Edgio REST API (0.0.4)

Download OpenAPI specification:Download

Our REST-compliant web services facilitate the integration of our services into your workflow(s), applications, or interfaces.

Introduction

Key information about our REST API services:

Protocol: HTTPS

Communication (i.e., request-response) with our web services is only permitted through HTTPS. This ensures the privacy and integrity of your data.
Authentication/Authorization: Authorization Header

Authenticate and authorize your requests by generating a token and then passing it through the Authorization header:
```
Authorization: Bearer <OAUTH 2.0 TOKEN>
```
Get started.
Request-Response (Accept and Content-Type): JSON

We expect the request body to use JavaScript Object Notation (JSON) format. Inform our web servers that the expected format for the request-response will be JSON through the Accept and Content-Type request headers.
Programming Language: Agnostic

Our REST API services are designed to be programming language-agnostic. Feel free to use your preferred programming language (e.g., JavaScript, Python, C#, etc.).

Services: Our REST API consists of the following services:

Service	Version	Functionality
cache	0.1	Purge cached content and find out purge status.
config	0.1	Deploy CDN configurations, retrieve deployment information and log data, and manage environment variables.
accounts	0.1	Retrieve and manage organizations, properties, and environments.
waf	0.9	Retrieve and manage the following configurations: security apps, access rules, rate rules, custom rules, and managed rules.
bot-security	0.9	Retrieve and manage bot manager configurations.
api-security	0.9	Retrieve and manage API security configurations.

Each service is versioned independently. This allows us to apply major enhancements to a service without impacting other services.

Quick Start

Get started with our latest APIs by performing the following steps:

Create an API client for either your private space or the desired organization. Grant the set of scope(s) required by the endpoint(s) with which it will interact. Administer API clients from the Edgio Console's API Clients page.
Use this client's ID, secret key, and scopes to generate a temporary access token.
Authorize your API requests by passing the temporary access token generated in the previous step through the Authorization request header.

curl --request GET \
     --url https://edgioapis.com/waf/v0.9/12345678-1234-1234-1234-1234567890ab/scopes \
     --header 'Authorization: Bearer  A1bcbGciImtpZCI6Ij13N1VGQ01z...17cRRKYQ'

Scopes

A scope authorizes an API client to perform specific actions (e.g., create and retrieve configurations). One or more scope(s) must also be defined when requesting an access token. You may only specify a scope that has been explicitly granted or inherited from a broader scope. Common scopes are listed below.

Scope	Description
app.cache	Authorizes full access for purging cached content and retrieve purge status information.
app.config	Authorizes full access for deploying CDN configurations, retrieving deployment information and log data, and managing environment variables.
app.accounts	Authorizes full access to manage organizations, properties, and environments.
app.waf	Authorizes full access to security apps, access rules, rate rules, custom rules, and managed rules.
app.bot_security	Authorizes full access to Bot Manager.
app.api_security	Authorizes full access to API Security.

Access Tokens

Each request to a REST API service must be authorized by passing an access token to the Authorization request header. Access tokens provide temporary authorization (e.g., 1 minute) to our REST API service. Once an access token expires, it may no longer be used to authorize requests. Attempting to authorize a request with an expired token will result in a 401 Unauthenticated Access response.

Requesting an access token requires:

Submitting a POST request to the following URL:

https://id.edgio.app/connect/token
A Content-Type header set to application/x-www-form-urlencoded.
A request body set to:
```
client_id=<CLIENT ID>&client_secret=<SECRET>&grant_type=client_credentials&scope=<SCOPES>
```
- <CLIENT ID>: Represents the system-defined ID assigned to your REST API client.
- <SECRET>: Represents the secret assigned to your REST API client.
- <SCOPES>: Replace this term with one or more scopes. Use the plus symbol (+) to delimit each scope.

Sample access token request:

curl --request POST \
  --url https://id.edgio.app/connect/token \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data 'client_id=J23d...B2Cd&client_secret=Fdad...DF3v&grant_type=client_credentials&scope=app.waf'

Sample response:

{
    "access_token": "A1bcbGciImtpZCI6Ij13N1VGQ01z...17cRRKYQ",
    "expires_in": 300,
    "token_type": "Bearer",
    "scope": "app.waf"
}

Authorizing Requests

Pass an access token through the Authorization header when requesting the desired API operation.

Sample API request:

curl --request GET \
     --url https://edgioapis.com/waf/v0.9/12345678-1234-1234-1234-1234567890ab/scopes \
     --header 'Authorization: Bearer  A1bcbGciImtpZCI6Ij13N1VGQ01z...17cRRKYQ'

HTTP Methods

HTTP method is a critical component of a request to our REST API service as it determines the type of action being requested.

DELETE: Deletes a resource (e.g., custom rule or managed rule configuration).
GET: Retrieves all or a specific resource.
PATCH: Partially updates a resource (e.g., environment).
POST: Creates a resource (e.g., custom rule or managed rule configuration).
PUT: Updates a resource (e.g., custom rule or managed rule configuration).

Our REST API service may return a 405 Method Not Allowed response for requests submitted with an unsupported HTTP method.

Request URL

The base URL for our REST API follows this basic pattern:

https://edgioapis.com/<SERVICE>/<VERSION>/

<SERVICE>: Identifies the REST API web service (e.g., cache, waf, and bot-security) designed to manage requests for a specific set of resources.
<VERSION>: Identifies the version of the REST API service that will be called.

Sample Request URL:

https://edgioapis.com/cache/v0.1/purge-requests

Request Headers

Request headers provide information about your request to a REST API service. This information allows our server to authenticate your request and provides information that allows it to receive and translate the request body.

Key information:

The use of a Byte Order Mark (BOM) in a request to the REST API is not supported. Some user agents are configured to automatically include a BOM. Please either configure the user agent to exclude the BOM or use a different user agent.
Request header values are case-insensitive.

Request Header	Description
Authorization	Authorize requests through the `Authorization` request header. Learn more about authorization.
Accept	This header should indicate the format in which the response will be returned. If you pass this header, set it to: `application/json`.
Content-Type	This header should indicate the format of the request body. If you pass this header, set it to: `application/json`. You may omit this header when an endpoint does not have request properties.
Host	This header, which is set by the user agent, indicates the host name corresponding to the requested endpoint (i.e., edgioapis.com or id.edgio.app).
Content-Length	This header, which is set by the user agent, indicates the number of bytes contained in the request body.

Request Body

POST, PUT, and PATCH requests typically require request body properties that describe the action that will take place. These request body properties are case-sensitive.

Response Headers

Response headers provide information about the response to your request to the REST API service. A brief description is provided for the response headers that are returned by most endpoints. Standard HTTP response headers are typically returned along with these common response headers.

Response Header	Description
Cache-Control	Indicates the cache-control policy for the response body.
Content-Length	Indicates the number of bytes in the response body.
Content-Type	Indicates the format of the response body (e.g., `application/json; charset=utf-8`).
I_am	This header is reserved for internal use.
Date	Identifies the date and time (UTC) at which your request was processed.

Rate Limit

The rate limit for our APIs varies by service and HTTP method.

