 400
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"Validation failed"}
                                

Get corp integration by id

get /corps/{corpName}/integrations/{id}

Request

URI Parameters
Name
Type
Description
id
string
required: true
Query Parameters
Name
Type
Description
pretty
boolean

Pretty print the json output

Responses

HTTP 200
Name
Type
Description
id
string
read only: true
required: true

Unique id of the integration

name
string
required: true

Integration name

type
string
required: true

Corp integration types: (mailingList, slack, microsoftTeams). Site integration types: (mailingList, slack, datadog, generic, pagerduty, microsoftTeams, jira, opsgenie, victorops, pivotaltracker)

url
string
required: true

Integration URL

fields
object,null
required: true
events
string array
required: true

Array of event types. Visit our integrations documentation to find out which events the service you are connecting allows.

active
boolean
read only: true
required: true
note
string

Integration note

createdBy
string
read only: true
required: true

Email address of the user that created the item

created
string
format: date-time
read only: true
required: true

Created RFC3339 date time

lastStatusCode
number
read only: true
required: true
Response Example
{
                                        "id": "556a8abb3dfaa4ff28000002",
                                        "name": "Slack message",
                                        "type": "slack",
                                        "url": "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX",
                                        "fields": null,
                                        "events": [
                                          "corpUpdated"
                                        ],
                                        "active": true,
                                        "note": "Sample",
                                        "createdBy": "user@example.com",
                                        "created": "2015-02-14T21:17:16Z",
                                        "lastStatusCode": 0
                                      }
                                    
HTTP 404
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"No integration with given id exists"}
                                    

Update corp integration by id

patch /corps/{corpName}/integrations/{id}

Request

URI Parameters
Name
Type
Description
id
string
required: true
Query Parameters
Name
Type
Description
pretty
boolean

Pretty print the json output

Body (application/json)
Name
Type
Description
url
string

Integration URL

events
string array

Array of event types. Visit our integrations documentation to find out which events the service you are connecting allows.

Request Example
{
                                      "url": "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX",
                                      "events": ["listCreated", "corpUpdated"]
                                    }
                                    

Responses

HTTP 204

Successful update

HTTP 400
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"Validation failed"}
                                    
HTTP 404
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"No integration with given id exists"}
                                    

Delete corp integration

delete /corps/{corpName}/integrations/{id}

Request

URI Parameters
Name
Type
Description
id
string
required: true
Query Parameters
Name
Type
Description
pretty
boolean

Pretty print the json output

Responses

HTTP 204

Successful removal from the list

HTTP 404
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"No integration with given id exists"}
                                    

Test corp integration by id

post /corps/{corpName}/integrations/{id}/test

Request

URI Parameters
Name
Type
Description
id
string
required: true

Responses

HTTP 200

Test successful

HTTP 500

Test failed

List CloudWAF instances

get /corps/{corpName}/cloudwafInstances

Request

Responses

HTTP 200
Name
Type
Description
data
cloudwafInstanceResponse array
id
string

CloudWAF instance unique identifier.

name
string

Friendly name to identify a CloudWAF instance.

description
string

Friendly description to identify a CloudWAF instance.

region
string

Region the CloudWAF Instance is being deployed to.

tlsMinVersion
string

TLS minimum version.

useUploadedCertificates
boolean

Allows switching between using an uploaded certificate or using the default certificate. When disabled, the default certificate is used.

workspaceConfigs
siteName
string

Site name.

instanceLocation
string

Set instance location to "direct" or "advanced".

clientIPHeader
string

Specify the request header containing the client IP address, available when InstanceLocation is set to "advanced". Default: "X-Forwarded-For".

listenerProtocols
string array

Specify the protocol or protocols required.

routes
id
string

Route unique identifier.

certificateIds
string array

List of certificate IDs in string associated with request URI or domains. IDs will be available in certificate GET request.

origin
string

Origin server URI.

passHostHeader
boolean

Pass the client supplied host header through to the upstream (including the upstream TLS handshake for use with SNI and certificate validation). If using Heroku or Server Name Indications (SNI), this must be disabled(default: false).

domains
string array

List of domain or request URIs, up to 100 entries.

connectionPooling
boolean

If disabled, opened connections will not be reused (default: true).

trustProxyHeaders
boolean

If true, will trust proxy headers coming into the agent. If false, will ignore and drop those headers (default: false)

deployment
status
string

Current status of the deployment

message
string

CloudWAF instance message

egressIPs
ip
string

Egress IP address CloudWAF will be directing traffic to origin from.

status
string

EgressIP Status.

updatedAt
string

When EgressIP was last updated on.

dnsEntry
string

CloudWAF instance's DNS Entry.

useUploadedCertificates
boolean

Represents if the user uploaded certificates should be used to create or update the cloudwaf instance.

createdBy
string

CloudWAF instance created by.

created
string

Timestamp for when deployment was created.

Create CloudWAF instance

post /corps/{corpName}/cloudwafInstances

Request

Body (application/json)
Name
Type
Description
name
string
required: true

Friendly name to identify a CloudWAF instance.

description
string
required: true

Friendly description to identify a CloudWAF instance.

region
string
required: true

Region the CloudWAF Instance is being deployed to.(Supported region: "us-east-1", "us-west-1", "af-south-1", "ap-northeast-1", "ap-northeast-2", "ap-south-1", "ap-southeast-1", "ap-southeast-2", "ca-central-1", "eu-central-1", "eu-north-1", "eu-west-1", "eu-west-2", "eu-west-3", "sa-east-1", "us-east-2", "us-west-2").

tlsMinVersion
string
required: true

TLS minimum version. Versions Available: "1.0", "1.2".

useUploadedCertificates
boolean
required: true

Allows switching between using an uploaded certificate or using the default certificate. When disabled, the default certificate is used.

workspaceConfigs
object array
required: true
siteName
string
required: true

Site name.

instanceLocation
string
required: true

Set instance location to "direct" or "advanced".

clientIPHeader
string

Specify the request header containing the client IP address, available when InstanceLocation is set to "advanced". Default: "X-Forwarded-For".

listenerProtocols
string array
required: true

Specify the protocol or protocols required. ex. ["http", "https"], ["https"].

routes
object array
required: true
certificateIds
string array
required: true

List of certificate IDs in string associated with request URI or domains. IDs will be available in certificate GET request.

origin
string
required: true

Origin server URI.

passHostHeader
boolean

Pass the client supplied host header through to the upstream (including the upstream TLS handshake for use with SNI and certificate validation). If using Heroku or Server Name Indications (SNI), this must be disabled(default: false).

connectionPooling
boolean

If disabled, opened connections will not be reused (default: true).

trustProxyHeaders
boolean

If true, will trust proxy headers coming into the agent. If false, will ignore and drop those headers. (default: false)

domains
string array
required: true

List of domain or request URIs, up to 100 entries.

Request Example
{
                                  "name": "test",
                                  "description": "test",
                                  "region": "us-east-1",
                                  "tlsMinVersion": "1.2",
                                  "useUploadedCertificates": true,
                                  "workspaceConfigs": [
                                    {
                                      "siteName": "www.example.com",
                                      "instanceLocation": "direct",
                                      "clientIPHeader": "",
                                      "listenerProtocols": ["https"],
                                      "routes": [
                                        {
                                          "certificateIds": ["id"],
                                          "domains": ["www.example.com"],
                                          "origin": "https://origin.example.com",
                                          "passHostHeader": false,
                                          "connectionPooling": true,
                                          "trustProxyHeaders": false
                                        }
                                      ]
                                    }
                                  ]
                                }
                                

Responses

HTTP 200
Name
Type
Description
id
string

CloudWAF instance unique identifier.

name
string

Friendly name to identify a CloudWAF instance.

description
string

Friendly description to identify a CloudWAF instance.

region
string

Region the CloudWAF Instance is being deployed to.

tlsMinVersion
string

TLS minimum version.

useUploadedCertificates
boolean

Allows switching between using an uploaded certificate or using the default certificate. When disabled, the default certificate is used.

workspaceConfigs
siteName
string

Site name.

instanceLocation
string

Set instance location to "direct" or "advanced".

clientIPHeader
string

Specify the request header containing the client IP address, available when InstanceLocation is set to "advanced". Default: "X-Forwarded-For".

listenerProtocols
string array

Specify the protocol or protocols required.

routes
id
string

Route unique identifier.

certificateIds
string array

List of certificate IDs in string associated with request URI or domains. IDs will be available in certificate GET request.

origin
string

Origin server URI.

passHostHeader
boolean

Pass the client supplied host header through to the upstream (including the upstream TLS handshake for use with SNI and certificate validation). If using Heroku or Server Name Indications (SNI), this must be disabled(default: false).

domains
string array

List of domain or request URIs, up to 100 entries.

connectionPooling
boolean

If disabled, opened connections will not be reused (default: true).

trustProxyHeaders
boolean

If true, will trust proxy headers coming into the agent. If false, will ignore and drop those headers (default: false)

deployment
status
string

Current status of the deployment

message
string

CloudWAF instance message

egressIPs
ip
string

Egress IP address CloudWAF will be directing traffic to origin from.

status
string

EgressIP Status.

updatedAt
string

When EgressIP was last updated on.

dnsEntry
string

CloudWAF instance's DNS Entry.

useUploadedCertificates
boolean

Represents if the user uploaded certificates should be used to create or update the cloudwaf instance.

createdBy
string

CloudWAF instance created by.

created
string

Timestamp for when deployment was created.

HTTP 400
Response Example
{"message": "An absolute URI including a scheme is required: unexpected origin, got = www.example.com"}
                                

Get CloudWAF instance by id

get /corps/{corpName}/cloudwafInstances/{deployment_id}

Request

URI Parameters
Name
Type
Description
deployment_id
string
required: true

Responses

HTTP 200
Name
Type
Description
id
string

CloudWAF instance unique identifier.

name
string

Friendly name to identify a CloudWAF instance.

description
string

Friendly description to identify a CloudWAF instance.

region
string

Region the CloudWAF Instance is being deployed to.

tlsMinVersion
string

TLS minimum version.

useUploadedCertificates
boolean

Allows switching between using an uploaded certificate or using the default certificate. When disabled, the default certificate is used.

workspaceConfigs
siteName
string

Site name.

instanceLocation
string

Set instance location to "direct" or "advanced".

clientIPHeader
string

Specify the request header containing the client IP address, available when InstanceLocation is set to "advanced". Default: "X-Forwarded-For".

listenerProtocols
string array

Specify the protocol or protocols required.

routes
id
string

Route unique identifier.

certificateIds
string array

List of certificate IDs in string associated with request URI or domains. IDs will be available in certificate GET request.

origin
string

Origin server URI.

passHostHeader
boolean

Pass the client supplied host header through to the upstream (including the upstream TLS handshake for use with SNI and certificate validation). If using Heroku or Server Name Indications (SNI), this must be disabled(default: false).

domains
string array

List of domain or request URIs, up to 100 entries.

connectionPooling
boolean

If disabled, opened connections will not be reused (default: true).

trustProxyHeaders
boolean

If true, will trust proxy headers coming into the agent. If false, will ignore and drop those headers (default: false)

deployment
status
string

Current status of the deployment

message
string

CloudWAF instance message

egressIPs
ip
string

Egress IP address CloudWAF will be directing traffic to origin from.

status
string

EgressIP Status.

updatedAt
string

When EgressIP was last updated on.

dnsEntry
string

CloudWAF instance's DNS Entry.

useUploadedCertificates
boolean

Represents if the user uploaded certificates should be used to create or update the cloudwaf instance.

createdBy
string

CloudWAF instance created by.

created
string

Timestamp for when deployment was created.

Response Example
{
                                      "id": "id1",
                                      "name": "website",
                                      "description": "a website",
                                      "region": "us-east-1",
                                      "tlsMinVersion": "1.2",
                                      "useUploadedCertificates": true,
                                      "workspaceConfigs": [
                                        {
                                          "siteName": "www.example.com",
                                          "instanceLocation": "direct",
                                          "clientIPHeader": "",
                                          "listenerProtocols": ["https"],
                                          "routes": [
                                            {
                                              "certificateIds": ["id2"],
                                              "domains": ["www.example.com"],
                                              "origin": "https://www.origin.example.com",
                                              "passHostHeader": false,
                                              "id": "id3",
                                              "connectionPooling": true,
                                              "trustProxyHeaders": false
                                            }
                                          ]
                                        }
                                      ],
                                      "deployment": {
                                        "status": "done",
                                        "message": "",
                                        "egressIPs": [
                                          {
                                            "ip": "233.252.0.152",
                                            "status": "reachable",
                                            "updatedAt": "2021-04-08T17:10:58Z"
                                          }
                                        ],
                                        "dnsEntry": "example.signalsciencescloud.net"
                                      },
                                      "useUploadedCertificates": true,
                                      "createdBy": "user@example.com",
                                      "created": "2021-04-08T15:50:46Z"
                                    }
                                    

Update CloudWAF instance

put /corps/{corpName}/cloudwafInstances/{deployment_id}

Request

URI Parameters
Name
Type
Description
deployment_id
string
required: true
Body (application/json)
Name
Type
Description
name
string
required: true

Friendly name to identify a CloudWAF instance.

description
string
required: true

Friendly description to identify a CloudWAF instance.

region
string
required: true

Region the CloudWAF Instance is being deployed to.(Supported region: "us-east-1", "us-west-1", "af-south-1", "ap-northeast-1", "ap-northeast-2", "ap-south-1", "ap-southeast-1", "ap-southeast-2", "ca-central-1", "eu-central-1", "eu-north-1", "eu-west-1", "eu-west-2", "eu-west-3", "sa-east-1", "us-east-2", "us-west-2").

tlsMinVersion
string
required: true

TLS minimum version. Versions Available: "1.0", "1.2".

useUploadedCertificates
boolean
required: true

Allows switching between using an uploaded certificate or using the default certificate. When disabled, the default certificate is used.

workspaceConfigs
object array
required: true
siteName
string
required: true

Site name.

instanceLocation
string
required: true

Set instance location to "direct" or "advanced".

clientIPHeader
string

Specify the request header containing the client IP address, available when InstanceLocation is set to "advanced". Default: "X-Forwarded-For".

listenerProtocols
string array
required: true

Specify the protocol or protocols required. ex. ["http", "https"], ["https"].

routes
object array
required: true
id
string

Route unique identifier.

certificateIds
string array
required: true

List of certificate IDs in string associated with request URI or domains. IDs will be available in certificate GET request.

origin
string
required: true

Origin server URI.

passHostHeader
boolean

Pass the client supplied host header through to the upstream (including the upstream TLS handshake for use with SNI and certificate validation). If using Heroku or Server Name Indications (SNI), this must be disabled(default: false).

connectionPooling
boolean

If disabled, opened connections will not be reused (default: true).

trustProxyHeaders
boolean

If true, will trust proxy headers coming into the agent. If false, will ignore and drop those headers. (default: false)

domains
string array
required: true

List of domain or request URIs, up to 100 entries.

