Use APIs to manage API Security
You can access the APIs to create, configure, and deploy an API Security.
Note:
To understand how to use API Security APIs to configure the feature, see the Nitro API documentation.
| Steps | Resource URL | ||
|---|---|---|---|
| 1 | Create an API Definition | https://adm.cloud.com/{customerid}/apisec/nitro/v1/config/apidefs |
|
| 2 | Add an API proxy | https://adm.cloud.com/apiproxies |
|
| 3 | Deploy an API instance using the API Proxy | https://adm.cloud.com/apiproxies/{customerid}/deployments |
|
| 4 | Add API policies | https://adm.cloud.com/{customerid}/apisec/nitro/v1/config/policies/{id} |
|
Each API policy has a different config_spec object. It is an opaque object that contains a JSON dictionary to configure a policytype with specific values.
In this object, you can select an API resource and its methods using the following options:
-
api-resource-paths- Specify the API resource paths and methods that are defined in an API definition.Example:
{ "endpoints": ["/pet", "/pet/findByStatus", "/pet/findByTags"], "get": true, "post": false, "put": false, "delete": false } <!--NeedCopy--> -
custom-rules- Specify the custom API resource paths and methods that might not exist in an API definition.Example:
{ "endpoints": ["/pet/categories", "/pet/findByName"], "get": true, "post": false, "put": false, "delete": false } <!--NeedCopy-->
With this configuration, the policy filters the incoming traffic requests that match the specified API resource paths.
For information about config_spec of each policy type, see API examples for policy types.
API examples for policy types
This section describes the supported API policy types and their configuration:
- Rate limit
- OAuth
- Basic authentication
- No authentication
- Bot
- WAF
- Header Rewrite
- URI Path Rewrite
- Authorization
- Deny
Rate limit
The following is an example configuration for the Ratelimit policy type. Specify the following configuration in the config_spec object:
{
"policytype": "Ratelimit",
"config_spec": {
"api-resource-paths": {
"endpoints": ["/pet", "/pet/findByStatus", "/pet/findByTags"],
"get": true,
"post": false,
"put": false,
"delete": false
},
"custom-rules": {},
"threshold": "10",
"timeslice": "20000",
"limittype": "BURSTY",
"api-respondertype": "DROP",
"header_name": "x-api-key",
"per_client_ip": true
},
"order_index": 1,
"policy_name": "ratelimit_policy"
}
<!--NeedCopy-->
For more information on each attribute, see Rate limit policy.
OAuth
The following is an example API configuration for the JWT Auth validation policy type. Specify the following configuration in the config_spec object:
{
"policytype": "JWT Auth Validation",
"config_spec": {
"api-resource-paths": {
"endpoints": ["/pet", "/pet/findByStatus", "/pet/findByTags"],
"get": true,
"post": true,
"put": false,
"delete": false
},
"custom-rules": {},
"jwks-uri": "https://uri.petstore.com",
"issuer": "https://issuer.petstore.com",
"audience": "petstore",
"introspect-uri": "https://introspect.uri.com",
"clientid": "client",
"clientsecret": "clientsecret",
"claims-to-save": ["scope", "scope2"],
"allowed-algorithms": {
"hs256": true,
"rs256": true,
"rs512": true
}
},
"order_index": 2,
"policy_name": "Jwt_auth_policy"
}
<!--NeedCopy-->
For more information on each attribute, see OAuth policy
Basic authentication
The following is an example API configuration for the BasicAuth policy type:
{
"config_spec": {
"api-resource-paths": {
"delete": false,
"endpoints": ["/pet", "/pet/findByStatus", "/pet/findByTags"],
"get": true,
"post": true,
"put": false
},
"custom-rules": {}
},
"order_index": 3,
"policy_name": "Auth_BaSIC",
"policytype": "BasicAuth"
}
<!--NeedCopy-->
For more information on each attribute, see Basic authentication policy.