Service	HTTP Method	Rate Limit
cache	ALL	2,000 requests per 5 minutes
config	GET	2,000 requests per 5 minutes
config	POST, PUT, PATCH, and DELETE	600 requests per 5 minutes
accounts	GET	2,000 requests per 5 minutes
accounts	POST, PUT, PATCH, and DELETE	600 requests per 5 minutes
waf	ALL	300 requests per hour 1,000 requests per day
bot-security	ALL	300 requests per hour 1,000 requests per day
api-security	ALL	300 requests per hour 1,000 requests per day

Our API service returns a 429 Too Many Requests response when a client exceeds one of the above rate limits.

Purge

Purge cached content and retrieve information about previously submitted purge requests.

Get Purge Request

Retrieves information, including status, about a purge request.

Authorizations:

cacheScope

path Parameters

request_id

required

string

The purge request's system-defined ID. This ID is returned by the Purge Cache operation.

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://edgioapis.com/cache/v0.1/purge-requests/{request_id}',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

Content type

application/json

{"@type": "string",
"@id": "string",
"@links": { },
"id": "string",
"status": "string",
"created_at": "2019-08-24T14:15:22Z",
"completed_at": "2019-08-24T14:15:22Z",
"progress_percentage": 0
}

Purge Cache

Submits a request to purge cached content from a specific environment. Purging content invalidates the cached version of an asset from our edge servers. You may submit up to 50 concurrent purge requests. For the purpose of concurrency, each value defined within the values property is considered a separate purge request. Find out the current status of your purge request by passing the purge request ID, which is returned by the id property, to the Get Purge Request operation.

Authorizations:

cacheScope

Request Body schema: application/json
required

environment_id required	string An environment's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, navigate to the desired environment and then click Settings. It is listed under Environment ID.
purge_type required	string Enum: "all_entries" "path" "surrogate_key" `all_entries`: Purge all cached content. `path`: Purge one or more relative path(s) defined within the `values` property. `surrogate_key`: Purge one or more surrogate key(s) defined within the `values` property.
values	Array of strings Defines the set of content to be purged. The `purge_type` property's value determines what should be passed. `all_entries`: Omit this property or pass an empty array. `path`: Pass one or more relative path(s). This relative path starts directly after the hostname. Use an `*` to represent zero or more characters. `surrogate_key`: Pass one or more surrogate key(s) (aka cache tags).

Responses

Request samples

Payload
Node
JavaScript
curl
Python3

Content type

application/json

{"environment_id": "string",
"purge_type": "all_entries",
"values": ["string"
]
}

Response samples

Content type

application/json

{"@type": "string",
"@id": "string",
"@links": { },
"id": "string",
"status": "string",
"created_at": "2019-08-24T14:15:22Z",
"completed_at": "2019-08-24T14:15:22Z",
"progress_percentage": 0
}

CDN Configuration

Deploy or retrieve a CDN configuration.

Get CDN Configuration

Retrieve an environment's origin configurations, hostnames, rules, and experiments.

Use the Get Environment operation to retrieve the system-defined ID (@links.active_config.id) for an environment's active configuration

Authorizations:

configScope

path Parameters

config_id

required

string

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://edgioapis.com/config/v0.1/configs/{config_id}',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

Content type

application/json

{"@type": "string",
"@id": "string",
"@links": { },
"id": "string",
"origins": [{"name": "string",
"type": "customer_origin",
"hosts": [{"weight": 100,
"dns_max_ttl": 4294967295,
"dns_preference": "prefv4",
"max_hard_pool": 65535,
"dns_min_ttl": 4294967295,
"location": [{"port": 1,
"hostname": "string"
}
],
"max_pool": 65535,
"balancer": "carp",
"scheme": "http"
}
],
"balancer": "primary_failover",
"override_host_header": "string",
"shields": {"global": "string",
"apac": "string",
"emea": "string",
"us_west": "string",
"us_east": "string"
},
"pci_certified_shields": true,
"tls_verify": {"use_sni": true,
"sni_hint_and_strict_san_check": "string",
"allow_self_signed_certs": true,
"pinned_certs": ["stringstringstringstringstringstringstri"
]
}
}
],
"hostnames": [{"hostname": "string",
"default_origin_name": "string",
"report_code": 0,
"tls": {"npn": true,
"alpn": true,
"protocols": "string",
"use_sigalgs": true,
"sni": true,
"sni_strict": true,
"sni_host_match": true,
"client_renegotiation": true,
"options": "string",
"cipher_list": "string",
"named_curve": "string",
"oscp": true,
"pem": "string",
"ca": "string"
}
}
],
"rules": [{"if": [{ },
{ }
],
"comment": "string"
}
],
"experiments": ""
}

Deploy CDN Configuration

Deploys your configuration to a specific environment. This deployment overwrites any existing origin configurations, hostnames, rules, and experiments.

Authorizations:

configScope

Request Body schema: application/json
required

environment_id required	string An environment's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, navigate to the desired environment and then click Settings. It is listed under Environment ID.
required	Array of objects (properties-origins) [ 1 .. 100 ] items
required	Array of objects (properties-hostnames) non-empty
	Array of matches (object) or features (object) or Array of features (object) (properties-rules)
experiments	Array of strings List of experiments.
purge_cache_on_deploy	boolean Overwrite the default value, effectively allowing defining purge cache behaviour with each deployment.

Responses

Request samples

Payload
Node
JavaScript
curl
Python3

Content type

application/json

{"environment_id": "string",
"origins": [{"name": "string",
"type": "customer_origin",
"hosts": [{"weight": 100,
"dns_max_ttl": 4294967295,
"dns_preference": "prefv4",
"max_hard_pool": 65535,
"dns_min_ttl": 4294967295,
"location": [{"port": 1,
"hostname": "string"
}
],
"max_pool": 65535,
"balancer": "carp",
"scheme": "http"
}
],
"balancer": "primary_failover",
"override_host_header": "string",
"shields": {"global": "string",
"apac": "string",
"emea": "string",
"us_west": "string",
"us_east": "string"
},
"pci_certified_shields": true,
"tls_verify": {"use_sni": true,
"sni_hint_and_strict_san_check": "string",
"allow_self_signed_certs": true,
"pinned_certs": ["stringstringstringstringstringstringstri"
]
}
}
],
"hostnames": [{"hostname": "string",
"default_origin_name": "string",
"report_code": 0,
"tls": {"npn": true,
"alpn": true,
"protocols": "string",
"use_sigalgs": true,
"sni": true,
"sni_strict": true,
"sni_host_match": true,
"client_renegotiation": true,
"options": "string",
"cipher_list": "string",
"named_curve": "string",
"oscp": true,
"pem": "string",
"ca": "string"
}
}
],
"rules": [{"if": [{ },
{ }
],
"comment": "string"
}
],
"experiments": [{ }
],
"purge_cache_on_deploy": true
}

Response samples

Content type

application/json

{"@type": "string",
"@id": "string",
"@links": { },
"id": "string",
"origins": [{"name": "string",
"type": "customer_origin",
"hosts": [{"weight": 100,
"dns_max_ttl": 4294967295,
"dns_preference": "prefv4",
"max_hard_pool": 65535,
"dns_min_ttl": 4294967295,
"location": [{"port": 1,
"hostname": "string"
}
],
"max_pool": 65535,
"balancer": "carp",
"scheme": "http"
}
],
"balancer": "primary_failover",
"override_host_header": "string",
"shields": {"global": "string",
"apac": "string",
"emea": "string",
"us_west": "string",
"us_east": "string"
},
"pci_certified_shields": true,
"tls_verify": {"use_sni": true,
"sni_hint_and_strict_san_check": "string",
"allow_self_signed_certs": true,
"pinned_certs": ["stringstringstringstringstringstringstri"
]
}
}
],
"hostnames": [{"hostname": "string",
"default_origin_name": "string",
"report_code": 0,
"tls": {"npn": true,
"alpn": true,
"protocols": "string",
"use_sigalgs": true,
"sni": true,
"sni_strict": true,
"sni_host_match": true,
"client_renegotiation": true,
"options": "string",
"cipher_list": "string",
"named_curve": "string",
"oscp": true,
"pem": "string",
"ca": "string"
}
}
],
"rules": [{"if": [{ },
{ }
],
"comment": "string"
}
],
"experiments": ""
}

Environment Variables

Automate environment variable management.