Responses

HTTP 200
Name
Type
Description
id
string

CloudWAF instance unique identifier.

name
string

Friendly name to identify a CloudWAF instance.

description
string

Friendly description to identify a CloudWAF instance.

region
string

Region the CloudWAF Instance is being deployed to.

tlsMinVersion
string

TLS minimum version.

useUploadedCertificates
boolean

Allows switching between using an uploaded certificate or using the default certificate. When disabled, the default certificate is used.

workspaceConfigs
siteName
string

Site name.

instanceLocation
string

Set instance location to "direct" or "advanced".

clientIPHeader
string

Specify the request header containing the client IP address, available when InstanceLocation is set to "advanced". Default: "X-Forwarded-For".

listenerProtocols
string array

Specify the protocol or protocols required.

routes
id
string

Route unique identifier.

certificateIds
string array

List of certificate IDs in string associated with request URI or domains. IDs will be available in certificate GET request.

origin
string

Origin server URI.

passHostHeader
boolean

Pass the client supplied host header through to the upstream (including the upstream TLS handshake for use with SNI and certificate validation). If using Heroku or Server Name Indications (SNI), this must be disabled(default: false).

domains
string array

List of domain or request URIs, up to 100 entries.

connectionPooling
boolean

If disabled, opened connections will not be reused (default: true).

trustProxyHeaders
boolean

If true, will trust proxy headers coming into the agent. If false, will ignore and drop those headers (default: false)

deployment
status
string

Current status of the deployment

message
string

CloudWAF instance message

egressIPs
ip
string

Egress IP address CloudWAF will be directing traffic to origin from.

status
string

EgressIP Status.

updatedAt
string

When EgressIP was last updated on.

dnsEntry
string

CloudWAF instance's DNS Entry.

useUploadedCertificates
boolean

Represents if the user uploaded certificates should be used to create or update the cloudwaf instance.

createdBy
string

CloudWAF instance created by.

created
string

Timestamp for when deployment was created.

HTTP 400
Response Example
{"message": "An absolute URI including a scheme is required: unexpected origin, got = www.example.com"}
                                    

Delete CloudWAF instance

delete /corps/{corpName}/cloudwafInstances/{deployment_id}

Request

URI Parameters
Name
Type
Description
deployment_id
string
required: true

Responses

HTTP 204

delete successful

HTTP 400
Response Example
{"message":"cannot delete with pending instance"}
                                    

Restart CloudWAF instance

post /corps/{corpName}/cloudwafInstances/{deployment_id}/restart

Request

URI Parameters
Name
Type
Description
deployment_id
string
required: true

Responses

HTTP 204

restart successful

List CloudWAF certificates

get /corps/{corpName}/cloudwafCerts

Request

Responses

HTTP 200
Name
Type
Description
data
cloudwafCertResponse array
id
string

CloudWAF certificate unique identifier

name
string

Friendly name to identify a CloudWAF certificate

commonName
string

Common name of the uploaded certificate

subjectAlternativeNames
string array

Subject alternative names from the uploaded certificate

domains
string array
min len: 1

List of domains - deprecated

certificateBody
string

Body of the certificate in PEM format

certificateChain
string

Certificate chain in PEM format

fingerprint
string

SHA1 fingerprint of the certififcate

expiresAt
string
format: date-time

TimeStamp for when certificate expires in RFC3339 date time format

status
string

Current status of the certificate - could be one of "unknown", "active", "pendingverification", "expired", "error"

createdBy
string

Email address of the user that created the certfificate

created
string
format: date-time

Created RFC3339 date time

updatedBy
string

Email address of the user that updated the certificate

updatedAt
string
format: date-time

Updated RFC3339 date time

Upload CloudWAF certificate

post /corps/{corpName}/cloudwafCerts

Request

Body (application/json)
Name
Type
Description
name
string

Friendly name to identify a CloudWAF certificate

domains
string array

List of domains - deprecated

privateKey
string

Private key of the certificate in PEM format - must be unencrypted

certificateBody
string

Body of the certificate in PEM format

certificateChain
string

Certificate chain in PEM format

Request Example
{
                                  "name": "someCertificate",
                                  "domains": [
                                    "example.com"
                                  ],
                                  "privateKey": "-----BEGIN PRIVATE KEY-----\n someCertificate private key \n-----END PRIVATE KEY-----\n",
                                  "certificateBody": "-----BEGIN CERTIFICATE-----\n someCertificate certificate body \n-----END CERTIFICATE-----\n",
                                  "certificateChain": ""
                                }
                                

Responses

HTTP 201
Name
Type
Description
id
string

CloudWAF certificate unique identifier

Response Example
{"id": "someCertificate-id" }
                                
HTTP 400
Response Example
{"message":"example.net is not associated with the specified TLS certificate.: unexpected domain, got = example.net"}
                                

Get CloudWAF certificate by id

get /corps/{corpName}/cloudwafCerts/{id}

Request

URI Parameters
Name
Type
Description
id
string
required: true

Responses

HTTP 200
Name
Type
Description
id
string

CloudWAF certificate unique identifier

name
string

Friendly name to identify a CloudWAF certificate

commonName
string

Common name of the uploaded certificate

subjectAlternativeNames
string array

Subject alternative names from the uploaded certificate

domains
string array
min len: 1

List of domains - deprecated

certificateBody
string

Body of the certificate in PEM format

certificateChain
string

Certificate chain in PEM format

fingerprint
string

SHA1 fingerprint of the certififcate

expiresAt
string
format: date-time

TimeStamp for when certificate expires in RFC3339 date time format

status
string

Current status of the certificate - could be one of "unknown", "active", "pendingverification", "expired", "error"

createdBy
string

Email address of the user that created the certfificate

created
string
format: date-time

Created RFC3339 date time

updatedBy
string

Email address of the user that updated the certificate

updatedAt
string
format: date-time

Updated RFC3339 date time

Response Example
{
                                  "id":"some-id",
                                  "name":"website",
                                  "domains":["example.com"],
                                  "certificateBody":"-----BEGIN CERTIFICATE-----\n certificate body \n-----END CERTIFICATE-----",
                                  "certificateChain":"",
                                  "fingerprint": "",
                                  "expiresAt":"2021-05-02T20:48:02Z",
                                  "status":"active",
                                  "createdBy":"user@example.com",
                                  "created":"2021-02-01T22:05:23Z",
                                  "updatedBy":"user@example.com",
                                  "updatedAt":"2021-02-01T22:06:17Z"
                                }
                                

Update CloudWAF certificate by id

put /corps/{corpName}/cloudwafCerts/{id}

Request

URI Parameters
Name
Type
Description
id
string
required: true
Body (application/json)
Name
Type
Description
name
string
min len: 1

Friendly name to identify a CloudWAF certificate

Request Example
{
                                "name": "some name"
                                }
                                

Responses

HTTP 200
Name
Type
Description
id
string

CloudWAF certificate unique identifier

name
string

Friendly name to identify a CloudWAF certificate

commonName
string

Common name of the uploaded certificate

subjectAlternativeNames
string array

Subject alternative names from the uploaded certificate

domains
string array
min len: 1

List of domains - deprecated

certificateBody
string

Body of the certificate in PEM format

certificateChain
string

Certificate chain in PEM format

fingerprint
string

SHA1 fingerprint of the certififcate

expiresAt
string
format: date-time

TimeStamp for when certificate expires in RFC3339 date time format

status
string

Current status of the certificate - could be one of "unknown", "active", "pendingverification", "expired", "error"

createdBy
string

Email address of the user that created the certfificate

created
string
format: date-time

Created RFC3339 date time

updatedBy
string

Email address of the user that updated the certificate

updatedAt
string
format: date-time

Updated RFC3339 date time

Response Example
{
                                  "id": "some-id",
                                  "name": "some certificate",
                                  "domains": [
                                      "website"
                                  ],
                                  "certificateBody": "-----BEGIN CERTIFICATE-----\n some certificate certificate body\n-----END CERTIFICATE-----\n",
                                  "certificateChain": "-----BEGIN CERTIFICATE-----\n some certificate certificate chain\n-----END CERTIFICATE-----\n",
                                  "fingerprint": "",
                                  "expiresAt": "2022-01-28T20:32:47Z",
                                  "status": "active",
                                  "createdBy": "user@example.com",
                                  "created": "2021-01-28T20:34:06.952625Z",
                                  "updatedBy": "user@example.com",
                                  "updatedAt": "2021-03-10T17:51:17.540049Z"}
                                
HTTP 400
Response Example
{"message":"name cannot be empty"}
                                

Delete CloudWAF certificate by id

delete /corps/{corpName}/cloudwafCerts/{id}

Request

URI Parameters
Name
Type
Description
id
string
required: true

Responses

HTTP 204

Delete successful

HTTP 400
Response Example
{"message":"certificate f179ae5fd6d8b5f742753e7019936d7e58e5c5bf used in deployments: cert is in use"}
                                

Sites

List sites in corp

get /corps/{corpName}/sites

Request

URI Parameters
Name
Type
Description
corpName
string
matching: [0-9a-z_.-]+
required: true

Corp shortname

Query Parameters
Name
Type
Description
pretty
boolean

Pretty print the json output

name
string

Filter on site name or display name

page
integer
default: 1

The page of the results

limit
integer
default: 10

The number of entries to be returned

agentLevel
one of (block,log,off)
enum: block,log,off

Filter on agent mode

Responses

HTTP 200
Name
Type
Description
data
site array
required: true
name
string
min len: 3
max len: 100

Identifying name of the site

displayName
string
min len: 3
max len: 100

Display name of the site

agentLevel
string
enum: block,log,off

Agent action level - 'block', 'log' or 'off'

agentAnonMode
string
default: off
enum: EU,off

Agent IP anonimization mode - 'EU' or 'off'

blockDurationSeconds
integer
default: 86400
format: int32
max: 31556900

Duration to block an IP in seconds

blockHTTPCode
integer
default: 406
format: int32
min: 301
max: 599

HTTP response code to send when when traffic is being blocked

blockRedirectURL
string

URL to redirect to when blockHTTPCode is 301 or 302

created
string
format: date-time
read only: true

Created RFC3339 date time

whitelist
uri
string
read only: true

Reference to the site's whitelist

blacklist
uri
string
read only: true

Reference to the site's blacklist

blocklist
uri
string
read only: true

Reference to the site's blocklist

events
uri
string
read only: true

Reference to the site's events

requests
uri
string
read only: true

Reference to the site's requests

redactions
uri
string
read only: true

Reference to the site's redactions

suspiciousIPs
uri
string
read only: true

Reference to the site's suspicious IPs

monitors
uri
string
read only: true

Reference to the site's monitors

integrations
uri
string
read only: true

Reference to the site's integrations

headerLinks
uri
string
read only: true

Reference to the site's header links

agents
uri
string
read only: true

Reference to the site's agents

alerts
uri
string
read only: true

Reference to the site's alerts

analyticsEvents
uri
string
read only: true

Reference to the site's analytics events

topAttacks
uri
string
read only: true

Reference to the site's top attacks

members
uri
string
read only: true

Reference to the site's members

attackThresholds

Attack threshold parameters for system site alerts

interval
integer
enum: 1,10,60

Number of minutes during which attack signals per IP address are counted

threshold
integer

Number of attack signals per IP address that must be detected during the interval before the related IP address is flagged

immediateBlock
boolean

Determines whether to instantly block requests tagged with at least one attack signal

