---
title: Workspaces
summary: Workspaces allows you to add, edit, and delete workspaces in your account.
url: https://www.fastly.com/documentation/reference/api/ngwaf/workspaces
---

Workspaces allows you to add, edit, and delete workspaces in your account.

## Data model

| Field | Type | Description |
|-------|------|-------------|
| `attack_signal_thresholds` | object | Attack threshold parameters for system site alerts. Each threshold value is the number of attack signals per IP address that must be detected during the interval before the related IP address is flagged. |
| `client_ip_headers` | array | Specifies the request headers containing the client IP address. |
| `default_blocking_response_code` | integer | The status code returned when a request is blocked. This configuration is applied at the workspace but can be overwritten in rules. Accepted values are [<code>301</code>, <code>302</code>, <code>400..599</code>]. |
| `default_redirect_url` | string | The redirect URL used if <code>default_blocking_response_code</code> is 301 or 302. |
| `description` | string | User-submitted description of a workspace. |
| `id` | string | A base62-encoded representation of a UUID used to uniquely identify a workspace. (Read-only) |
| `ip_anonymization` | string | Agents will anonymize IP addresses according to the option selected. |
| `mode` | string | User-configured mode of a workspace. |
| `name` | string | User-submitted display name of a workspace. |

## API endpoints

### List workspaces

**GET** `/ngwaf/v1/workspaces`

List all workspaces.

**Parameters:**

| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `limit` | integer | query | No | Limit how many results are returned. |
| `mode` | string | query | No | Filter results based on mode. |
| `page` | integer | query | No | Page number of the collection to request. |
| `workspace_id` | string | query | No | Filter results based on workspace ID. |

### Create a workspace

**POST** `/ngwaf/v1/workspaces`

Create a workspace.

### Get a workspace

**GET** `/ngwaf/v1/workspaces/{workspace_id}`

Retrieve a workspace.

**Parameters:**

| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `workspace_id` | string | path | Yes | The ID of the workspace. |

### Remove a workspace

**DELETE** `/ngwaf/v1/workspaces/{workspace_id}`

Delete a workspace.

**Parameters:**

| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `workspace_id` | string | path | Yes | The ID of the workspace. |

### Edit a workspace

**PATCH** `/ngwaf/v1/workspaces/{workspace_id}`

Make changes to a workspace.

**Parameters:**

| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `workspace_id` | string | path | Yes | The ID of the workspace. |

### Get top attacks for a workspace

**GET** `/ngwaf/v1/workspaces/{workspace_id}/top-attacks`

Retrieve data on top attacks for a workspace within a specified time range. This endpoint returns an aggregation of URLs that have been attacked, sorted by request count. This data can be used in custom dashboards with the top-attacks widget.

**Parameters:**

| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `field` | string | query | Yes | The field to aggregate top attacks by (e.g., server_name_and_path for URLs, remote_ip for IPs). |
| `from` | string | query | No | Represents the start of a time range and is the older of the two dates in RFC 3339 format. |
| `limit` | integer | query | No | Maximum number of top attacks to return. |
| `to` | string | query | No | Represents the end of a time range and is the newer of the two dates in RFC 3339 format. |
| `workspace_id` | string | path | Yes | The ID of the workspace. |