AnsweredAssumed Answered

API Definition for API Protection

Question asked by Hayato Fukuda on Apr 21, 2017
Latest reply on Jun 8, 2017 by B-3-XH9UGV

Hi all.

 

I'm trying to use API Protection which is new function for KSD 5.0, but I can not understand its input field and its function.

(I read KSD User Guide and blog https://community.akamai.com/docs/DOC-6995-kona-site-defender-api-protection, but I could not define my API)

 

If there is API on web site, and its endpoint is below.

URL: www[.]example[.]com/?rest_route=/wp/v2/pages/{id}

Method: GET ( deny other method )

 

Then, what's parameter should I define?

I'm testing parameter below, but it did not seem to work.

( Response POST method, and through invalid id. For example, www[.]example[.]com/?rest_route=/wp/v2/pages/foobar)

 

  • API Endpoint
  1. API Name: example api1
  2. Hostname: www[.]example[.]com
  3. Base Path: (empty)
  4. Category: example
  5. API Key Location: Header, Header Name: Authorization
  6. Allow request body constraints & resources defined below to be enforced as whitelists in Kona Site Defender Policy: NO

 

  • API Resource
  1. Resource Name:post
  2. Resource Path:/
  3. Method: GET(check)
  4. rest_route=/wp/v2/posts/
  5. Query String
  6. Number
  7. Range/Length
  8. No

Outcomes