Response Example
{
                          "data": [
                              {
                                  "name": "www.example.com",
                                  "displayName": "My Website",
                                  "agentLevel": "block",
                                  "blockHTTPCode": 406,
                                  "blockDurationSeconds": 86400,
                                  "created": "2014-12-09T10:43:54-08:00",
                                  "whitelist": {
                                      "uri": "/api/v0/corps/testcorp/sites/www.example.com/whitelist"
                                  },
                                  "blacklist": {
                                      "uri": "/api/v0/corps/testcorp/sites/www.example.com/blacklist"
                                  },
                                  "events": {
                                      "uri": "/api/v0/corps/testcorp/sites/www.example.com/events"
                                  },
                                  "requests": {
                                      "uri": "/api/v0/corps/testcorp/sites/www.example.com/requests"
                                  },
                                  "redactions": {
                                    "uri": "/api/v0/corps/testcorp/sites/www.example.com/redactions"
                                  },
                                  "suspiciousIPs": {
                                    "uri": "/api/v0/corps/testcorp/sites/www.example.com/suspiciousIPs"
                                  },
                                  "monitors": {
                                    "uri": "/api/v0/corps/testcorp/sites/www.example.com/monitors"
                                  },
                                  "integrations": {
                                    "uri": "/api/v0/corps/testcorp/sites/www.example.com/integrations"
                                  },
                                  "headerLinks": {
                                    "uri": "/api/v0/corps/testcorp/sites/www.example.com/headerLinks"
                                  },
                                  "agents": {
                                    "uri": "/api/v0/corps/testcorp/sites/www.example.com/agents"
                                  },
                                  "alerts": {
                                    "uri": "/api/v0/corps/testcorp/sites/www.example.com/alerts"
                                  },
                                  "analyticsEvents": {
                                    "uri": "/api/v0/corps/testcorp/sites/www.example.com/analytics/events"
                                  },
                                  "topAttacks": {
                                    "uri": "/api/v0/corps/testcorp/sites/www.example.com/top/attacks"
                                  },
                                  "members": {
                                    "uri": "/api/v0/corps/testcorp/sites/www.example.com/members"
                                  }
                              }
                          ]
                        }
                        

Create site in corp

post /corps/{corpName}/sites

Request

URI Parameters
Name
Type
Description
corpName
string
matching: [0-9a-z_.-]+
required: true

Corp shortname

Query Parameters
Name
Type
Description
pretty
boolean

Pretty print the json output

Body (application/json)
Name
Type
Description
name
string
min len: 3
max len: 100

Identifying name of the site

displayName
string
min len: 3
max len: 100

Display name of the site

agentLevel
string
enum: block,log,off

Agent action level - 'block', 'log' or 'off'

agentAnonMode
string
default: off
enum: EU,off

Agent IP anonimization mode - 'EU' or 'off'

blockDurationSeconds
integer
default: 86400
format: int32
max: 31556900

Duration to block an IP in seconds

blockHTTPCode
integer
default: 406
format: int32
min: 301
max: 599

HTTP response code to send when when traffic is being blocked

blockRedirectURL
string

URL to redirect to when blockHTTPCode is 301 or 302

attackThresholds

Attack threshold parameters for system site alerts

interval
integer
enum: 1,10,60

Number of minutes during which attack signals per IP address are counted

threshold
integer

Number of attack signals per IP address that must be detected during the interval before the related IP address is flagged

immediateBlock
boolean

Determines whether to instantly block requests tagged with at least one attack signal

Request Example
{
                          'name": "www.example.com",
                          "displayName": "Example Website",
                          "agentLevel": "block",
                          "blockDurationSeconds": 259200,
                          "blockHTTPCode": 302,
                          "blockRedirectURL": "/blocked/"
                        }
                        

Responses

HTTP 200
Name
Type
Description
name
string
min len: 3
max len: 100

Identifying name of the site

displayName
string
min len: 3
max len: 100

Display name of the site

agentLevel
string
enum: block,log,off

Agent action level - 'block', 'log' or 'off'

agentAnonMode
string
default: off
enum: EU,off

Agent IP anonimization mode - 'EU' or 'off'

blockDurationSeconds
integer
default: 86400
format: int32
max: 31556900

Duration to block an IP in seconds

blockHTTPCode
integer
default: 406
format: int32
min: 301
max: 599

HTTP response code to send when when traffic is being blocked

blockRedirectURL
string

URL to redirect to when blockHTTPCode is 301 or 302

created
string
format: date-time
read only: true

Created RFC3339 date time

whitelist
uri
string
read only: true

Reference to the site's whitelist

blacklist
uri
string
read only: true

Reference to the site's blacklist

blocklist
uri
string
read only: true

Reference to the site's blocklist

events
uri
string
read only: true

Reference to the site's events

requests
uri
string
read only: true

Reference to the site's requests

redactions
uri
string
read only: true

Reference to the site's redactions

suspiciousIPs
uri
string
read only: true

Reference to the site's suspicious IPs

monitors
uri
string
read only: true

Reference to the site's monitors

integrations
uri
string
read only: true

Reference to the site's integrations

headerLinks
uri
string
read only: true

Reference to the site's header links

agents
uri
string
read only: true

Reference to the site's agents

alerts
uri
string
read only: true

Reference to the site's alerts

analyticsEvents
uri
string
read only: true

Reference to the site's analytics events

topAttacks
uri
string
read only: true

Reference to the site's top attacks

members
uri
string
read only: true

Reference to the site's members

attackThresholds

Attack threshold parameters for system site alerts

interval
integer
enum: 1,10,60

Number of minutes during which attack signals per IP address are counted

threshold
integer

Number of attack signals per IP address that must be detected during the interval before the related IP address is flagged

immediateBlock
boolean

Determines whether to instantly block requests tagged with at least one attack signal

Response Example
{
                          "name": "www.example.com",
                          "displayName": "My Website1",
                          "agentLevel": "block",
                          "blockHTTPCode": 302,
                          "blockDurationSeconds": 259200,
                          "blockRedirectURL": "/blocked/",
                          "created": "2014-12-09T10:43:54-08:00",
                          "whitelist": {
                              "uri": "/api/v0/corps/testcorp/sites/www.example.com/whitelist"
                          },
                          "blacklist": {
                              "uri": "/api/v0/corps/testcorp/sites/www.example.com/blacklist"
                          },
                          "events": {
                              "uri": "/api/v0/corps/testcorp/sites/www.example.com/events"
                          },
                          "requests": {
                              "uri": "/api/v0/corps/testcorp/sites/www.example.com/requests"
                          },
                          "redactions": {
                              "uri": "/api/v0/corps/testcorp/sites/www.example.com/redactions"
                          },
                          "suspiciousIPs": {
                              "uri": "/api/v0/corps/testcorp/sites/www.example.com/suspiciousIPs"
                          },
                          "monitors": {
                              "uri": "/api/v0/corps/testcorp/sites/www.example.com/monitors"
                          },
                          "integrations": {
                              "uri": "/api/v0/corps/testcorp/sites/www.example.com/integrations"
                          },
                          "headerLinks": {
                              "uri": "/api/v0/corps/testcorp/sites/www.example.com/headerLinks"
                          },
                          "agents": {
                              "uri": "/api/v0/corps/testcorp/sites/www.example.com/agents"
                          },
                          "alerts": {
                              "uri": "/api/v0/corps/testcorp/sites/www.example.com/alerts"
                          },
                          "analyticsEvents": {
                              "uri": "/api/v0/corps/testcorp/sites/www.example.com/analytics/events"
                          },
                          "topAttacks": {
                              "uri": "/api/v0/corps/testcorp/sites/www.example.com/top/attacks"
                          },
                          "tags": {
                              "uri": "/api/v0/corps/testcorp/sites/www.example.com/tags"
                          },
                          "rules": {
                              "uri": "/api/v0/corps/testcorp/sites/www.example.com/rules"
                          },
                          "members": {
                              "uri": "/api/v0/corps/testcorp/sites/www.example.com/members"
                          }
                        }
                        
HTTP 400
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"Invalid block code - must be between 100 and 599"}
                        

Deploy site to edge

put /corps/{corpName}/sites/edgeDeployment

Configure the Next-Gen WAF site for Edge Deployment.

Request

Headers
Name
Type
Description
Content-Type
string
required: true

Must be 'application/json'

Responses

HTTP 200

Initialization successful

Get site by name

get /corps/{corpName}/sites/{siteName}

Request

URI Parameters
Name
Type
Description
siteName
string
matching: [0-9a-z_.-]+
required: true
Query Parameters
Name
Type
Description
pretty
boolean

Pretty print the json output

Responses

HTTP 200
Name
Type
Description
name
string
min len: 3
max len: 100

Identifying name of the site

displayName
string
min len: 3
max len: 100

Display name of the site

agentLevel
string
enum: block,log,off

Agent action level - 'block', 'log' or 'off'

agentAnonMode
string
default: off
enum: EU,off

Agent IP anonimization mode - 'EU' or 'off'

blockDurationSeconds
integer
default: 86400
format: int32
max: 31556900

Duration to block an IP in seconds

blockHTTPCode
integer
default: 406
format: int32
min: 301
max: 599

HTTP response code to send when when traffic is being blocked

blockRedirectURL
string

URL to redirect to when blockHTTPCode is 301 or 302

created
string
format: date-time
read only: true

Created RFC3339 date time

whitelist
uri
string
read only: true

Reference to the site's whitelist

blacklist
uri
string
read only: true

Reference to the site's blacklist

blocklist
uri
string
read only: true

Reference to the site's blocklist

events
uri
string
read only: true

Reference to the site's events

requests
uri
string
read only: true

Reference to the site's requests

redactions
uri
string
read only: true

Reference to the site's redactions

suspiciousIPs
uri
string
read only: true

Reference to the site's suspicious IPs

monitors
uri
string
read only: true

Reference to the site's monitors

integrations
uri
string
read only: true

Reference to the site's integrations

headerLinks
uri
string
read only: true

Reference to the site's header links

agents
uri
string
read only: true

Reference to the site's agents

alerts
uri
string
read only: true

Reference to the site's alerts

analyticsEvents
uri
string
read only: true

Reference to the site's analytics events

topAttacks
uri
string
read only: true

Reference to the site's top attacks

members
uri
string
read only: true

Reference to the site's members

attackThresholds

Attack threshold parameters for system site alerts

interval
integer
enum: 1,10,60

Number of minutes during which attack signals per IP address are counted

threshold
integer

Number of attack signals per IP address that must be detected during the interval before the related IP address is flagged

immediateBlock
boolean

Determines whether to instantly block requests tagged with at least one attack signal

Response Example
{
                              "name": "www.example.com",
                              "displayName": "My Website",
                              "agentLevel": "block",
                              "blockHTTPCode": 406,
                              "blockDurationSeconds": 86400,
                              "created": "2014-12-09T10:43:54-08:00",
                              "whitelist": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/whitelist"
                              },
                              "blacklist": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/blacklist"
                              },
                              "events": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/events"
                              },
                              "requests": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/requests"
                              },
                              "redactions": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/redactions"
                              },
                              "suspiciousIPs": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/suspiciousIPs"
                              },
                              "rateLimitedIPs": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/rateLimitedIPs"
                              },
                              "monitors": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/monitors"
                              },
                              "integrations": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/integrations"
                              },
                              "headerLinks": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/headerLinks"
                              },
                              "agents": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/agents"
                              },
                              "alerts": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/alerts"
                              },
                              "analyticsEvents": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/analytics/events"
                              },
                              "topAttacks": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/top/attacks"
                              },
                              "members": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/members"
                              }
                            }
                            
HTTP 400
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"Invalid site"}
                            

Update a site by name

patch /corps/{corpName}/sites/{siteName}

Request

URI Parameters
Name
Type
Description
siteName
string
matching: [0-9a-z_.-]+
required: true
Query Parameters
Name
Type
Description
pretty
boolean

Pretty print the json output

Body (application/json)
Name
Type
Description
name
string
min len: 3
max len: 100

Identifying name of the site

displayName
string
min len: 3
max len: 100

Display name of the site

agentLevel
string
enum: block,log,off

Agent action level - 'block', 'log' or 'off'

agentAnonMode
string
default: off
enum: EU,off

Agent IP anonimization mode - 'EU' or 'off'

blockDurationSeconds
integer
default: 86400
format: int32
max: 31556900

Duration to block an IP in seconds

blockHTTPCode
integer
default: 406
format: int32
min: 301
max: 599

HTTP response code to send when when traffic is being blocked

blockRedirectURL
string

URL to redirect to when blockHTTPCode is 301 or 302

attackThresholds

Attack threshold parameters for system site alerts

interval
integer
enum: 1,10,60

Number of minutes during which attack signals per IP address are counted

threshold
integer

Number of attack signals per IP address that must be detected during the interval before the related IP address is flagged

immediateBlock
boolean

Determines whether to instantly block requests tagged with at least one attack signal

Request Example
{
                              "displayName": "My Website1",
                              "agentLevel": "block",
                              "blockDurationSeconds": 259200,
                              "attackThresholds": [
                                {
                                "interval": 1,
                                "threshold": 25
                                },
                                {
                                "interval": 10,
                                "threshold": 60
                                },
                                {
                                "interval": 60,
                                "threshold": 100
                                }
                              ]
                            }
                            

Responses

HTTP 200
Name
Type
Description
name
string
min len: 3
max len: 100

Identifying name of the site

displayName
string
min len: 3
max len: 100

Display name of the site

agentLevel
string
enum: block,log,off

Agent action level - 'block', 'log' or 'off'

agentAnonMode
string
default: off
enum: EU,off

Agent IP anonimization mode - 'EU' or 'off'

blockDurationSeconds
integer
default: 86400
format: int32
max: 31556900

Duration to block an IP in seconds

blockHTTPCode
integer
default: 406
format: int32
min: 301
max: 599

HTTP response code to send when when traffic is being blocked

blockRedirectURL
string

URL to redirect to when blockHTTPCode is 301 or 302

created
string
format: date-time
read only: true

Created RFC3339 date time

whitelist
uri
string
read only: true

Reference to the site's whitelist

blacklist
uri
string
read only: true

Reference to the site's blacklist

blocklist
uri
string
read only: true

Reference to the site's blocklist

events
uri
string
read only: true

Reference to the site's events

requests
uri
string
read only: true

Reference to the site's requests

redactions
uri
string
read only: true

Reference to the site's redactions

suspiciousIPs
uri
string
read only: true

Reference to the site's suspicious IPs

monitors
uri
string
read only: true

Reference to the site's monitors

integrations
uri
string
read only: true

Reference to the site's integrations

headerLinks
uri
string
read only: true

Reference to the site's header links

agents
uri
string
read only: true

Reference to the site's agents

alerts
uri
string
read only: true

Reference to the site's alerts

analyticsEvents
uri
string
read only: true

Reference to the site's analytics events

topAttacks
uri
string
read only: true

Reference to the site's top attacks

members
uri
string
read only: true

Reference to the site's members

attackThresholds

Attack threshold parameters for system site alerts

interval
integer
enum: 1,10,60

Number of minutes during which attack signals per IP address are counted

threshold
integer

Number of attack signals per IP address that must be detected during the interval before the related IP address is flagged

immediateBlock
boolean

Determines whether to instantly block requests tagged with at least one attack signal