Get Environment Variable

Returns an environment variable.

Authorizations:

configScope

path Parameters

environment_variable_id

required

string

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://edgioapis.com/config/v0.1/environment-variables/{environment_variable_id}',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

Content type

application/json

{"@type": "string",
"@id": "string",
"@links": { },
"id": "string",
"environment_id": "string",
"key": "string",
"value": "string",
"secret": true,
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
}

Delete Environment Variable

Deletes an environment variable.

Authorizations:

configScope

path Parameters

environment_variable_id

required

string

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'DELETE',
  url: 'https://edgioapis.com/config/v0.1/environment-variables/{environment_variable_id}',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

Content type

application/json

{"@type": "string",
"@id": "string",
"@links": { },
"id": "string",
"environment_id": "string",
"key": "string",
"value": "string",
"secret": true,
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
}

Get All Environment Variables

Returns all environment variables associated with an environment.

Authorizations:

configScope

query Parameters

page	integer <int32> Default: 0 0-based page number.
page_size	integer <int32> Default: 20 Number of results per page. Valid values are: 1 - 100. Default value: 20
key	string Find an environment variable by its name.
environment_id required	string An environment's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, navigate to the desired environment and then click Settings. It is listed under Environment ID.

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://edgioapis.com/config/v0.1/environment-variables',
  qs: {
    page: 'SOME_INTEGER_VALUE',
    page_size: 'SOME_INTEGER_VALUE',
    key: 'SOME_STRING_VALUE',
    environment_id: 'SOME_STRING_VALUE'
  },
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

Content type

application/json

{"@type": "string",
"@id": "string",
"@links": {"first": {"href": "string",
"description": "string",
"base_path": "string"
},
"next": {"href": "string",
"description": "string",
"base_path": "string"
},
"previous": {"href": "string",
"description": "string",
"base_path": "string"
},
"last": {"href": "string",
"description": "string",
"base_path": "string"
}
},
"total_items": 0,
"items": [{"@type": "string",
"@id": "string",
"@links": { },
"id": "string",
"environment_id": "string",
"key": "string",
"value": "string",
"secret": true,
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
}
]
}

Set Environment Variable

Creates or updates an environment variable.

Authorizations:

configScope

Request Body schema: application/json
required

environment_id required	string An environment's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, navigate to the desired environment and then click Settings. It is listed under Environment ID.
key required	string The environment variable's name.
value required	string The environment variable's value.
secret	boolean Determines whether the environment variable's value will be partially masked using asterisks.

Responses

Request samples

Payload
Node
JavaScript
curl
Python3

Content type

application/json

{"environment_id": "string",
"key": "string",
"value": "string",
"secret": true
}

Response samples

Content type

application/json

{"@type": "string",
"@id": "string",
"@links": { },
"id": "string",
"environment_id": "string",
"key": "string",
"value": "string",
"secret": true,
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
}

Deployment Info

Retrieve information and log data for a previous deployment.

Get Deployment Logs

Retrieve log data for a specific deployment.

Authorizations:

configScope

path Parameters

deployment_id

required

string

The deployment's system-defined ID. This ID is returned by the Deploy CDN Configuration operation's id property.

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://edgioapis.com/config/v0.1/deployments/{deployment_id}/logs',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

Content type

application/json

{"@type": "string",
"@id": "string",
"@links": { },
"logs": [{"message": "string",
"level": "string",
"timestamp": "2019-08-24T14:15:22Z"
}
]
}

Get Deployment

Retrieve information about a specific deployment.

Authorizations:

configScope

path Parameters

deployment_id

required

string

The deployment's system-defined ID. This ID is returned by the Deploy CDN Configuration operation's id property.

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://edgioapis.com/config/v0.1/deployments/{deployment_id}',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

Content type

application/json

{"@type": "string",
"@id": "string",
"@links": { },
"id": "string",
"status": "string",
"created_at": "2019-08-24T14:15:22Z",
"completed_at": "2019-08-24T14:15:22Z"
}

TLS Certificates

Automate TLS certificate management.

Get TLS Certificate

Returns a TLS certificate.

Authorizations:

configScope

path Parameters

cert_id

required

string

The TLS certificate's system-defined ID. Use the Get All Certificates operation to retrieve a list of TLS certificates and their system-defined IDs.

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://edgioapis.com/config/v0.1/tls-certs/{cert_id}',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

Content type

application/json

{"@type": "string",
"@id": "string",
"@links": { },
"id": "string",
"environment_id": "string",
"primary_cert": "string",
"intermediate_cert": "string",
"expiration": "2019-08-24T14:15:22Z",
"status": "string",
"generated": true,
"serial": "string",
"common_name": "string",
"alternative_names": ["string"
],
"activation_error": "string",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
}

Get All TLS Certificates

Returns all TLS certificates associated with an environment.

Authorizations:

configScope

query Parameters

page	integer <int32> Default: 0 0-based page number.
page_size	integer <int32> Default: 20 Number of results per page. Valid values are: 1 - 100. Default value: 20
environment_id required	string An environment's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, navigate to the desired environment and then click Settings. It is listed under Environment ID.

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://edgioapis.com/config/v0.1/tls-certs',
  qs: {
    page: 'SOME_INTEGER_VALUE',
    page_size: 'SOME_INTEGER_VALUE',
    environment_id: 'SOME_STRING_VALUE'
  },
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

Content type

application/json

{"@type": "string",
"@id": "string",
"@links": {"first": {"href": "string",
"description": "string",
"base_path": "string"
},
"next": {"href": "string",
"description": "string",
"base_path": "string"
},
"previous": {"href": "string",
"description": "string",
"base_path": "string"
},
"last": {"href": "string",
"description": "string",
"base_path": "string"
}
},
"total_items": 0,
"items": [{"@type": "string",
"@id": "string",
"@links": { },
"id": "string",
"environment_id": "string",
"primary_cert": "string",
"intermediate_cert": "string",
"expiration": "2019-08-24T14:15:22Z",
"status": "string",
"generated": true,
"serial": "string",
"common_name": "string",
"alternative_names": ["string"
],
"activation_error": "string",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
}
]
}

Upload TLS Certificate

Upload your TLS certificate to activate it within a specific environment.