No authentication
The following is an example API configuration for the NoAuth policy type:
{
"config_spec": {
"api-resource-paths": {
"delete": false,
"endpoints": ["/pet", "/pet/findByStatus", "/pet/findByTags"],
"get": true,
"post": false,
"put": false
},
"custom-rules": {}
},
"order_index": 4,
"policy_name": "no_auth_policy",
"policytype": "NoAuth"
}
<!--NeedCopy-->
Bot
The following is an example API configuration for the Bot policy type:
{
"config_spec": {
"api-resource-paths": {
"delete": false,
"endpoints": ["/pet", "/pet/findByStatus", "/pet/findByTags"],
"get": false,
"post": false,
"put": false
},
"bot-prof-name": "apisec_test_profile",
"custom-rules": {}
},
"order_index": 5,
"policy_name": "bot_policy",
"policytype": "Bot"
}
<!--NeedCopy-->
For more information on each attribute, see Bot policy.
WAF
The following is an example API configuration for the WAF policy type:
{
"config_spec": {
"api-resource-paths": {
"delete": false,
"endpoints": ["/pet", "/pet/findByStatus", "/pet/findByTags"],
"get": false,
"post": false,
"put": false
},
"waf-prof-name": "apisec_waf_profile",
"custom-rules": {}
},
"order_index": 6,
"policy_name": "waf_policy",
"policytype": "WAF"
}
<!--NeedCopy-->
For more information on each attribute, see WAF policy.
Header Rewrite
The following is an example API configuration for the Header Rewrite policy type, specify this configuration in the config_spec object:
{
"policytype": "Header Rewrite",
"config_spec": {
"api-resource-paths": {
"endpoints": ["/pet", "/pet/findByStatus", "/pet/findByTags"],
"get": true,
"post": true,
"put": false,
"delete": false
},
"custom-rules": {},
"rewrite-policy-header-field-name": "org",
"rewrite-policy-header-field-val": "Citrix",
"rewrite-policy-header-field-new-val": "Citrite"
},
"order_index": 7,
"policy_name": "header_rewrite_pol"
}
<!--NeedCopy-->
For more information about each attribute, see Header Rewrite policy.
URI Path Rewrite
The following is an example API configuration for the URI Path Rewrite policy type:
{
"config_spec": {
"api-resource-paths": {
"endpoints": ["/store/order", "/store/inventory"],
"delete": false,
"get": true,
"post": true,
"patch": false,
"put": false
},
"custom-rules": {
"delete": false,
"endpoints": [],
"get": false,
"post": false,
"patch": false,
"put": true
},
"path-rewrite-params": [
{
"insert-segment-position": "beginning",
"new-path-value": "v3",
"old-path-value": "v2",
"action-type": "replace path segment"
},
{
"insert-segment-position": "beginning",
"new-path-value": "begin",
"action-type": "insert path segment"
},
{
"insert-segment-position": "end",
"new-path-value": "end",
"action-type": "insert path segment"
},
{
"insert-segment-position": "before",
"new-path-value": "before",
"old-path-value": "store",
"action-type": "insert path segment"
},
{
"insert-segment-position": "after",
"new-path-value": "after",
"old-path-value": "store",
"action-type": "insert path segment"
}
]
},
"order_index": 24,
"policy_name": "eats_uripathrewrite",
"policytype": "URI Path Rewrite”
}
<!--NeedCopy-->
For more information about each attribute, see URI Path Rewrite policy.
Authorization
The following is an example API configuration for the Authorization policy type. Specify the following configuration in the config_spec object:
{
"policytype": "Authorization",
"config_spec": {
"api-resource-paths": {
"endpoints": ["/pet", "/pet/findByStatus", "/pet/findByTags"],
"get": true,
"post": true,
"put": false,
"delete": false
},
"custom-rules": {},
"claims": [{
"name": "scope",
"values": ["value1", "value2"]
}]
},
"order_index": 8,
"policy_name": "authorization"
}
<!--NeedCopy-->
For more information about each attribute, see Authorization policy.
Deny
The following is an example API configuration for the Deny policy type. Specify the following configuration in the config_spec object:
{
"policytype": "Deny",
"config_spec": {
"api-resource-paths": {
"endpoints": ["/pet", "/pet/findByStatus", "/pet/findByTags"],
"get": true,
"post": true,
"put": false,
"delete": false
},
"custom-rules": {},
"api-denytype": "RESPONDWITH"
},
"order_index": 9,
"policy_name": "deny_policy"
}
<!--NeedCopy-->
In api-denytype, you can specify one of the following values:
- RESPONDWITH
- RESET
For more information about each attribute, see Deny rule.