Response Example
{
                              "name": "www.example.com",
                              "displayName": "My Website1",
                              "agentLevel": "block",
                              "blockHTTPCode": 406,
                              "blockDurationSeconds": 259200,
                              "created": "2014-12-09T10:43:54-08:00",
                              "whitelist": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/whitelist"
                              },
                              "blacklist": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/blacklist"
                              },
                              "events": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/events"
                              },
                              "requests": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/requests"
                              },
                              "redactions": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/redactions"
                              },
                              "suspiciousIPs": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/suspiciousIPs"
                              },
                              "rateLimitedIPs": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/rateLimitedIPs"
                              },
                              "monitors": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/monitors"
                              },
                              "integrations": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/integrations"
                              },
                              "headerLinks": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/headerLinks"
                              },
                              "agents": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/agents"
                              },
                              "alerts": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/alerts"
                              },
                              "analyticsEvents": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/analytics/events"
                              },
                              "topAttacks": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/top/attacks"
                              },
                              "tags": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/tags"
                              },
                              "rules": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/advancedRules"
                              },
                              "members": {
                                  "uri": "/api/v0/corps/testcorp/sites/www.example.com/members"
                              },
                              "attackThresholds": [
                                {
                                "interval": 1,
                                "threshold": 25
                                },
                                {
                                "interval": 10,
                                "threshold": 60
                                },
                                {
                                "interval": 60,
                                "threshold": 100
                                }
                              ]
                            }
                            
HTTP 400
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"Invalid block code - must be between 100 and 599"}
                            

Delete site

delete /corps/{corpName}/sites/{siteName}

Request

URI Parameters
Name
Type
Description
siteName
string
matching: [0-9a-z_.-]+
required: true
Query Parameters
Name
Type
Description
pretty
boolean

Pretty print the json output

Responses

HTTP 204

Delete successful

Remove an Edge Deployment

delete /corps/{corpName}/sites/{siteName}/edgeDeployment

Remove the Edge Deployment of a Next-Gen WAF Site. It does not affect other Site configurations or prevent the Site from being re-deployed to the edge again later.

Request

Headers
Name
Type
Description
Content-Type
string
required: true

Must be 'application/json'

Responses

HTTP 200

Edge Deployment successfully removed

List site activity events

get /corps/{corpName}/sites/{siteName}/analytics/events

Request

Query Parameters
Name
Type
Description
from
integer

The POSIX Unix time to start

until
integer

The POSIX Unix time to end

sort
one of (asc,desc)
default: desc
enum: asc,desc

The sort order

since_id
string

The id of the last object in the set

max_id
string

The id of the last object in the set

limit
integer
default: 100
max: 1000

The number of entries to be returned per page

page
integer

The page of the results. Each page is limited to 1,000 requests, and a maximum of 10,000 requests in total will be returned.

pretty
boolean

Pretty print the json output

events
one of (alerts,audits,excludeAgentsOnline)
enum: alerts,audits,excludeAgentsOnline

Filter on events

eventType
string

Filter on event type

Responses

HTTP 200
Name
Type
Description
totalCount
integer
format: int32

Total number of matching documents

next
uri
string

Reference to the next page of data

data
activityevent array
required: true
id
string

Unique ID of the activity event

eventType
string

Event type

msgData
object

Data used to format the message

attachments
0
Title
string
required: true
Fields
tuple array
required: true
0
Title
string
required: true
Value
string
required: true
Short
boolean
required: true
MarkdownFields
boolean
required: true
message
string

Message of the event

created
string
format: date-time
read only: true

Created RFC3339 date time

Response Example
{
                                  "totalCount": 5,
                                  "next": {
                                    "uri": "/api/v0/corps/testcorp/sites/www.example.com/analytics/events?limit=1&page=2"
                                  },
                                  "data": [
                                    {
                                      "id": "558cf75c3dfaa4b9c2000001",
                                      "eventType": "blacklistIP",
                                      "msgData": {"ip": "192.0.2.149"},
                                      "message": "User (user@example.com) blacklisted \"192.0.2.149\"",
                                      "created": "2015-02-14T21:17:16Z"
                                    }
                                  ]
                                }
                                
HTTP 400
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"Invalid site"}
                                

Create or Update Delivery Integration

put /corps/{corpName}/sites/{siteName}/deliveryIntegration/{fastlySID}

Connect this site to a Delivery service to protect traffic going to origin. Deploys or updates latest VCL and configuration to the Delivery service. Copies backends from the Delivery service to the Edge Deployment. These configurations are needed to forward traffic to the WAF. Note that the changes to the Fastly service will be activated unless the `activateVersion` field is passed as `false`.

Request

URI Parameters
Name
Type
Description
fastlySID
string
matching: [0-9a-zA-Z]+}
required: true

Fastly service ID

Headers
Name
Type
Description
Fastly-Key
string
required: true

Fastly API key with write access to the Fastly service

Content-Type
string
required: true

Must be 'application/json'

Body (application/json)
Name
Type
Description
percentEnabled
integer
format: int32
max: 100

Optional percent of requests that should be inspected by Next-Gen WAF

activateVersion
boolean
default: true

Optional flag that indicates whether the VCL version should be activated (true) or not activated (false)

Request Example
{
                                      "percentEnabled": 0,
                                      "activateVersion": true
                                    }
                                    

Responses

HTTP 200

Service configuration successful

Detach Edge Deployment Service

delete /corps/{corpName}/sites/{siteName}/deliveryIntegration/{fastlySID}

Stop securing the given Delivery service and disconnect the Fastly service from this Edge Deployment.

Request

URI Parameters
Name
Type
Description
fastlySID
string
matching: [0-9a-zA-Z]+}
required: true

Fastly service ID

Headers
Name
Type
Description
Fastly-Key
string
required: true

Fastly API key with write access to the Fastly service

Content-Type
string
required: true

Must be 'application/json'

Responses

HTTP 200

Service detachment successful

Update Edge Deployment Backends

put /corps/{corpName}/sites/{siteName}/deliveryIntegration/{fastlySID}/backends

Check if any changes were made to the Fastly service's backends and updates the Edge Deployment if necessary. Note that the Fastly service must already be configured for Edge Deployment.

Request

Headers
Name
Type
Description
Fastly-Key
string
required: true

Fastly API key with read access to the Fastly service

Content-Type
string
required: true

Must be 'application/json'

Responses

HTTP 200

Backend syncing successful

List site members

get /corps/{corpName}/sites/{siteName}/members

Request

Query Parameters
Name
Type
Description
pretty
boolean

Pretty print the json output

Responses

HTTP 200
Name
Type
Description
data
siteMember array
required: true
role
string

Role of the user (owner, admin, user, observer)

user
apiUser
boolean

API user

authStatus
string

Auth status of the user

corpAuthType
string

Auth type of the corp

email
string

Email of the user

name
string

Name of the user

status
string

Status of the user

Response Example
{
                                  "data": [
                                    {
                                      "user": {
                                        "name": "Example User",
                                        "email": "user@example.com",
                                        "status": "active",
                                        "authStatus": "none",
                                        "corpAuthType": "builtin",
                                        "apiUser": false
                                      },
                                      "role": "owner"
                                    }
                                  ]
                                }
                                
HTTP 400
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"Invalid site"}
                                

Add members to site

post /corps/{corpName}/sites/{siteName}/members

Request

Query Parameters
Name
Type
Description
pretty
boolean

Pretty print the json output

Body (application/json)
Name
Type
Description
members
string array
min len: 1
required: true

List of existing user email addresses

Request Example
{
                                  "members: ["user@example.com"]
                                }
                                

Responses

HTTP 200
Name
Type
Description
data
siteMember array
required: true
role
string

Role of the user (owner, admin, user, observer)

user
apiUser
boolean

API user

authStatus
string

Auth status of the user

corpAuthType
string

Auth type of the corp

email
string

Email of the user

name
string

Name of the user

status
string

Status of the user

Response Example
{
                                  "data": [
                                    {
                                      "user": {
                                        "name": "Example User",
                                        "email": "user@example.com",
                                        "status": "active",
                                        "authStatus": "none",
                                        "corpAuthType": "builtin",
                                        "apiUser": false
                                      },
                                      "role": "owner"
                                    }
                                  ]
                                }
                                
HTTP 400
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"Invalid user"}
                                

Get site member by email

get /corps/{corpName}/sites/{siteName}/members/{siteMemberEmail}

Request

URI Parameters
Name
Type
Description
siteMemberEmail
string
required: true
Query Parameters
Name
Type
Description
pretty
boolean

Pretty print the json output

Responses

HTTP 200
Name
Type
Description
role
string

Role of the user (owner, admin, user, observer)

user
apiUser
boolean

API user

authStatus
string

Auth status of the user

corpAuthType
string

Auth type of the corp

email
string

Email of the user

name
string

Name of the user

status
string

Status of the user

Response Example
{
                                      "user": {
                                        "name": "Example User",
                                        "email": "user@example.com",
                                        "status": "active",
                                        "authStatus": "none",
                                        "corpAuthType": "builtin",
                                        "apiUser": false
                                      },
                                      "role": "owner"
                                    },
                                    
HTTP 400
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"Invalid site"}
                                    
HTTP 404
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"ID not found"}
                                    

Delete from site members

delete /corps/{corpName}/sites/{siteName}/members/{siteMemberEmail}

Request

URI Parameters
Name
Type
Description
siteMemberEmail
string
required: true
Query Parameters
Name
Type
Description
pretty
boolean

Pretty print the json output

Responses

HTTP 204

Successful removal from the list

HTTP 400
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"Invalid site"}
                                    
HTTP 404
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"ID not found"}
                                    

Invite a site member

post /corps/{corpName}/sites/{siteName}/members/{siteMemberEmail}/invite

Request

Query Parameters
Name
Type
Description
pretty
boolean

Pretty print the json output

Body (application/json)
Name
Type
Description
role
string
min len: 1
required: true

Role of the user (owner, admin, user, observer)

Request Example
{
                                          "role": "observer"
                                        }
                                        

Responses

HTTP 200
Name
Type
Description
role
string

Role of the user (owner, admin, user, observer)

user
apiUser
boolean

API user

authStatus
string

Auth status of the user

corpAuthType
string

Auth type of the corp

email
string

Email of the user

name
string

Name of the user

status
string

Status of the user

Response Example
{
                                          "user": {
                                            "name": "Example User",
                                            "email": "user@example.com",
                                            "status": "active",
                                            "authStatus": "none",
                                            "corpAuthType": "builtin",
                                            "apiUser": false
                                          },
                                          "role": "owner"
                                        }
                                        
HTTP 400
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"Invalid site"}
                                        

List rules in site

get /corps/{corpName}/sites/{siteName}/rules

Request

Query Parameters
Name
Type
Description
type
one of (rateLimit,request,signal)
enum: rateLimit,request,signal
page
integer

The page of the results. Each page is limited to 1,000 requests, and a maximum of 10,000 requests in total will be returned.

limit
integer
default: 100
max: 1000

The number of entries to be returned per page

pretty
boolean

Pretty print the json output

Responses

HTTP 200
Name
Type
Description
totalCount
number
required: true

Total count of Site Rules

data
siteRule array
required: true
unique items: true
id
string
required: true
siteNames
string array
read only: true
required: true
unique items: true

Sites with the rule available.

type
string
required: true

Type of rule (request, signal exclusion, rateLimit)

enabled
boolean
required: true
groupOperator
string
required: true

Conditions that must be matched when evaluating the request (all, any)

conditions
object array
min items: 1
required: true
unique items: true
type
string
required: true

(group, single, multival)

groupOperator
string

type: group - Conditions that must be matched when evaluating the request (all, any)

field
string

type: single - (scheme, method, path, useragent, domain, ip, responseCode, agentname, paramname, paramvalue, country, name, valueString, valueInt, valueIp, signalType, ja3Fingerprint))

type: multival - (postParameter, queryParameter, requestCookie, requestHeader, responseHeader, signal)

operator
string

type: single - (equals, doesNotEqual, contains, doesNotContain, greaterEqual, lesserEqual, like, notLike, exists, doesNotExist, matches, doesNotMatch, inList, notInList)

value
string

type: single - See request fields

actions
object array
required: true
unique items: true

For rateLimit rules an action with a valid type and signal is required, for all other rules only type is required

signal
string

For rateLimit rules, the signal to act upon when activating the rateLimit

type
string
required: true

(block, allow, exclude, browserChallenge, verifyToken) (rateLimit rule valid values: logRequest, blockSignal, browserChallenge, verifyToken)

redirectURL
string

URL to redirect to when blockHTTPCode is 301 or 302

responseCode
integer

HTTP response code for blocked requests (default: 406)

allowInteractive
boolean

Allows switching between a non-interactive and interactive browser challenge. Only valid with the browserChallenge action type.

requestlogging
string
default: sampled
enum: sampled,none

Indicates whether to store the logs for requests that match the rule's conditions (sampled) or not store them (none). This field is only available for request rules.