Authorizations:

configScope

Request Body schema: application/json
required

environment_id required	string An environment's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, navigate to the desired environment and then click Settings. It is listed under Environment ID.
primary_cert required	string Your TLS certificate. We require this certificate to be issued by a Certificate Authority.
intermediate_cert required	string The intermediate certificates (IC) used by the CA, including the CA’s signing certificate.
private_key	string The private key that was generated with the CSR.

Responses

Request samples

Payload
Node
JavaScript
curl
Python3

Content type

application/json

{"environment_id": "string",
"primary_cert": "string",
"intermediate_cert": "string",
"private_key": "string"
}

Response samples

Content type

application/json

{"@type": "string",
"@id": "string",
"@links": { },
"id": "string",
"environment_id": "string",
"primary_cert": "string",
"intermediate_cert": "string",
"expiration": "2019-08-24T14:15:22Z",
"status": "string",
"generated": true,
"serial": "string",
"common_name": "string",
"alternative_names": ["string"
],
"activation_error": "string",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
}

Access Rules

An access rule identifies legitimate traffic and threats through access controls.

Learn more about access rules.

Add Access Rule

Creates an access rule that identifies threats through whitelists, accesslists, and blacklists.

Authorizations:

wafScope

path Parameters

organization_id

required

string

Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab).

From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.

Request Body schema: application/json
required

version	string Reserved for future use.
id	string The access rule's system-defined ID.
name	string The access rule's name.
customer_id	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
last_modified_date	string The date and time at which this configuration was last modified.
last_modified_by	string The Edgio Console user that last modified this access rule. This field does not reflect updates performed through the REST API.
	object (ACL Strings) Contains access controls for countries. Each country is identified by its country code.
	object (ACL Strings) Contains access controls for country subdivisions. Each country subdivision is identified by its ISO-3166-2 code.
	object (ACL Strings) Contains access controls for IPv4 and/or IPv6 addresses. Each IP address is defined through standard IPv4/IPv6 and CIDR notation.
	object (ACL Strings) Contains access controls for referrers. All referrers defined within a whitelist, accesslist, or blacklist are regular expressions.
	object (ACL Strings) Contains access controls for URL paths. This URL path starts directly after the hostname. All URL paths defined within a whitelist, accesslist, or blacklist are regular expressions.
	object (ACL Strings) Contains access controls for cookie names. All cookies defined within a whitelist, accesslist, or blacklist are regular expressions.
	object (ACL Strings) Contains access controls for user agents. All user agents defined within a whitelist, accesslist, or blacklist are regular expressions.
	object (ACL Strings) Requires Edgio Premier. Contains access controls for JA3 fingerprints.
	object (ACL ASNs) Contains access controls for autonomous system numbers (ASNs).
allow_anonymous_proxy	boolean Determines whether we will detect requests that use an anonymizer or anonymous proxy tool.
super_capacity	boolean Determines whether this access rule is restricted to 10,000 or 1,000 IP addresses or IP blocks. Edgio Premier and Standard customers are allowed to create up to 2 high-capacity access rules.
allowed_http_methods	Array of strings Identifies each allowed HTTP method (e.g., `GET`).
allowed_request_content_types	Array of strings Identifies each allowed media type (e.g., `application/json`).
disallowed_extensions	Array of strings A list of file extension(s) for which WAF will send an alert or block the request.
disallowed_headers	Array of strings A list of request header(s) for which WAF will send an alert or block the request.
max_file_size	integer <uint64> The maximum file size, in bytes, for a `POST` request body.
response_header_name	string The name of the response header that will be included with blocked requests.
team_config required	boolean This property must always be `true`. If passed in the request, set it to `true`.

Responses

Request samples

Payload
Node
JavaScript
curl
Python3

Content type

application/json

{"version": "string",
"id": "string",
"name": "string",
"customer_id": "string",
"last_modified_date": "string",
"last_modified_by": "string",
"country": {"accesslist": ["string"
],
"blacklist": ["string"
],
"whitelist": ["string"
]
},
"sd_iso": {"accesslist": ["string"
],
"blacklist": ["string"
],
"whitelist": ["string"
]
},
"ip": {"accesslist": ["string"
],
"blacklist": ["string"
],
"whitelist": ["string"
]
},
"referer": {"accesslist": ["string"
],
"blacklist": ["string"
],
"whitelist": ["string"
]
},
"url": {"accesslist": ["string"
],
"blacklist": ["string"
],
"whitelist": ["string"
]
},
"cookie": {"accesslist": ["string"
],
"blacklist": ["string"
],
"whitelist": ["string"
]
},
"user_agent": {"accesslist": ["string"
],
"blacklist": ["string"
],
"whitelist": ["string"
]
},
"ja3": {"accesslist": ["string"
],
"blacklist": ["string"
],
"whitelist": ["string"
]
},
"asn": {"accesslist": [0
],
"blacklist": [0
],
"whitelist": [0
]
},
"allow_anonymous_proxy": true,
"super_capacity": true,
"allowed_http_methods": ["string"
],
"allowed_request_content_types": ["string"
],
"disallowed_extensions": ["string"
],
"disallowed_headers": ["string"
],
"max_file_size": 0,
"response_header_name": "string",
"team_config": true
}

Response samples

200
429
500

Content type

application/json

{"id": "VzhYZAMT",
"status": "success",
"success": true
}

Get All Access Rules

Retrieves a list of access rules. An access rule identifies whether a request is a threat through whitelists, accesslists, and blacklists.

Authorizations:

wafScope

path Parameters

organization_id

required

string

Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab).

From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://edgioapis.com/waf/v0.9/{organization_id}/acls',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

200
404
429
500

Content type

application/json

[{"id": "fMKolMmb",
"name": "My First Access Rule",
"super_capacity": false,
"last_modified_date": "2023-08-16T19:00:05.443647Z"
},
{"id": "N2A2zH3K",
"name": "My Second Access Rule",
"super_capacity": false,
"last_modified_date": "2023-08-16T18:56:37.532190Z"
}
]

Get Access Rule

Retrieves an access rule that identifies threats through whitelists, accesslists, and blacklists.

Authorizations:

wafScope

path Parameters

organization_id required	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
acl_id required	string An access rule's system-defined ID. Use the Get All Access Rules operation to retrieve a list of access rules and their system-defined IDs.

