Security

IMPORTANT: The Fastly Security API is only available to customers with access to the Next-Gen WAF product in the Fastly control panel. If you have access to the Next-Gen WAF control panel, check out the Next-Gen WAF API.

Security API allows you to manage workspaces, requests, events, redactions, tags, and rules.

Data model

actionstringValue can be 'flagged' (requests will be blocked), 'info' (requests will be logged), or 'template'. Required.
block_signalsarrayList of block signals.
countrystringCountry code. Required.
created_atstringCreated timestamp in RFC 3339 format. Required.
detected_atstringDetected timestamp in RFC 3339 format. Required.
expires_atstringTime at which the event expires. Required.
idstringUnique ID of the event. Required.
reasonsarrayList of signals and their counts. Required.
remote_hostnamestringRemote hostname. Required.
request_countintegerTotal number of requests. Required.
sample_requestobject
sourcestringSource information. Required.
user_agentsarrayUser agents. Required.
windowintegerTime window in seconds where the items were detected. Required.
agent_response_codeintegerAgent response code. Read-only.
methodstringHTTP method. Read-only.
pathstringRequest path. Read-only.
protocolstringHTTP protocol. Read-only.
remote_ipstringRemote IP address. Read-only.
request_headersarrayRequest headers. Read-only.
response_codeintegerHTTP response code. Read-only.
response_headersarrayResponse headers. Read-only.
response_sizeintegerHTTP response size. Read-only.
response_timeintegerResponse time in milliseconds. Read-only.
schemestringRequest scheme. Read-only.
server_hostnamestringServer hostname. Read-only.
server_namestringServer name. Read-only.
signalsarrayList of signals. Read-only.
tls_cipherstringTLS cipher. Read-only.
tls_protocolstringTLS protocol. Read-only.
uristringRequest URI. Read-only.
user_agentstringUser agent. Read-only.
attack_signal_thresholdsobjectAttack threshold parameters for system site alerts. Each threshold value is the number of attack signals per IP address that must be detected during the interval before the related IP address is flagged.
descriptionstringUser-submitted description of a workspace.
ip_anonymizationstringAgents will anonymize IP addresses according to the option selected.
modestringUser-configured mode of a workspace.
namestringUser-submitted display name of a workspace.
fieldstringThe name of the field that should be redacted.
typestringThe type of field that is being redacted. Required.
actionsarray
conditionsarray
enabledbooleanTurns a rule on and off. Defaults to false (off).
group_operatorstringConditions that must be matched when evaluating the request.
request_loggingstringAvailable only for request rules. Indicates whether to store the logs for requests that match the rule's conditions (sampled) or not store them (none).
signalstringThe signal name being excluded if rule type is signal and action is 'exclude_signal'.
updated_atstringDate the rule was last updated.
errorsarray
is_expiredbooleanIf it is true, the event should be set to expired. Required.
valuestringHeader value.
limitintegerThe limit value used when making the request.
totalintegerThe count of requests matching the filter.
detectorstringDetector that detected the signal. Read-only.
locationstringWhere the signal was detected. Read-only.
operatorstringIndicates whether the supplied conditions will check for existence or non-existence of matching field values. Refer to: https://docs.fastly.com/en/ngwaf/defining-rule-conditions#operators.

Endpoints

List workspaces

GET/security/workspaces

Create a workspace

POST/security/workspaces

Get a workspace

GET/security/workspaces/workspace_id

Remove a workspace

DELETE/security/workspaces/workspace_id

Edit a workspace

PATCH/security/workspaces/workspace_id

Search requests

GET/security/workspaces/workspace_id/requests

Retrieve request

GET/security/workspaces/workspace_id/requests/request_id

List events

GET/security/workspaces/workspace_id/events

Retrieve event

GET/security/workspaces/workspace_id/events/event_id

Expire event

PATCH/security/workspaces/workspace_id/events/event_id

List redactions

GET/security/workspaces/workspace_id/redactions

Create redaction

POST/security/workspaces/workspace_id/redactions

Retrieve redaction

GET/security/workspaces/workspace_id/redactions/redaction_id

Remove redaction

DELETE/security/workspaces/workspace_id/redactions/redaction_id

Edit redaction

PATCH/security/workspaces/workspace_id/redactions/redaction_id

List rules

GET/security/workspaces/workspace_id/rules

Create rule

POST/security/workspaces/workspace_id/rules

Retrieve rule

GET/security/workspaces/workspace_id/rules/rule_id

Remove a rule

DELETE/security/workspaces/workspace_id/rules/rule_id

Edit rule

PATCH/security/workspaces/workspace_id/rules/rule_id

List virtual patches

GET/security/workspaces/workspace_id/virtual-patches

Retreive virtual patch

GET/security/workspaces/workspace_id/virtual-patches/virtual_patch_id

Edit virtual patch

PATCH/security/workspaces/workspace_id/virtual-patches/virtual_patch_id

Retrieve timeseries metrics

GET/security/workspaces/workspace_id/timeseries