rateLimit
threshold
integer

Requests counted before activating the rate limit

interval
integer

Length of time in minutes the threshold should be measured for

duration
integer

Length of time in seconds to enforce the rule for once activated

reason
string
required: true

Description of the rule

expiration
string
required: true

Date the rule will automatically be disabled. If rule is always enabled, will return empty string

createdBy
string
required: true

The user that created the rule

created
string
required: true

Created RFC3339 date time

updated
string
required: true

Last updated RFC3339 date time

Response Example
{
                                  "data": {
                                    "totalCount": 1,
                                    "data": [
                                        {
                                            "id": "5e191909c931498586c6f537",
                                            "siteNames": [
                                                "www.example.com"
                                            ],
                                            "type": "request",
                                            "enabled": true,
                                            "groupOperator": "all",
                                            "conditions": [
                                                {
                                                    "type": "single",
                                                    "field": "ip",
                                                    "operator": "equals",
                                                    "value": "233.252.0.100"
                                                }
                                            ],
                                            "actions": [
                                                {
                                                    "type": "block"
                                                }
                                            ],
                                            "requestlogging": "sampled",
                                            "reason": "test",
                                            "expiration": "",
                                            "created": "2015-02-14T21:17:16Z",
                                            "updated": "2015-02-14T21:17:16Z"
                                        }
                                    ]
                                  }
                                }
                                

Create site rule

post /corps/{corpName}/sites/{siteName}/rules

Request

Query Parameters
Name
Type
Description
pretty
boolean

Pretty print the json output

Body (application/json)
Name
Type
Description
siteNames
string array
read only: true
required: true
unique items: true

Sites with the rule available.

type
string
required: true

Type of rule (request, signal exclusion, rateLimit)

enabled
boolean
required: true
groupOperator
string
required: true

Conditions that must be matched when evaluating the request (all, any)

conditions
object array
min items: 1
required: true
unique items: true
type
string
required: true

(group, single, multival)

groupOperator
string

type: group - Conditions that must be matched when evaluating the request (all, any)

field
string

type: single - (scheme, method, path, useragent, domain, ip, responseCode, agentname, paramname, paramvalue, country, name, valueString, valueInt, valueIp, signalType, ja3Fingerprint)

type: multival - (postParameter, queryParameter, requestCookie, requestHeader, responseHeader, signal)

operator
string

type: single - (equals, doesNotEqual, contains, doesNotContain, greaterEqual, lesserEqual, like, notLike, exists, doesNotExist, matches, doesNotMatch, inList, notInList)

value
string

type: single - See request fields

actions
object array
required: true
unique items: true

For rateLimit rules an action with a valid type and signal is required, for all other rules only type is required

signal
string

For rateLimit rules, the signal to act upon when activating the rateLimit. Can be set to ALL-REQUESTS to act upon all requests from a client.

type
string
required: true

(block, allow, exclude, browserChallenge, verifyToken) (rateLimit rule valid values: logRequest, blockSignal, browserChallenge, verifyToken)

redirectURL
string

URL to redirect to when blockHTTPCode is 301 or 302

responseCode
integer

HTTP response code for blocked requests (default: 406)

allowInteractive
boolean

Allows switching between a non-interactive and interactive browser challenge. Only valid with the browserChallenge action type.

requestlogging
string
default: sampled
enum: sampled,none

Indicates whether to store the logs for requests that match the rule's conditions (sampled) or not store them (none). This field is only available for request rules.

rateLimit
threshold
integer

Requests counted before activating the rate limit

interval
integer

Length of time in minutes the threshold should be measured for (default: 1, options: 1, 10)

duration
integer

Length of time in seconds to enforce the rule for once activated (default: 600, minimum: 300, maximum: 86400)

signal
string
required: true

The signal id of the signal being excluded (for rateLimit rules this is the signal to be attached)

reason
string
required: true

Description of the rule

expiration
string
required: true

Date the rule will automatically be disabled. If rule is always enabled, will return empty string

Request Example
{
                                  "type": "signal",
                                  "groupOperator": "all",
                                  "conditions": [
                                    {
                                      "type": "single",
                                      "field": "ip",
                                      "operator": "equals",
                                      "value": "198.51.100.136"
                                    },
                                    {
                                      "type": "group",
                                      "groupOperator": "any",
                                      "conditions": [
                                        {
                                          "type": "single",
                                          "field": "ip",
                                          "operator": "equals",
                                          "value": "233.252.0.212"
                                        }
                                      ]
                                    }
                                  ],
                                  "actions": [
                                    {
                                      "type": "excludeSignal"
                                    }
                                  ],
                                  "enabled": true,
                                  "reason": "Example site rule",
                                  "signal": "SQLI",
                                  "expiration": ""
                                }
                                

Responses

HTTP 200
Name
Type
Description
id
string
required: true
siteNames
string array
read only: true
required: true
unique items: true

Sites with the rule available.

type
string
required: true

Type of rule (request, signal exclusion, rateLimit)

enabled
boolean
required: true
groupOperator
string
required: true

Conditions that must be matched when evaluating the request (all, any)

conditions
object array
min items: 1
required: true
unique items: true
type
string
required: true

(group, single, multival)

groupOperator
string

type: group - Conditions that must be matched when evaluating the request (all, any)

field
string

type: single - (scheme, method, path, useragent, domain, ip, responseCode, agentname, paramname, paramvalue, country, name, valueString, valueInt, valueIp, signalType, ja3Fingerprint))

type: multival - (postParameter, queryParameter, requestCookie, requestHeader, responseHeader, signal)

operator
string

type: single - (equals, doesNotEqual, contains, doesNotContain, greaterEqual, lesserEqual, like, notLike, exists, doesNotExist, matches, doesNotMatch, inList, notInList)

value
string

type: single - See request fields

actions
object array
required: true
unique items: true

For rateLimit rules an action with a valid type and signal is required, for all other rules only type is required

signal
string

For rateLimit rules, the signal to act upon when activating the rateLimit

type
string
required: true

(block, allow, exclude, browserChallenge, verifyToken) (rateLimit rule valid values: logRequest, blockSignal, browserChallenge, verifyToken)

redirectURL
string

URL to redirect to when blockHTTPCode is 301 or 302

responseCode
integer

HTTP response code for blocked requests (default: 406)

allowInteractive
boolean

Allows switching between a non-interactive and interactive browser challenge. Only valid with the browserChallenge action type.

requestlogging
string
default: sampled
enum: sampled,none

Indicates whether to store the logs for requests that match the rule's conditions (sampled) or not store them (none). This field is only available for request rules.

rateLimit
threshold
integer

Requests counted before activating the rate limit

interval
integer

Length of time in minutes the threshold should be measured for

duration
integer

Length of time in seconds to enforce the rule for once activated

reason
string
required: true

Description of the rule

expiration
string
required: true

Date the rule will automatically be disabled. If rule is always enabled, will return empty string

createdBy
string
required: true

The user that created the rule

created
string
required: true

Created RFC3339 date time

updated
string
required: true

Last updated RFC3339 date time

Response Example
{
                                    "id": "5e321810f13d660ea4cd8d0f",
                                    "siteNames": [
                                        "www.example.com"
                                    ],
                                    "type": "signal",
                                    "enabled": true,
                                    "groupOperator": "all",
                                    "conditions": [
                                        {
                                            "type": "single",
                                            "field": "ip",
                                            "operator": "equals",
                                            "value": "198.51.100.136"
                                        },
                                        {
                                            "type": "group",
                                            "groupOperator": "any",
                                            "conditions": [
                                                {
                                                    "type": "single",
                                                    "field": "ip",
                                                    "operator": "equals",
                                                    "value": "233.252.0.212"
                                                }
                                            ]
                                        }
                                    ],
                                    "actions": [
                                        {
                                            "type": "excludeSignal"
                                        }
                                    ],
                                    "signal": "SQLI",
                                    "reason": "Example site rule",
                                    "expiration": "",
                                    "createdBy": "user@example.com",
                                    "created": "2020-01-29T23:41:04Z",
                                    "updated": "2020-01-29T23:41:04Z"
                                }
                                

Get site rule by id

get /corps/{corpName}/sites/{siteName}/rules/{id}

Request

URI Parameters
Name
Type
Description
id
string
required: true

Responses

HTTP 200
Name
Type
Description
id
string
required: true
siteNames
string array
read only: true
required: true
unique items: true

Sites with the rule available.

type
string
required: true

Type of rule (request, signal exclusion, rateLimit)

enabled
boolean
required: true
groupOperator
string
required: true

Conditions that must be matched when evaluating the request (all, any)

conditions
object array
min items: 1
required: true
unique items: true
type
string
required: true

(group, single, multival)

groupOperator
string

type: group - Conditions that must be matched when evaluating the request (all, any)

field
string

type: single - (scheme, method, path, useragent, domain, ip, responseCode, agentname, paramname, paramvalue, country, name, valueString, valueInt, valueIp, signalType, ja3Fingerprint))

type: multival - (postParameter, queryParameter, requestCookie, requestHeader, responseHeader, signal)

operator
string

type: single - (equals, doesNotEqual, contains, doesNotContain, greaterEqual, lesserEqual, like, notLike, exists, doesNotExist, matches, doesNotMatch, inList, notInList)

value
string

type: single - See request fields

actions
object array
required: true
unique items: true

For rateLimit rules an action with a valid type and signal is required, for all other rules only type is required

signal
string

For rateLimit rules, the signal to act upon when activating the rateLimit

type
string
required: true

(block, allow, exclude, browserChallenge, verifyToken) (rateLimit rule valid values: logRequest, blockSignal, browserChallenge, verifyToken)

redirectURL
string

URL to redirect to when blockHTTPCode is 301 or 302

responseCode
integer

HTTP response code for blocked requests (default: 406)

allowInteractive
boolean

Allows switching between a non-interactive and interactive browser challenge. Only valid with the browserChallenge action type.

requestlogging
string
default: sampled
enum: sampled,none

Indicates whether to store the logs for requests that match the rule's conditions (sampled) or not store them (none). This field is only available for request rules.

rateLimit
threshold
integer

Requests counted before activating the rate limit

interval
integer

Length of time in minutes the threshold should be measured for

duration
integer

Length of time in seconds to enforce the rule for once activated

reason
string
required: true

Description of the rule

expiration
string
required: true

Date the rule will automatically be disabled. If rule is always enabled, will return empty string

createdBy
string
required: true

The user that created the rule

created
string
required: true

Created RFC3339 date time

updated
string
required: true

Last updated RFC3339 date time

Response Example
{
                                        "id": "5e321810f13d660ea4cd8d0f",
                                        "siteNames": [
                                            "www.example.com"
                                        ],
                                        "type": "signal",
                                        "enabled": true,
                                        "groupOperator": "all",
                                        "conditions": [
                                            {
                                                "type": "single",
                                                "field": "ip",
                                                "operator": "equals",
                                                "value": "192.0.2.137"
                                            },
                                            {
                                                "type": "group",
                                                "groupOperator": "any",
                                                "conditions": [
                                                    {
                                                        "type": "single",
                                                        "field": "ip",
                                                        "operator": "equals",
                                                        "value": "203.0.113.247"
                                                    }
                                                ]
                                            }
                                        ],
                                        "actions": [
                                            {
                                                "type": "excludeSignal"
                                            }
                                        ],
                                        "signal": "SQLI",
                                        "reason": "Example site rule",
                                        "expiration": "",
                                        "createdBy": "user@example.com",
                                        "created": "2020-01-29T23:41:04Z",
                                        "updated": "2020-01-29T23:41:04Z"
                                    }
                                    

Update site rule

put /corps/{corpName}/sites/{siteName}/rules/{id}

Request

URI Parameters
Name
Type
Description
id
string
required: true
Body (application/json)
Name
Type
Description
siteNames
string array
read only: true
unique items: true

Sites with the rule available. Rules with a global corpScope will return '[]'.

type
string
required: true

Type of rule (request, signal exclusion, rateLimit)

enabled
boolean
required: true
groupOperator
string
required: true

Conditions that must be matched when evaluating the request (all, any)

conditions
object array
min items: 1
required: true
unique items: true
type
string
required: true

(group, single, multival)

groupOperator
string

type: group - Conditions that must be matched when evaluating the request (all, any)

field
string

type: single - (scheme, method, path, useragent, domain, ip, responseCode, agentname, paramname, paramvalue, country, name, valueString, valueInt, valueIp, signalType, ja3Fingerprint)

type: multival - (postParameter, queryParameter, requestCookie, requestHeader, responseHeader, signal)

operator
string

type: single - (equals, doesNotEqual, contains, doesNotContain, greaterEqual, lesserEqual, like, notLike, exists, doesNotExist, matches, doesNotMatch, inList, notInList)

value
string

type: single - See request fields

actions
object array
required: true
unique items: true

For rateLimit rules an action with a valid type and signal is required, for all other rules only type is required

signal
string

For rateLimit rules, the signal to act upon when activating the rateLimit. Can be set to ALL-REQUESTS to act upon all requests from a client.

type
string
required: true

(block, allow, exclude, browserChallenge, verifyToken) (rateLimit rule valid values: logRequest, blockSignal, browserChallenge, verifyToken)

redirectURL
string

URL to redirect to when blockHTTPCode is 301 or 302

responseCode
integer

HTTP response code for blocked requests (default: 406)

allowInteractive
boolean

Allows switching between a non-interactive and interactive browser challenge. Only valid with the browserChallenge action type.

requestlogging
string
default: sampled
enum: sampled,none

Indicates whether to store the logs for requests that match the rule's conditions (sampled) or not store them (none). This field is only available for request rules.