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://edgioapis.com/waf/v0.9/{organization_id}/acls/{acl_id}',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

200
404
429
500

Content type

application/json

{"allow_anonymous_proxy": true,
"allowed_http_methods": ["GET",
"POST"
],
"allowed_request_content_types": ["application/json",
"application/x-amf",
"application/x-www-form-urlencoded",
"application/xml",
"multipart/form-data",
"text/html",
"text/plain",
"text/xml"
],
"asn": {"accesslist": [ ],
"blacklist": [ ],
"whitelist": [ ]
},
"cookie": {"accesslist": [ ],
"blacklist": [ ],
"whitelist": [ ]
},
"country": {"accesslist": [ ],
"blacklist": [ ],
"whitelist": [ ]
},
"customer_id": "12345678-1234-1234-1234-1234567890ab",
"disallowed_extensions": [".asa",
".asax",
".ascx",
".axd",
".backup",
".bak",
".bat",
".cdx",
".cer",
".cfg",
".cmd",
".conf",
".config",
".cs",
".csproj",
".csr",
".dat",
".db",
".dbf",
".dll",
".dos",
".exe",
".htr",
".htw",
".ida",
".idc",
".idq",
".inc",
".ini",
".key",
".licx",
".lnk",
".log",
".mdb",
".old",
".pass",
".pdb",
".pol",
".printer",
".pwd",
".resources",
".resx",
".sql",
".sys",
".vb",
".vbproj",
".vbs",
".vsdisco",
".webinfo",
".xsd",
".xsx"
],
"disallowed_headers": [ ],
"id": "6ZLms6Dh",
"ip": {"accesslist": [ ],
"blacklist": [ ],
"whitelist": [ ]
},
"last_modified_by": "jsernaque@edg.io via Edgio AppOps Console",
"last_modified_date": "2023-09-29T19:46:48.401989Z",
"max_file_size": 6291456,
"name": "My Access Rule",
"referer": {"accesslist": [ ],
"blacklist": [ ],
"whitelist": [ ]
},
"response_header_name": "",
"sd_iso": {"accesslist": [ ],
"blacklist": [ ],
"whitelist": [ ]
},
"super_capacity": false,
"team_config": true,
"url": {"accesslist": [ ],
"blacklist": [ ],
"whitelist": [ ]
},
"user_agent": {"accesslist": [ ],
"blacklist": [ ],
"whitelist": [ ]
},
"version": null
}

Update Access Rule

Updates an access rule that identifies threats through whitelists, accesslists, and blacklists.

Authorizations:

wafScope

path Parameters

organization_id required	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
acl_id required	string An access rule's system-defined ID. Use the Get All Access Rules operation to retrieve a list of access rules and their system-defined IDs.

Request Body schema: application/json
required

version	string Reserved for future use.
id	string The access rule's system-defined ID.
name	string The access rule's name.
customer_id	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
last_modified_date	string The date and time at which this configuration was last modified.
last_modified_by	string The Edgio Console user that last modified this access rule. This field does not reflect updates performed through the REST API.
	object (ACL Strings) Contains access controls for countries. Each country is identified by its country code.
	object (ACL Strings) Contains access controls for country subdivisions. Each country subdivision is identified by its ISO-3166-2 code.
	object (ACL Strings) Contains access controls for IPv4 and/or IPv6 addresses. Each IP address is defined through standard IPv4/IPv6 and CIDR notation.
	object (ACL Strings) Contains access controls for referrers. All referrers defined within a whitelist, accesslist, or blacklist are regular expressions.
	object (ACL Strings) Contains access controls for URL paths. This URL path starts directly after the hostname. All URL paths defined within a whitelist, accesslist, or blacklist are regular expressions.
	object (ACL Strings) Contains access controls for cookie names. All cookies defined within a whitelist, accesslist, or blacklist are regular expressions.
	object (ACL Strings) Contains access controls for user agents. All user agents defined within a whitelist, accesslist, or blacklist are regular expressions.
	object (ACL Strings) Requires Edgio Premier. Contains access controls for JA3 fingerprints.
	object (ACL ASNs) Contains access controls for autonomous system numbers (ASNs).
allow_anonymous_proxy	boolean Determines whether we will detect requests that use an anonymizer or anonymous proxy tool.
super_capacity	boolean Determines whether this access rule is restricted to 10,000 or 1,000 IP addresses or IP blocks. Edgio Premier and Standard customers are allowed to create up to 2 high-capacity access rules.
allowed_http_methods	Array of strings Identifies each allowed HTTP method (e.g., `GET`).
allowed_request_content_types	Array of strings Identifies each allowed media type (e.g., `application/json`).
disallowed_extensions	Array of strings A list of file extension(s) for which WAF will send an alert or block the request.
disallowed_headers	Array of strings A list of request header(s) for which WAF will send an alert or block the request.
max_file_size	integer <uint64> The maximum file size, in bytes, for a `POST` request body.
response_header_name	string The name of the response header that will be included with blocked requests.
team_config required	boolean This property must always be `true`. If passed in the request, set it to `true`.

Responses

Request samples

Payload
Node
JavaScript
curl
Python3

Content type

application/json

{"version": "string",
"id": "string",
"name": "string",
"customer_id": "string",
"last_modified_date": "string",
"last_modified_by": "string",
"country": {"accesslist": ["string"
],
"blacklist": ["string"
],
"whitelist": ["string"
]
},
"sd_iso": {"accesslist": ["string"
],
"blacklist": ["string"
],
"whitelist": ["string"
]
},
"ip": {"accesslist": ["string"
],
"blacklist": ["string"
],
"whitelist": ["string"
]
},
"referer": {"accesslist": ["string"
],
"blacklist": ["string"
],
"whitelist": ["string"
]
},
"url": {"accesslist": ["string"
],
"blacklist": ["string"
],
"whitelist": ["string"
]
},
"cookie": {"accesslist": ["string"
],
"blacklist": ["string"
],
"whitelist": ["string"
]
},
"user_agent": {"accesslist": ["string"
],
"blacklist": ["string"
],
"whitelist": ["string"
]
},
"ja3": {"accesslist": ["string"
],
"blacklist": ["string"
],
"whitelist": ["string"
]
},
"asn": {"accesslist": [0
],
"blacklist": [0
],
"whitelist": [0
]
},
"allow_anonymous_proxy": true,
"super_capacity": true,
"allowed_http_methods": ["string"
],
"allowed_request_content_types": ["string"
],
"disallowed_extensions": ["string"
],
"disallowed_headers": ["string"
],
"max_file_size": 0,
"response_header_name": "string",
"team_config": true
}

Response samples

200
404
429
500

Content type

application/json

{"id": "VzhYZAMT",
"status": "success",
"success": true
}

Delete Access Rule

Deletes an access rule.

Authorizations:

wafScope

path Parameters

organization_id required	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
acl_id required	string An access rule's system-defined ID. Use the Get All Access Rules operation to retrieve a list of access rules and their system-defined IDs.

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'DELETE',
  url: 'https://edgioapis.com/waf/v0.9/{organization_id}/acls/{acl_id}',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

200
404
429
500

Content type

application/json

{"id": "VzhYZAMT",
"status": "success",
"success": true
}

API Security Ruleset

An API Security ruleset contains one or more API Security rule(s). Each of these rules identifies an API schema and the conditions under which it will be enforced.

By default, Edgio validates all POST, PUT, and PATCH requests that satisfy your security app’s hostname and URL path requirements. If your website uses those HTTP methods for non-API requests, then it is strongly recommended to define one or more URL path(s) within your API Security rule.

Learn more about API Security rules.

Add API Security Ruleset

Creates an API Security ruleset.

Authorizations:

api_securityScope

path Parameters

organization_id

required

string

Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab).

From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.

Request Body schema: application/json
required

id	string The API Security ruleset's system-defined ID.
name	string The API Security ruleset's name.
customer_id	string An internal system-defined ID.
last_modified_date	string The date and time at which this configuration was last modified.
last_modified_by	string The Edgio Console user that last modified this access rule. This field does not reflect updates performed through the REST API.
team_config required	boolean This property must always be `true`. If passed in the request, set it to `true`.
	Array of objects (API Rule Object) Contains one or more rule(s) that identify a set of requests and a JSON schema through which Edgio will screen that traffic.