rateLimit
threshold
integer

Requests counted before activating the rate limit

interval
integer

Length of time in minutes the threshold should be measured for (default: 1, options: 1, 10)

duration
integer

Length of time in seconds to enforce the rule for once activated (default: 600, minimum: 300, maximum: 86400)

signal
string
required: true

The signal id of the signal being excluded (for rateLimit rules this is the signal to be attached)

reason
string
required: true

Description of the rule

expiration
string
required: true

Date the rule will automatically be disabled. If rule is always enabled, will return empty string

Request Example
{
                                      "id": "5e321810f13d660ea4cd8d0f",
                                      "type": "signal",
                                      "enabled": true,
                                      "groupOperator": "all",
                                      "conditions": [
                                        {
                                          "type": "single",
                                          "field": "ip",
                                          "operator": "equals",
                                          "value": "198.51.100.177"
                                        },
                                        {
                                          "type": "group",
                                          "groupOperator": "any",
                                          "conditions": [
                                            {
                                              "type": "single",
                                              "field": "ip",
                                              "operator": "equals",
                                              "value": "203.0.113.247"
                                            }
                                          ]
                                        }
                                      ],
                                      "actions": [
                                        {
                                          "type": "excludeSignal"
                                        }
                                      ],
                                      "signal": "SQLI",
                                      "reason": "Known malicious IPs",
                                      "expiration": ""
                                    }
                                    

Responses

HTTP 200
Name
Type
Description
id
string
required: true
siteNames
string array
read only: true
required: true
unique items: true

Sites with the rule available.

type
string
required: true

Type of rule (request, signal exclusion, rateLimit)

enabled
boolean
required: true
groupOperator
string
required: true

Conditions that must be matched when evaluating the request (all, any)

conditions
object array
min items: 1
required: true
unique items: true
type
string
required: true

(group, single, multival)

groupOperator
string

type: group - Conditions that must be matched when evaluating the request (all, any)

field
string

type: single - (scheme, method, path, useragent, domain, ip, responseCode, agentname, paramname, paramvalue, country, name, valueString, valueInt, valueIp, signalType, ja3Fingerprint))

type: multival - (postParameter, queryParameter, requestCookie, requestHeader, responseHeader, signal)

operator
string

type: single - (equals, doesNotEqual, contains, doesNotContain, greaterEqual, lesserEqual, like, notLike, exists, doesNotExist, matches, doesNotMatch, inList, notInList)

value
string

type: single - See request fields

actions
object array
required: true
unique items: true

For rateLimit rules an action with a valid type and signal is required, for all other rules only type is required

signal
string

For rateLimit rules, the signal to act upon when activating the rateLimit

type
string
required: true

(block, allow, exclude, browserChallenge, verifyToken) (rateLimit rule valid values: logRequest, blockSignal, browserChallenge, verifyToken)

redirectURL
string

URL to redirect to when blockHTTPCode is 301 or 302

responseCode
integer

HTTP response code for blocked requests (default: 406)

allowInteractive
boolean

Allows switching between a non-interactive and interactive browser challenge. Only valid with the browserChallenge action type.

requestlogging
string
default: sampled
enum: sampled,none

Indicates whether to store the logs for requests that match the rule's conditions (sampled) or not store them (none). This field is only available for request rules.

rateLimit
threshold
integer

Requests counted before activating the rate limit

interval
integer

Length of time in minutes the threshold should be measured for

duration
integer

Length of time in seconds to enforce the rule for once activated

reason
string
required: true

Description of the rule

expiration
string
required: true

Date the rule will automatically be disabled. If rule is always enabled, will return empty string

createdBy
string
required: true

The user that created the rule

created
string
required: true

Created RFC3339 date time

updated
string
required: true

Last updated RFC3339 date time

Response Example
{
                                        "id": "5e321810f13d660ea4cd8d0f",
                                        "siteNames": [
                                            "www.example.com"
                                        ],
                                        "type": "signal",
                                        "enabled": true,
                                        "groupOperator": "all",
                                        "conditions": [
                                            {
                                                "type": "single",
                                                "field": "ip",
                                                "operator": "equals",
                                                "value": "198.51.100.177"
                                            },
                                            {
                                                "type": "group",
                                                "groupOperator": "any",
                                                "conditions": [
                                                    {
                                                        "type": "single",
                                                        "field": "ip",
                                                        "operator": "equals",
                                                        "value": "203.0.113.247"
                                                    }
                                                ]
                                            }
                                        ],
                                        "actions": [
                                            {
                                                "type": "excludeSignal"
                                            }
                                        ],
                                        "signal": "SQLI",
                                        "reason": "Known malicious IPs",
                                        "expiration": "",
                                        "createdBy": "user@example.com",
                                        "created": "2020-01-29T23:41:04Z",
                                        "updated": "2020-01-29T23:45:21Z"
                                    }
                                    

Delete rule from site

delete /corps/{corpName}/sites/{siteName}/rules/{id}

Request

URI Parameters
Name
Type
Description
id
string
required: true

Responses

HTTP 204

Delete successful

List available rule templates

get /corps/{corpName}/sites/{siteName}/templates

Request

Query Parameters
Name
Type
Description
pretty
boolean

Pretty print the json output

Responses

HTTP 200
Name
Type
Description
data
template array
required: true
id
string
name
string

Name of templated rule

shortName
string

Display name of templated rule

description
string

Description of templated rule

fields
object array
unique items: true
name
string
required: true

Name of template field

type
string
required: true

Value type of template field

label
string
required: true

Short description for template field

placeholder
string
required: true

Placeholder value for template field

Response Example
{
                                  "data": [
                                    {
                                      "id": "LOGINATTEMPT",
                                      "name": "LOGINATTEMPT",
                                      "shortName": "Login Attempts",
                                      "description": "Indicates a login attempt",
                                      "fields": [
                                        {
                                            "name": "path",
                                            "type": "string",
                                            "label": "If a request's POST path equals",
                                            "placeholder": "/auth/*"
                                        }
                                      ]
                                    },
                                    {
                                      "id": "REGATTEMPT",
                                      "name": "REGATTEMPT",
                                      "shortName": "Registration Attempts",
                                      "description": "Indicates a registration attempt",
                                      "fields": [
                                        {
                                            "name": "path",
                                            "type": "string",
                                            "label": "If a request's POST path equals",
                                            "placeholder": "/register/*"
                                        }
                                      ]
                                    }
                                  ]
                                }
                                

Get rule template by id

get /corps/{corpName}/sites/{siteName}/templates/{id}

Request

URI Parameters
Name
Type
Description
id
string
required: true

Responses

HTTP 200
Name
Type
Description
id
string
name
string

Name of templated rule

shortName
string

Display name of templated rule

description
string

Description of templated rule

fields
object array
unique items: true
name
string
required: true

Name of template field

type
string
required: true

Value type of template field

label
string
required: true

Short description for template field

placeholder
string
required: true

Placeholder value for template field

Response Example
{
                                      "id": "LOGINATTEMPT",
                                      "name": "LOGINATTEMPT",
                                      "shortName": "Login Attempts",
                                      "description": "Indicates a login attempt",
                                      "fields": [
                                          {
                                              "name": "path",
                                              "type": "string",
                                              "label": "If a request's POST path equals",
                                              "placeholder": "/auth/*"
                                          }
                                      ]
                                    }
                                    
HTTP 404
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"ID not found"}
                                    

List configured templated rules

get /corps/{corpName}/sites/{siteName}/configuredtemplates

Request

Query Parameters
Name
Type
Description
pretty
boolean

Pretty print the json output

Responses

HTTP 200
Name
Type
Description
data
configuredTemplate array
required: true
name
string
required: true
detections
configuredTemplateDetection array
required: true
id
string
required: true
name
string
required: true

Name of templated rule

enabled
boolean
required: true

A flag to toggle this detection

fields
object array
unique items: true
name
string
required: true
value
integer,string,boolean
required: true
createdBy
string
required: true

The email of the user that created the alert

created
string
required: true

Created RFC3339 date time

alerts
alert array
required: true
id
string
required: true

Site-specific unique ID of the alert

tagName
string
required: true

The name of the tag whose occurrences the alert is watching.

longName
string
required: true

A human readable description of the alert. Must be between 3 and 25 characters.

type
string
required: true

Type of alert (siteAlert, template, rateLimit, siteMetric)

interval
integer
required: true

The number of minutes of past traffic to examine. Must be 1, 10 or 60.

threshold
integer
required: true

The number of occurrences of the tag in the interval needed to trigger the alert.

blockDurationSeconds
integer

The number of seconds this alert is active.

skipNotifications
boolean

A flag to disable external notifications - slack, webhooks, emails, etc.

enabled
boolean
required: true

A flag to toggle this alert.

action
string
required: true

A flag that describes what happens when the alert is triggered. 'info' creates an incident in the dashboard. 'flagged' creates an incident and blocks traffic for 24 hours.

fieldName
string
required: true
createdBy
string
required: true

The email of the user that created the alert

created
string
required: true

Created RFC3339 date time

operator
string
Response Example
{
                                  "data": [
                                    {
                                      "name": "LOGINATTEMPT",
                                      "detections": [
                                          {
                                              "id": "5e4d815ac931492a13d95e60",
                                              "name": "LOGINATTEMPT",
                                              "enabled": true,
                                              "fields": [
                                                  {
                                                      "name": "path",
                                                      "value": "/auth/*"
                                                  }
                                              ],
                                              "created": "2020-02-19T10:41:30-08:00",
                                              "createdBy": "user@example.com"
                                          }
                                      ],
                                      "alerts": [
                                          {
                                              "id": "5e4d815ac931492a13d95e62",
                                              "tagName": "LOGINATTEMPT",
                                              "longName": "LOGINATTEMPT-50-in-1",
                                              "type": "template",
                                              "interval": 1,
                                              "threshold": 50,
                                              "skipNotifications": false,
                                              "enabled": true,
                                              "action": "info",
                                              "fieldName": "remoteIP",
                                              "createdBy": "",
                                              "created": "2020-02-19T18:41:30Z"
                                          }
                                      ]
                                    }
                                  ]
                                }
                                

Get configured template rule by id

get /corps/{corpName}/sites/{siteName}/configuredtemplates/{id}

Request

URI Parameters
Name
Type
Description
id
string
required: true

Responses

HTTP 200
Name
Type
Description
id
string
name
string

Name of templated rule

shortName
string

Display name of templated rule

description
string

Description of templated rule

fields
object array
unique items: true
name
string
required: true

Name of template field

type
string
required: true

Value type of template field

label
string
required: true

Short description for template field

placeholder
string
required: true

Placeholder value for template field

Response Example
{
                                      "name": "LOGINATTEMPT",
                                      "detections": [
                                          {
                                              "id": "5e4d815ac931492a13d95e60",
                                              "name": "LOGINATTEMPT",
                                              "enabled": true,
                                              "fields": [
                                                  {
                                                      "name": "path",
                                                      "value": "/auth/*"
                                                  }
                                              ],
                                              "created": "2020-02-19T10:41:30-08:00",
                                              "createdBy": "user@example.com"
                                          }
                                      ],
                                      "alerts": [
                                          {
                                              "id": "5e4d815ac931492a13d95e62",
                                              "tagName": "LOGINATTEMPT",
                                              "longName": "LOGINATTEMPT-50-in-1",
                                              "type": "template",
                                              "interval": 1,
                                              "threshold": 50,
                                              "skipNotifications": false,
                                              "enabled": true,
                                              "action": "info",
                                              "fieldName": "remoteIP",
                                              "createdBy": "",
                                              "created": "2020-02-19T18:41:30Z"
                                          }
                                      ]
                                    }
                                    
HTTP 404
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"ID not found"}
                                    

Update site template rule by name

post /corps/{corpName}/sites/{siteName}/configuredtemplates/{id}

Request

URI Parameters
Name
Type
Description
id
string
required: true
Body (application/json)
Name
Type
Description
alertAdds
configuredTemplateAlertAdd array
required: true
longName
string

A human readable description of the alert. Must be between 3 and 25 characters.

interval
integer

The number of minutes of past traffic to examine. Must be 1, 10 or 60.

threshold
integer
min: 1
max: 10000

The number of occurrences of the tag in the interval needed to trigger the alert.

skipNotifications
boolean

A flag to disable external notifications - slack, webhooks, emails, etc.

enabled
boolean

A flag to toggle this alert.

action
string

A flag that describes what happens when the alert is triggered. 'info' creates an incident in the dashboard. 'flagged' creates an incident and blocks traffic for 24 hours.

alertDeletes
alert array
required: true
id
string
required: true

Site-specific unique ID of the alert

tagName
string
required: true

The name of the tag whose occurrences the alert is watching.

longName
string
required: true

A human readable description of the alert. Must be between 3 and 25 characters.

type
string
required: true

Type of alert (siteAlert, template, rateLimit, siteMetric)

interval
integer
required: true

The number of minutes of past traffic to examine. Must be 1, 10 or 60.

threshold
integer
required: true

The number of occurrences of the tag in the interval needed to trigger the alert.

blockDurationSeconds
integer

The number of seconds this alert is active.

skipNotifications
boolean

A flag to disable external notifications - slack, webhooks, emails, etc.

enabled
boolean
required: true

A flag to toggle this alert.

action
string
required: true

A flag that describes what happens when the alert is triggered. 'info' creates an incident in the dashboard. 'flagged' creates an incident and blocks traffic for 24 hours.

fieldName
string
required: true
createdBy
string
required: true

The email of the user that created the alert

created
string
required: true

Created RFC3339 date time

operator
string
alertUpdates
alert array
required: true
id
string
required: true

Site-specific unique ID of the alert

tagName
string
required: true

The name of the tag whose occurrences the alert is watching.

longName
string
required: true

A human readable description of the alert. Must be between 3 and 25 characters.