Responses

Request samples

Payload
Node
JavaScript
curl
Python3

Content type

application/json

{"id": "string",
"name": "string",
"customer_id": "string",
"last_modified_date": "string",
"last_modified_by": "string",
"team_config": true,
"rules": [{"name": "string",
"id": "string",
"methods": ["string"
],
"path": {"type": "RX",
"value": "string",
"is_negated": true
},
"schema_id": "string"
}
]
}

Response samples

200
429
500

Content type

application/json

{"id": "VzhYZAMT",
"status": "success",
"success": true
}

Get All API Security Rulesets

Retrieves a list of API Security rulesets.

Authorizations:

api_securityScope

path Parameters

organization_id

required

string

Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab).

From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://edgioapis.com/api-security/v0.9/{organization_id}/api-gateways',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

200
404
429
500

Content type

application/json

[{"id": "TGnXjOIc",
"name": "My API Security Ruleset",
"last_modified_date": "2023-09-29T23:31:39.402145Z"
}
]

Get API Security Ruleset

Retrieves an API Security ruleset.

Authorizations:

api_securityScope

path Parameters

organization_id required	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
api_gateway_id required	string An API Security Ruleset's system-defined ID. Use the Get All API Security Rulesets operation to retrieve a list of API Security Rulesets and their system-defined IDs.

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://edgioapis.com/api-security/v0.9/{organization_id}/api-gateways/{api_gateway_id}',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

200
404
429
500

Content type

application/json

{"customer_id": "12345678-1234-1234-1234-1234567890ab",
"id": "VzhYZAMT",
"last_modified_by": "jsmith@example.com via Edgio AppOps Console",
"last_modified_date": "2023-09-29T23:34:42.193976Z",
"name": "My API Security Ruleset",
"rules": [{"id": "uDS9SUgt",
"methods": ["PUT",
"POST"
],
"name": "API Security Rule 1",
"path": {"type": "GLOB",
"value": "*"
},
"schema_id": "OTZ3opxX"
}
],
"team_config": true
}

Update API Security Ruleset

Updates an API Security ruleset.

Authorizations:

api_securityScope

path Parameters

organization_id required	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
api_gateway_id required	string An API Security Ruleset's system-defined ID. Use the Get All API Security Rulesets operation to retrieve a list of API Security Rulesets and their system-defined IDs.

Request Body schema: application/json
required

id	string The API Security ruleset's system-defined ID.
name	string The API Security ruleset's name.
customer_id	string An internal system-defined ID.
last_modified_date	string The date and time at which this configuration was last modified.
last_modified_by	string The Edgio Console user that last modified this access rule. This field does not reflect updates performed through the REST API.
team_config required	boolean This property must always be `true`. If passed in the request, set it to `true`.
	Array of objects (API Rule Object) Contains one or more rule(s) that identify a set of requests and a JSON schema through which Edgio will screen that traffic.

Responses

Request samples

Payload
Node
JavaScript
curl
Python3

Content type

application/json

{"id": "string",
"name": "string",
"customer_id": "string",
"last_modified_date": "string",
"last_modified_by": "string",
"team_config": true,
"rules": [{"name": "string",
"id": "string",
"methods": ["string"
],
"path": {"type": "RX",
"value": "string",
"is_negated": true
},
"schema_id": "string"
}
]
}

Response samples

200
404
429
500

Content type

application/json

{"id": "VzhYZAMT",
"status": "success",
"success": true
}

Delete API Security Ruleset

Deletes an API Security ruleset.

Authorizations:

api_securityScope

path Parameters

organization_id required	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
api_gateway_id required	string An API Security Ruleset's system-defined ID. Use the Get All API Security Rulesets operation to retrieve a list of API Security Rulesets and their system-defined IDs.

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'DELETE',
  url: 'https://edgioapis.com/api-security/v0.9/{organization_id}/api-gateways/{api_gateway_id}',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

200
404
429
500

Content type

application/json

{"id": "VzhYZAMT",
"status": "success",
"success": true
}

Get API Security Ruleset's API Schemas

Retrieves a list of API schemas associated with an API Security ruleset.

Authorizations:

api_securityScope

path Parameters

organization_id required	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
api_gateway_id required	string An API Security Ruleset's system-defined ID. Use the Get All API Security Rulesets operation to retrieve a list of API Security Rulesets and their system-defined IDs.

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://edgioapis.com/api-security/v0.9/{organization_id}/api-gateways/{api_gateway_id}/schemas',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

200
404
429
500

Content type

application/json

[{"name": "Access Rules",
"schema": {"type": "object",
"properties": {"customer_id": {"type": "string"
},
"directive": {"type": "array",
"items": {"type": "object",
"properties": {"sec_rule": {"type": "object",
"properties": {"action": {"type": "object",
"properties": {"id": {"type": "string"
},
"msg": {"type": "string"
},
"t": {"type": "array",
"items": {"type": "string"
}
}
}
},
"chained_rule": {"type": "array"
},
"id": {"type": "string"
},
"name": {"type": "string"
},
"operator": {"type": "object",
"properties": {"is_negated": {"type": "boolean"
},
"is_regex": {"type": "boolean"
},
"type": {"type": "string"
},
"value": {"type": "string"
}
}
},
"variable": {"type": "array",
"items": {"type": "object",
"properties": {"is_count": {"type": "boolean"
},
"match": {"type": "array",
"items": {"type": "object",
"properties": {"is_negated": {"type": "boolean"
},
"is_regex": {"type": "boolean"
},
"value": {"type": "string"
}
}
}
},
"type": {"type": "string"
}
}
}
}
}
}
}
}
},
"id": {"type": "string"
},
"name": {"type": "string"
},
"team_config": {"type": "boolean"
}
}
},
"api_gw_id": "TGnXjOIc",
"team_config": true,
"last_modified_by": "jsmith@example.com via Edgio AppOps Console",
"customer_id": "12345678-1234-1234-1234-1234567890ab",
"last_modified_date": "2023-09-29T23:31:41.193941Z",
"id": "OTZ3opxX"
}
]

API Schemas

An API schema is a JSON schema that describes the structure for a valid API payload.

Learn more about supported JSON schema syntax.

Add API Schema

Creates an API schema. An API schema contains a JSON schema (draft 4) that may be used to screen API requests.

View key configuration information.

Authorizations:

api_securityScope

path Parameters

organization_id

required

string

Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab).

From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.

Request Body schema: application/json
required

id	string The API schema’s system-defined ID.
api_gw_id	string The API Security ruleset's system-defined ID.
customer_id	string An internal system-defined ID.
last_modified_date	string The date and time at which this configuration was last modified.

Responses

Request samples

Payload
Node
JavaScript
curl
Python3

Content type

application/json

{"id": "string",
"api_gw_id": "string",
"customer_id": "string",
"last_modified_date": "string"
}

Response samples

200
429
500

Content type

application/json

{"id": "VzhYZAMT",
"status": "success",
"success": true
}

Get All API Schemas

Retrieves a list of API schemas.

Authorizations:

api_securityScope

path Parameters

organization_id

required

string

Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab).