type
string
required: true

Type of alert (siteAlert, template, rateLimit, siteMetric)

interval
integer
required: true

The number of minutes of past traffic to examine. Must be 1, 10 or 60.

threshold
integer
required: true

The number of occurrences of the tag in the interval needed to trigger the alert.

blockDurationSeconds
integer

The number of seconds this alert is active.

skipNotifications
boolean

A flag to disable external notifications - slack, webhooks, emails, etc.

enabled
boolean
required: true

A flag to toggle this alert.

action
string
required: true

A flag that describes what happens when the alert is triggered. 'info' creates an incident in the dashboard. 'flagged' creates an incident and blocks traffic for 24 hours.

fieldName
string
required: true
createdBy
string
required: true

The email of the user that created the alert

created
string
required: true

Created RFC3339 date time

operator
string
detectionAdds
configuredTemplateDetectionAdd array
required: true
enabled
boolean
required: true

A flag to toggle this detection

fields
object array
min items: 1
unique items: true
name
string
required: true
value
integer,string,boolean
required: true
detectionDeletes
configuredTemplateDetection array
required: true
id
string
required: true
name
string
required: true

Name of templated rule

enabled
boolean
required: true

A flag to toggle this detection

fields
object array
unique items: true
name
string
required: true
value
integer,string,boolean
required: true
createdBy
string
required: true

The email of the user that created the alert

created
string
required: true

Created RFC3339 date time

detectionUpdates
configuredTemplateDetection array
required: true
id
string
required: true
name
string
required: true

Name of templated rule

enabled
boolean
required: true

A flag to toggle this detection

fields
object array
unique items: true
name
string
required: true
value
integer,string,boolean
required: true
createdBy
string
required: true

The email of the user that created the alert

created
string
required: true

Created RFC3339 date time

Request Example
{
                                      "alertAdds": [
                                          {
                                              "action": "info",
                                              "enabled": true,
                                              "interval": 1,
                                              "skipNotifications": false,
                                              "longName": "LOGINATTEMPT-50-in-1",
                                              "threshold": 50
                                          }
                                      ],
                                      "alertDeletes": [],
                                      "alertUpdates": [],
                                      "detectionAdds": [
                                          {
                                              "name": "LOGINATTEMPT",
                                              "enabled": true,
                                              "fields": [
                                                  {
                                                      "name": "path",
                                                      "value": "/auth/*"
                                                  }
                                              ]
                                          }
                                      ],
                                      "detectionDeletes": [],
                                      "detectionUpdates": []
                                    }
                                    

Responses

HTTP 200
Name
Type
Description
name
string
required: true
detections
configuredTemplateDetection array
required: true
id
string
required: true
name
string
required: true

Name of templated rule

enabled
boolean
required: true

A flag to toggle this detection

fields
object array
unique items: true
name
string
required: true
value
integer,string,boolean
required: true
createdBy
string
required: true

The email of the user that created the alert

created
string
required: true

Created RFC3339 date time

alerts
alert array
required: true
id
string
required: true

Site-specific unique ID of the alert

tagName
string
required: true

The name of the tag whose occurrences the alert is watching.

longName
string
required: true

A human readable description of the alert. Must be between 3 and 25 characters.

type
string
required: true

Type of alert (siteAlert, template, rateLimit, siteMetric)

interval
integer
required: true

The number of minutes of past traffic to examine. Must be 1, 10 or 60.

threshold
integer
required: true

The number of occurrences of the tag in the interval needed to trigger the alert.

blockDurationSeconds
integer

The number of seconds this alert is active.

skipNotifications
boolean

A flag to disable external notifications - slack, webhooks, emails, etc.

enabled
boolean
required: true

A flag to toggle this alert.

action
string
required: true

A flag that describes what happens when the alert is triggered. 'info' creates an incident in the dashboard. 'flagged' creates an incident and blocks traffic for 24 hours.

fieldName
string
required: true
createdBy
string
required: true

The email of the user that created the alert

created
string
required: true

Created RFC3339 date time

operator
string
Response Example
{
                                      "name": "LOGINATTEMPT",
                                      "detections": [
                                          {
                                              "id": "5e4d815ac931492a13d95e60",
                                              "name": "LOGINATTEMPT",
                                              "enabled": true,
                                              "fields": [
                                                  {
                                                      "name": "path",
                                                      "value": "/auth/*"
                                                  }
                                              ],
                                              "created": "2020-02-19T10:41:30-08:00",
                                              "createdBy": "user@example.com"
                                          }
                                      ],
                                      "alerts": [
                                          {
                                              "id": "5e4d815ac931492a13d95e62",
                                              "tagName": "LOGINATTEMPT",
                                              "longName": "LOGINATTEMPT-50-in-1",
                                              "type": "template",
                                              "interval": 1,
                                              "threshold": 50,
                                              "skipNotifications": false,
                                              "enabled": true,
                                              "action": "info",
                                              "fieldName": "remoteIP",
                                              "createdBy": "",
                                              "created": "2020-02-19T18:41:30Z"
                                          }
                                      ]
                                    }
                                    
HTTP 400
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"Validation failed"}
                                    

List signal tags in site

get /corps/{corpName}/sites/{siteName}/tags

Request

Query Parameters
Name
Type
Description
pretty
boolean

Pretty print the json output

Responses

HTTP 200
Name
Type
Description
data
siteSignalTag array
required: true
unique items: true
shortName
string
required: true

The display name of the signal tag

tagName
string
required: true

The identifier for the signal tag

longName
string
read only: true
required: true

The display name of the signal tag - deprecated

description
string
required: true

Optional signal tag description

configurable
boolean
read only: true
required: true
informational
boolean
read only: true
required: true
needsResponse
boolean
read only: true
required: true
createdBy
string
read only: true

Email address of the user that created the resource

created
string
read only: true
required: true

Created RFC3339 date time

Response Example
{
                                  "data": [
                                    {
                                      "shortName": "OAuth Login",
                                      "tagName": "site.oauth-login",
                                      "longName": "OAuth Login",
                                      "description": "An attempt to sign in via OAuth. Tracks the occurrence of a specific event that only happens on our site",
                                      "configurable": false,
                                      "informational": false,
                                      "needsResponse": false,
                                      "createdBy": "user@example.com",
                                      "created": "2020-01-21T21:31:52Z"
                                    }
                                  ]
                                }
                                

Create site signal tag

post /corps/{corpName}/sites/{siteName}/tags

Request

Body (application/json)
Name
Type
Description
shortName
string
min len: 3
max len: 25
required: true

The display name of the signal tag

description
string
max len: 140

Optional signal tag description

Request Example
{
                                  "shortName": "example-signal-tag",
                                  "description": "Tracks the occurrence of a specific event that only happens on our site."
                                }
                                

Responses

HTTP 201
Name
Type
Description
shortName
string
required: true

The display name of the signal tag

tagName
string
required: true

The identifier for the signal tag

longName
string
read only: true
required: true

The display name of the signal tag - deprecated

description
string
required: true

Optional signal tag description

configurable
boolean
read only: true
required: true
informational
boolean
read only: true
required: true
needsResponse
boolean
read only: true
required: true
createdBy
string
read only: true

Email address of the user that created the resource

created
string
read only: true
required: true

Created RFC3339 date time

Response Example
{
                                  "shortName": "example-signal-tag",
                                  "tagName": "site.example-signal-tag",
                                  "longName": "example-signal-tag",
                                  "description": "Tracks the occurrence of a specific event that only happens on our site",
                                  "configurable": false,
                                  "informational": false,
                                  "needsResponse": false,
                                  "createdBy": "user@example.com",
                                  "created": "2020-01-21T23:23:03Z"
                                }
                                
HTTP 400
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"validation error/duplicate tag name"}
                                

Get site signal tag by tagName

get /corps/{corpName}/sites/{siteName}/tags/{tagName}

Request

URI Parameters
Name
Type
Description
tagName
string
required: true

Responses

HTTP 200
Name
Type
Description
shortName
string
required: true

The display name of the signal tag

tagName
string
required: true

The identifier for the signal tag

longName
string
read only: true
required: true

The display name of the signal tag - deprecated

description
string
required: true

Optional signal tag description

configurable
boolean
read only: true
required: true
informational
boolean
read only: true
required: true
needsResponse
boolean
read only: true
required: true
createdBy
string
read only: true

Email address of the user that created the resource

created
string
read only: true
required: true

Created RFC3339 date time

Response Example
{
                                      "shortName": "example-signal-tag",
                                      "tagName": "site.example-signal-tag",
                                      "longName": "example-signal-tag",
                                      "description": "An example of a custom site signal tag",
                                      "configurable": false,
                                      "informational": false,
                                      "needsResponse": false,
                                      "createdBy": "user@example.com",
                                      "created": "2020-01-21T23:23:03Z"
                                    }
                                    

Update site signal tag

patch /corps/{corpName}/sites/{siteName}/tags/{tagName}

Request

URI Parameters
Name
Type
Description
tagName
string
required: true
Body (application/json)
Name
Type
Description
description
string
max len: 140
required: true

Optional signal tag description

Request Example
{
                                     "description": "An updated example of a custom signal tag."
                                    }
                                    

Responses

HTTP 200
Name
Type
Description
shortName
string
required: true

The display name of the signal tag

tagName
string
required: true

The identifier for the signal tag

longName
string
read only: true
required: true

The display name of the signal tag - deprecated

description
string
required: true

Optional signal tag description

configurable
boolean
read only: true
required: true
informational
boolean
read only: true
required: true
needsResponse
boolean
read only: true
required: true
createdBy
string
read only: true

Email address of the user that created the resource

created
string
read only: true
required: true

Created RFC3339 date time

Response Example
{
                                      "shortName": "example-signal-tag",
                                      "tagName": "site.example-signal-tag",
                                      "longName": "example-signal-tag",
                                      "description": "An updated example of a custom signal tag.",
                                      "configurable": false,
                                      "informational": false,
                                      "needsResponse": false,
                                      "createdBy": "user@example.com",
                                      "created": "2020-01-21T23:23:03Z"
                                    }
                                    

Delete signal tag from site

delete /corps/{corpName}/sites/{siteName}/tags/{tagName}

Request

URI Parameters
Name
Type
Description
tagName
string
required: true

Responses

HTTP 204

Delete successful

Get all lists

get /corps/{corpName}/sites/{siteName}/lists

Request

Responses

HTTP 200
Name
Type
Description
data
list array
required: true
id
string

Site-specific unique ID of the list

name
string
min len: 3
max len: 32

Descriptive list name

type
string

List types (string, ip, country, wildcard)

description
string
max len: 140

Optional list description

entries
string array

List entries

createdBy
string
read only: true

Email address of the user that created the item

created
string
format: date-time
read only: true

Created RFC3339 date time

updated
string
format: date-time
read only: true

Last updated RFC3339 date time

Response Example
{
                                  "data": [
                                    {
                                      "id": "site.known-attackers",
                                      "name": "Known Attackers",
                                      "type": "ip",
                                      "description": "Malicious IPs we're tracking",
                                      "entries": [
                                        "203.0.113.247",
                                        "198.51.100.177",
                                        "192.0.2.137"
                                      ],
                                      "createdBy": "user@example.com",
                                      "created": "2018-08-06T18:57:55Z",
                                      "updated": "2018-08-13T15:26:01Z"
                                    },
                                    {
                                      "id": "site.ofac-countries",
                                      "name": "OFAC Countries",
                                      "type": "country",
                                      "description": "Countries on the OFAC list",
                                      "entries": [
                                        "MM",
                                        "CI",
                                        "CU",
                                        "IR",
                                        "KP",
                                        "SY"
                                      ],
                                      "createdBy": "user@example.com",
                                      "created": "2018-08-03T20:50:54Z",
                                      "updated": "2018-08-03T20:50:59Z"
                                    }
                                  ]
                                }
                                

Create list

post /corps/{corpName}/sites/{siteName}/lists

Request

Body (application/json)
Name
Type
Description
name
string
min len: 3
max len: 32

Descriptive list name

type
string

List types (string, ip, country, wildcard, signal)

description
string
max len: 140

Optional list description

entries
string array

List entries

Request Example
{
                                  "name": "My New List",
                                  "type": "ip",
                                  "description": "Some IPs we're putting in a list",
                                  "entries": [
                                    "203.0.113.247",
                                    "198.51.100.177",
                                    "192.0.2.137"
                                  ]
                                }
                                

Responses

HTTP 200
Name
Type
Description
id
string

Site-specific unique ID of the list

name
string
min len: 3
max len: 32

Descriptive list name

type
string

List types (string, ip, country, wildcard)

description
string
max len: 140

Optional list description

entries
string array

List entries

createdBy
string
read only: true

Email address of the user that created the item

created
string
format: date-time
read only: true

Created RFC3339 date time

updated
string
format: date-time
read only: true

Last updated RFC3339 date time

Response Example
{
                                  "id": "site.my-new-list",
                                  "name": "My New List",
                                  "type": "ip",
                                  "description": "Some IPs we're putting in a list",
                                  "entries": [
                                    "203.0.113.247",
                                    "198.51.100.177",
                                    "192.0.2.137"
                                  ],
                                  "createdBy": "user@example.com",
                                  "created": "2018-08-16T17:38:27Z",
                                  "updated": "2018-08-16T17:38:27Z"
                                }
                                
HTTP 400
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"List cannot be deleted because a rule uses it"}
                                