From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://edgioapis.com/api-security/v0.9/{organization_id}/api-schemas',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

200
404
429
500

Content type

application/json

[{"id": "e3mpHQY5",
"name": "sample_api_schema_config",
"last_modified_date": "2023-09-29T23:31:41.193941Z"
}
]

Get API Schema

Retrieves an API schema. An API schema contains a JSON schema (draft 4) that may be used to screen API requests.

Authorizations:

api_securityScope

path Parameters

organization_id required	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
api_schema_id required	string An API schema's system-defined ID. Use the Get All API Schemas operation to retrieve a list of API schemas and their system-defined IDs.

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://edgioapis.com/api-security/v0.9/{organization_id}/api-schemas/{api_schema_id}',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

200
404
429
500

Content type

application/json

{"api_gw_id": "VzhYZAMT",
"customer_id": "12345678-1234-1234-1234-1234567890ab",
"id": "OTZ3opxX",
"last_modified_by": "jsmith@example.com via Edgio AppOps Console",
"last_modified_date": "2023-09-29T23:31:41.193941Z",
"name": "Access Rules",
"schema": {"properties": {"customer_id": {"type": "string"
},
"directive": {"items": {"properties": {"sec_rule": {"properties": {"action": {"properties": {"id": {"type": "string"
},
"msg": {"type": "string"
},
"t": {"items": {"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"chained_rule": {"type": "array"
},
"id": {"type": "string"
},
"name": {"type": "string"
}
},
"type": "object"
}
},
"type": "object"
},
"type": "array"
},
"id": {"type": "string"
},
"name": {"type": "string"
},
"team_config": {"type": "boolean"
}
},
"type": "object"
},
"team_config": true
}

Update API Schema

Updates an API schema. An API schema contains a JSON schema (draft 4) that may be used to screen API requests.

View key configuration information.

Authorizations:

api_securityScope

path Parameters

organization_id required	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
api_schema_id required	string An API schema's system-defined ID. Use the Get All API Schemas operation to retrieve a list of API schemas and their system-defined IDs.

Request Body schema: application/json
required

id	string The API schema’s system-defined ID.
api_gw_id	string The API Security ruleset's system-defined ID.
customer_id	string An internal system-defined ID.
last_modified_date	string The date and time at which this configuration was last modified.

Responses

Request samples

Payload
Node
JavaScript
curl
Python3

Content type

application/json

{"id": "string",
"api_gw_id": "string",
"customer_id": "string",
"last_modified_date": "string"
}

Response samples

200
404
429
500

Content type

application/json

{"id": "VzhYZAMT",
"status": "success",
"success": true
}

Delete API Schema

Deletes an API schema.

Authorizations:

api_securityScope

path Parameters

organization_id required	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
api_schema_id required	string An API schema's system-defined ID. Use the Get All API Schemas operation to retrieve a list of API schemas and their system-defined IDs.

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'DELETE',
  url: 'https://edgioapis.com/api-security/v0.9/{organization_id}/api-schemas/{api_schema_id}',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

200
404
429
500

Content type

application/json

{"id": "VzhYZAMT",
"status": "success",
"success": true
}

Rate Rules

A rate rule restricts the flow of site traffic.

Learn more about rate rules.

Add Rate Rule

Creates a rate rule that determines the maximum number of requests that will be allowed within a given time period.

Authorizations:

wafScope

path Parameters

organization_id

required

string

Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab).

From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.

Request Body schema: application/json
required

version	integer <uint32> Reserved for future use.
id	string The rate rule's system-defined ID.
name	string The rate rule's name.
customer_id	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
last_modified_date	string The date and time at which this configuration was last modified.
last_modified_by	string The Edgio Console user that last modified this access rule. This field does not reflect updates performed through the REST API.
disabled	boolean Indicates whether this rate rule will be enforced. Valid values are: true: Disabled. This rate limit will not be applied to traffic. false:** Enabled. Traffic is restricted to this rate limit.
duration_sec	integer <uint32> Enum: 1 5 10 30 60 120 300 The length, in seconds, of the rolling window that tracks the number of requests eligible for rate limiting. The `num` property determines the maximum number of requests for this time period.
num	integer <uint32> The number of requests that will trigger rate limiting.
keys	Array of strings Items Enum: "IP" "USER_AGENT" The method by which requests will be grouped for the purposes of this rate rule. Valid values are: Missing / Empty Array: If the keys property is not defined or set to an empty array, all requests will be treated as a single group for the purpose of rate limiting. IP: Indicates that requests will be grouped by IP address. Each unique IP address is considered a separate group. USER_AGENT: Indicates that requests will be grouped by a client's user agent. Each unique combination of IP address and user agent is considered a separate group.
	Array of objects (ConditionGroup) Contains the set of condition groups associated with a rule.
team_config required	boolean This property must always be `true`. If passed in the request, set it to `true`.

Responses

Request samples

Payload
Node
JavaScript
curl
Python3

Content type

application/json

{"version": 0,
"id": "string",
"name": "string",
"customer_id": "string",
"last_modified_date": "string",
"last_modified_by": "string",
"disabled": true,
"duration_sec": 1,
"num": 0,
"keys": ["IP"
],
"condition_groups": [{"id": "string",
"name": "string",
"conditions": [{"target": {"type": "FILE_EXT",
"value": "string"
},
"op": {"type": "RX",
"value": "string",
"is_regex": true,
"values": ["string"
],
"is_negated": true,
"is_case_insensitive": true
}
}
]
}
],
"team_config": true
}

Response samples

200
400
403
429
500

Content type

application/json

{"id": "VzhYZAMT",
"status": "success",
"success": true
}

Get All Rate Rules

Retrieves a list of rate rules. A rate rule determines the maximum number of requests that will be allowed within a given time period.

Authorizations:

wafScope

path Parameters

organization_id

required

string

Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab).

From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://edgioapis.com/waf/v0.9/{organization_id}/limits',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

200
404
500

Content type

application/json

[{"id": "VzhYZAMT",
"name": "My Rate Rule",
"last_modified_date": "2023-09-28T00:16:18.589777Z"
},
{"id": "F60gu16u",
"name": "CC Transactions",
"last_modified_date": "2023-09-27T00:16:12.389364Z"
}
]

Get Rate Rule

Retrieves a rate rule. A rate rule determines the maximum number of requests that will be allowed within a given time period.

Authorizations:

wafScope

path Parameters

organization_id required	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
limit_id required	string A rate rule's system-defined ID. Use the Get All Rate Rules operation to retrieve a list of rate rules and their system-defined IDs.

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://edgioapis.com/waf/v0.9/{organization_id}/limits/{limit_id}',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

200
404
500

Content type

application/json

{"condition_groups": [{"conditions": [{"op": {"is_negated": true,
"type": "EM",
"values": ["US",
"CA",
"MX"
]
},
"target": {"type": "GEO"
}
}
],
"id": "VzhYZAMT",
"name": "Negative Country Match"
}
],
"customer_id": "12345678-1234-1234-1234-1234567890ab",
"disabled": false,
"duration_sec": 60,
"id": "F60gu16u",
"keys": ["IP"
],
"last_modified_by": "jsmith@example.com via Edgio AppOps Console",
"last_modified_date": "2023-09-28T00:16:18.589777Z",
"name": "My Rate Rule",
"num": 200,
"team_config": true
}

Update Rate Rule

Updates a rate rule that determines the maximum number of requests that will be allowed within a given time period.

path Parameters

organization_id required	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
limit_id required	string A rate rule's system-defined ID. Use the Get All Rate Rules operation to retrieve a list of rate rules and their system-defined IDs.