Get list by id

get /corps/{corpName}/sites/{siteName}/lists/{id}

Request

URI Parameters
Name
Type
Description
id
string
required: true

Responses

HTTP 200
Name
Type
Description
id
string

Site-specific unique ID of the list

name
string
min len: 3
max len: 32

Descriptive list name

type
string

List types (string, ip, country, wildcard)

description
string
max len: 140

Optional list description

entries
string array

List entries

createdBy
string
read only: true

Email address of the user that created the item

created
string
format: date-time
read only: true

Created RFC3339 date time

updated
string
format: date-time
read only: true

Last updated RFC3339 date time

Response Example
{
                                      "id": "site.my-new-list",
                                      "name": "My New List",
                                      "type": "ip",
                                      "description": "Some IPs we're putting in a list",
                                      "entries": [
                                        "203.0.113.247",
                                        "198.51.100.177",
                                        "192.0.2.137"
                                      ],
                                      "createdBy": "user@example.com",
                                      "created": "2018-08-16T17:38:27Z",
                                      "updated": "2018-08-16T17:38:27Z"
                                    }
                                    
HTTP 404
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"ID not found"}
                                    

Update list by id

patch /corps/{corpName}/sites/{siteName}/lists/{id}

Request

URI Parameters
Name
Type
Description
id
string
required: true
Body (application/json)
Name
Type
Description
description
string
max len: 140

Optional list description

entries
additions
string array

List additions

deletions
string array

List deletions

Request Example
{
                                      "entries": {
                                        "additions": [
                                          "203.0.113.6"
                                        ],
                                        "deletions": [
                                          "203.0.113.247",
                                          "192.0.2.137"
                                        ]
                                      }
                                    }
                                    

Responses

HTTP 200
Name
Type
Description
id
string

Site-specific unique ID of the list

name
string
min len: 3
max len: 32

Descriptive list name

type
string

List types (string, ip, country, wildcard)

description
string
max len: 140

Optional list description

entries
string array

List entries

createdBy
string
read only: true

Email address of the user that created the item

created
string
format: date-time
read only: true

Created RFC3339 date time

updated
string
format: date-time
read only: true

Last updated RFC3339 date time

Response Example
{
                                      "id": "site.my-new-list",
                                      "name": "My New List",
                                      "type": "ip",
                                      "description": "Some IPs we're still putting in a list",
                                      "entries": [
                                        "198.51.100.177",
                                        "203.0.113.6"
                                      ],
                                      "createdBy": "user@example.com",
                                      "created": "2018-08-16T17:38:27Z",
                                      "updated": "2018-08-16T21:43:08Z"
                                    }
                                    
HTTP 404
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"ID not found"}
                                    

Replace list by id

put /corps/{corpName}/sites/{siteName}/lists/{id}

Request

URI Parameters
Name
Type
Description
id
string
required: true
Body (application/json)
Name
Type
Description
description
string
max len: 140

Optional list description

entries
string array

List entries

Request Example
{
                                      "description": "Some IPs we're still putting in a list",
                                      "entries": [
                                        "203.0.113.247",
                                        "192.0.2.137",
                                        "192.0.2.223"
                                      ]
                                    }
                                    

Responses

HTTP 200
Name
Type
Description
id
string

Site-specific unique ID of the list

name
string
min len: 3
max len: 32

Descriptive list name

type
string

List types (string, ip, country, wildcard)

description
string
max len: 140

Optional list description

entries
string array

List entries

createdBy
string
read only: true

Email address of the user that created the item

created
string
format: date-time
read only: true

Created RFC3339 date time

updated
string
format: date-time
read only: true

Last updated RFC3339 date time

Response Example
{
                                      "id": "site.my-new-list",
                                      "name": "My New List",
                                      "type": "ip",
                                      "description": "Some IPs we're still putting in a list",
                                      "entries": [
                                        "203.0.113.247",
                                        "192.0.2.137",
                                        "192.0.2.223"
                                      ],
                                      "createdBy": "user@example.com",
                                      "created": "2018-08-16T17:38:27Z",
                                      "updated": "2018-08-16T21:43:08Z"
                                    }
                                    
HTTP 404
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"ID not found"}
                                    

Delete list

delete /corps/{corpName}/sites/{siteName}/lists/{id}

Request

URI Parameters
Name
Type
Description
id
string
required: true

Responses

HTTP 204

Successful removal from the list

HTTP 404
Name
Type
Description
message
string
read only: true

Error message

Response Example
{"message":"ID not found"}
                                    

List alerts

get /corps/{corpName}/sites/{siteName}/alerts

Request

Responses

HTTP 200
Name
Type
Description
data
alert array
required: true
id
string
required: true

Site-specific unique ID of the alert

tagName
string
required: true

The name of the tag whose occurrences the alert is watching.

longName
string
required: true

A human readable description of the alert. Must be between 3 and 25 characters.

type
string
required: true

Type of alert (siteAlert, template, rateLimit, siteMetric)

interval
integer
required: true

The number of minutes of past traffic to examine. Must be 1, 10 or 60.

threshold
integer
required: true

The number of occurrences of the tag in the interval needed to trigger the alert.

blockDurationSeconds
integer

The number of seconds this alert is active.

skipNotifications
boolean

A flag to disable external notifications - slack, webhooks, emails, etc.

enabled
boolean
required: true

A flag to toggle this alert.

action
string
required: true

A flag that describes what happens when the alert is triggered. 'info' creates an incident in the dashboard. 'flagged' creates an incident and blocks traffic for 24 hours.

fieldName
string
required: true
createdBy
string
required: true

The email of the user that created the alert

created
string
required: true

Created RFC3339 date time

operator
string
Response Example
{
                                  data: [
                                    {
                                        "id": "5e45dc78c931491dc923e4a6",
                                        "tagName": "site.example-signal-tag",
                                        "longName": "Alert",
                                        "type": "siteAlert",
                                        "interval": 1,
                                        "threshold": 10,
                                        "skipNotifications": false,
                                        "enabled": true,
                                        "action": "flagged",
                                        "fieldName": "remoteIP",
                                        "createdBy": "user@example.com",
                                        "created": "2020-02-13T23:23:03Z",
                                        "updated": "2020-01-13T23:23:03Z"
                                    }
                                  ]
                                }
                                

Create alert

post /corps/{corpName}/sites/{siteName}/alerts

Request

Body (application/json)
Name
Type
Description
tagName
string

The name of the tag whose occurrences the alert is watching. Must match an existing tag

longName
string

A human readable description of the alert. Must be between 3 and 25 characters.

interval
integer

The number of minutes of past traffic to examine. Must be 1, 10 or 60.

threshold
integer
min: 1
max: 10000

The number of occurrences of the tag in the interval needed to trigger the alert.

blockDurationSeconds
integer

The number of seconds this alert is active.

enabled
boolean

A flag to toggle this alert.

action
string

A flag that describes what happens when the alert is triggered. 'info' creates an incident in the dashboard. 'flagged' creates an incident and blocks traffic for 24 hours.

Request Example
{
                                  "tagName": "custom-tag",
                                  "longName": "Example Alert",
                                  "interval": 1,
                                  "threshold": 10,
                                  "enabled": true,
                                  "action": "flagged"
                                }
                                

Responses

HTTP 201
Name
Type
Description
id
string
required: true

Site-specific unique ID of the alert

tagName
string
required: true

The name of the tag whose occurrences the alert is watching.

longName
string
required: true

A human readable description of the alert. Must be between 3 and 25 characters.

type
string
required: true

Type of alert (siteAlert, template, rateLimit, siteMetric)

interval
integer
required: true

The number of minutes of past traffic to examine. Must be 1, 10 or 60.

threshold
integer
required: true

The number of occurrences of the tag in the interval needed to trigger the alert.

blockDurationSeconds
integer

The number of seconds this alert is active.

skipNotifications
boolean

A flag to disable external notifications - slack, webhooks, emails, etc.

enabled
boolean
required: true

A flag to toggle this alert.

action
string
required: true

A flag that describes what happens when the alert is triggered. 'info' creates an incident in the dashboard. 'flagged' creates an incident and blocks traffic for 24 hours.

fieldName
string
required: true
createdBy
string
required: true

The email of the user that created the alert

created
string
required: true

Created RFC3339 date time

operator
string
Response Example
{
                                  "id": "5e45dc78c931491dc923e4a6",
                                  "tagName": "site.example-signal-tag",
                                  "longName": "Alert",
                                  "type": "siteAlert",
                                  "interval": 1,
                                  "threshold": 10,
                                  "skipNotifications": false,
                                  "enabled": true,
                                  "action": "flagged",
                                  "fieldName": "remoteIP",
                                  "createdBy": "user@example.com",
                                  "created": "2020-02-13T23:23:03Z",
                                  "updated": "2020-01-13T23:23:03Z"
                                }
                                

Get alert

get /corps/{corpName}/sites/{siteName}/alerts/{id}

Request

URI Parameters
Name
Type
Description
id
string
required: true

Responses

HTTP 200
Name
Type
Description
id
string
required: true

Site-specific unique ID of the alert

tagName
string
required: true

The name of the tag whose occurrences the alert is watching.

longName
string
required: true

A human readable description of the alert. Must be between 3 and 25 characters.

type
string
required: true

Type of alert (siteAlert, template, rateLimit, siteMetric)

interval
integer
required: true

The number of minutes of past traffic to examine. Must be 1, 10 or 60.

threshold
integer
required: true

The number of occurrences of the tag in the interval needed to trigger the alert.

blockDurationSeconds
integer

The number of seconds this alert is active.

skipNotifications
boolean

A flag to disable external notifications - slack, webhooks, emails, etc.

enabled
boolean
required: true

A flag to toggle this alert.

action
string
required: true

A flag that describes what happens when the alert is triggered. 'info' creates an incident in the dashboard. 'flagged' creates an incident and blocks traffic for 24 hours.

fieldName
string
required: true
createdBy
string
required: true

The email of the user that created the alert

created
string
required: true

Created RFC3339 date time

operator
string
Response Example
{
                                      "id": "5e45dc78c931491dc923e4a6",
                                      "tagName": "site.example-signal-tag",
                                      "longName": "Alert",
                                      "type": "siteAlert",
                                      "interval": 1,
                                      "threshold": 10,
                                      "skipNotifications": false,
                                      "enabled": true,
                                      "action": "flagged",
                                      "fieldName": "remoteIP",
                                      "createdBy": "user@example.com",
                                      "created": "2020-02-13T23:23:03Z",
                                      "updated": "2020-01-13T23:23:03Z"
                                    }
                                    

Update alert

patch /corps/{corpName}/sites/{siteName}/alerts/{id}

Request

URI Parameters
Name
Type
Description
id
string
required: true
Body (application/json)
Name
Type
Description
tagName
string

The name of the tag whose occurrences the alert is watching. Must match an existing tag

longName
string

A human readable description of the alert. Must be between 3 and 25 characters.

interval
integer

The number of minutes of past traffic to examine. Must be 1, 10 or 60.

threshold
integer
min: 1
max: 10000

The number of occurrences of the tag in the interval needed to trigger the alert.

blockDurationSeconds
integer

The number of seconds this alert is active.

enabled
boolean

A flag to toggle this alert.

action
string

A flag that describes what happens when the alert is triggered. 'info' creates an incident in the dashboard. 'flagged' creates an incident and blocks traffic for 24 hours.

Request Example
{
                                      "tagName": "custom-tag",
                                      "interval": 1,
                                      "threshold": 10,
                                      "enabled": true,
                                      "action": "flagged"
                                    }
                                    

Responses

HTTP 200
Name
Type
Description
id
string
required: true

Site-specific unique ID of the alert

tagName
string
required: true

The name of the tag whose occurrences the alert is watching.

longName
string
required: true

A human readable description of the alert. Must be between 3 and 25 characters.

type
string
required: true

Type of alert (siteAlert, template, rateLimit, siteMetric)

interval
integer
required: true

The number of minutes of past traffic to examine. Must be 1, 10 or 60.

threshold
integer
required: true

The number of occurrences of the tag in the interval needed to trigger the alert.

blockDurationSeconds
integer

The number of seconds this alert is active.

skipNotifications
boolean

A flag to disable external notifications - slack, webhooks, emails, etc.

enabled
boolean
required: true

A flag to toggle this alert.

action
string
required: true

A flag that describes what happens when the alert is triggered. 'info' creates an incident in the dashboard. 'flagged' creates an incident and blocks traffic for 24 hours.

fieldName
string
required: true
createdBy
string
required: true

The email of the user that created the alert

created
string
required: true

Created RFC3339 date time

operator
string
Response Example
{
                                      "id": "random-uuid-string",
                                      "siteId": "site-id-hex",
                                      "tagName": "custom-tag",
                                      "interval": 1,
                                      "threshold": 10,
                                      "enabled": true,
                                      "action": "flagged",
                                      "created": "2015-02-14T21:17:16Z"
                                    }
                                    

Delete alert

delete /corps/{corpName}/sites/{siteName}/alerts/{id}

Request

URI Parameters
Name
Type
Description
id
string
required: true

Responses

HTTP 204

Delete successful

Search requests

get /corps/{corpName}/sites/{siteName}/requests

Request

Query Parameters
Name
Type
Description
page
integer

The page of the results. Each page is limited to 1,000 requests, and a maximum of 10,000 requests in total will be returned.

limit
integer
default: 100
max: 1000

The number of entries to be returned per page

pretty
boolean

Pretty print the json output

q
string

Search query. See Search Syntax.

Responses

HTTP 200
Name
Type
Description
totalCount
integer

Total number of records matching the search

next
uri
string

Reference to the next page of data

data
request array
id
string

Unique ID of the request

timestamp
string
format: date-time

Timestamp RFC3339 date time

serverHostname
string

Server hostname

serverName
string

Server name

uri
string

URI

path
string

Path

userAgent
string

User agent of the request

remoteIP
string

Remote IP address

remoteHostname
string

Remote hostname

remoteCountryCode
string

Remote country code

method
string

HTTP method e.g. PUT

protocol
string