Request Body schema: application/json
required

version	integer <uint32> Reserved for future use.
id	string The rate rule's system-defined ID.
name	string The rate rule's name.
customer_id	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
last_modified_date	string The date and time at which this configuration was last modified.
last_modified_by	string The Edgio Console user that last modified this access rule. This field does not reflect updates performed through the REST API.
disabled	boolean Indicates whether this rate rule will be enforced. Valid values are: true: Disabled. This rate limit will not be applied to traffic. false:** Enabled. Traffic is restricted to this rate limit.
duration_sec	integer <uint32> Enum: 1 5 10 30 60 120 300 The length, in seconds, of the rolling window that tracks the number of requests eligible for rate limiting. The `num` property determines the maximum number of requests for this time period.
num	integer <uint32> The number of requests that will trigger rate limiting.
keys	Array of strings Items Enum: "IP" "USER_AGENT" The method by which requests will be grouped for the purposes of this rate rule. Valid values are: Missing / Empty Array: If the keys property is not defined or set to an empty array, all requests will be treated as a single group for the purpose of rate limiting. IP: Indicates that requests will be grouped by IP address. Each unique IP address is considered a separate group. USER_AGENT: Indicates that requests will be grouped by a client's user agent. Each unique combination of IP address and user agent is considered a separate group.
	Array of objects (ConditionGroup) Contains the set of condition groups associated with a rule.
team_config required	boolean This property must always be `true`. If passed in the request, set it to `true`.

Responses

Request samples

Payload
Node
JavaScript
curl
Python3

Content type

application/json

{"version": 0,
"id": "string",
"name": "string",
"customer_id": "string",
"last_modified_date": "string",
"last_modified_by": "string",
"disabled": true,
"duration_sec": 1,
"num": 0,
"keys": ["IP"
],
"condition_groups": [{"id": "string",
"name": "string",
"conditions": [{"target": {"type": "FILE_EXT",
"value": "string"
},
"op": {"type": "RX",
"value": "string",
"is_regex": true,
"values": ["string"
],
"is_negated": true,
"is_case_insensitive": true
}
}
]
}
],
"team_config": true
}

Response samples

200
400
404
429
500

Content type

application/json

{"id": "VzhYZAMT",
"status": "success",
"success": true
}

Delete Rate Rule

Deletes a rate rule.

path Parameters

organization_id required	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
limit_id required	string A rate rule's system-defined ID. Use the Get All Rate Rules operation to retrieve a list of rate rules and their system-defined IDs.

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'DELETE',
  url: 'https://edgioapis.com/waf/v0.9/{organization_id}/limits/{limit_id}'
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

200
400
404
429
500

Content type

application/json

{"id": "VzhYZAMT",
"status": "success",
"success": true
}

Bot Manager Configuration

A bot manager configuration:

Identifies a bot ruleset.
The enforcement action that will be applied to traffic identified as a bot.
Determines whether known bots will be automatically detected and the enforcement action that will be applied to that traffic.
Traffic that will be exempt from bot detection.

Learn more about bot manager.

Add Bot Manager Configuration

Creates a bot manager configuration.

Authorizations:

bot_securityScope

path Parameters

organization_id

required

string

Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab).

From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.

Request Body schema: application/json
required

	object (Actions) Contains an object for each enforcement action associated with this bot manager configuration.
bots_prod_id	string The system-defined ID for the bot ruleset that will be applied to production traffic when this bot manager configuration is applied to a Security App. Use the Get All Bot Rulesets operation to retrieve a list of bot rulesets and their system-defined IDs.
exception_cookie	Array of strings Identifies traffic that will be exempt from bot detection by cookie. Cookie syntax: `<COOKIE NAME>:<COOKIE VALUE>`. Edgio treats the cookie’s value as a regular expression.
exception_ja3	Array of strings Identifies traffic that will be exempt from bot detection by JA3 fingerprint. A JA3 fingerprint identifies a client using key characteristics from a TLS request.
exception_url	Array of strings A regular expression that identifies traffic that will be exempt from bot detection by URL.
exception_user_agent	Array of strings A regular expression that identifies traffic that will be exempt from bot detection by user agent.
inspect_known_bots	boolean Determines whether Edgio will automatically detect the known bots defined within the `known_bots` array.
	Array of objects (Known Bot Object) Contains the set of known bots that Edgio may automatically detect and the enforcement action that may be applied to them.
customer_id	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
last_modified_date	string The date and time at which this configuration was last modified.
last_modified_by	string The Edgio Console user that last modified this access rule. This field does not reflect updates performed through the REST API.
name	string The bot manager configuration's name.
spoof_bot_action_type	string Enum: "ALERT" "BLOCK_REQUEST" "CUSTOM_RESPONSE" "BROWSER_CHALLENGE" "REDIRECT_302" "RECAPTCHA" The enforcement action that will be applied to traffic spoofing a known bot defined within the `known_bots` array. Learn more about enforcement actions.
team_config required	boolean This property must always be `true`. If passed in the request, set it to `true`.

Responses

Request samples

Payload
Node
JavaScript
curl
Python3

Content type

application/json

{"actions": {"ALERT": {"id": "string",
"name": "string",
"enf_type": "ALERT"
},
"CUSTOM_RESPONSE": {"id": "string",
"name": "string",
"enf_type": "CUSTOM_RESPONSE",
"response_body_base64": "string",
"status": 0,
"response_headers": {"property1": "string",
"property2": "string"
}
},
"BLOCK_REQUEST": {"id": "string",
"name": "string",
"enf_type": "BLOCK_REQUEST"
},
"REDIRECT_302": {"id": "string",
"name": "string",
"enf_type": "REDIRECT_302",
"url": "string"
},
"BROWSER_CHALLENGE": {"id": "string",
"name": "string",
"enf_type": "BROWSER_CHALLENGE",
"is_custom_challenge": true,
"response_body_base64": "string",
"valid_for_sec": 0,
"status": 0
},
"RECAPTCHA": {"id": "string",
"name": "string",
"enf_type": "RECAPTCHA",
"valid_for_sec": 0,
"status": 0,
"failed_action_type": "ALERT"
}
},
"bots_prod_id": "string",
"exception_cookie": ["string"
],
"exception_ja3": ["string"
],
"exception_url": ["string"
],
"exception_user_agent": ["string"
],
"inspect_known_bots": true,
"known_bots": [{"action_type": "ALERT",
"bot_token": "string"
}
],
"customer_id": "string",
"last_modified_date": "string",
"last_modified_by": "string",
"name": "string",
"spoof_bot_action_type": "ALERT",
"team_config": true
}

Response samples

200
429
500

Content type

application/json

{"id": "VzhYZAMT",
"status": "success",
"success": true
}

Get All Bot Manager Configurations

Retrieves a list of bot manager configurations. A bot manager configuration can detect and mitigate undesired bot traffic.

Authorizations:

bot_securityScope

path Parameters

organization_id

required

string

Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab).

From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://edgioapis.com/bot-security/v0.9/{organization_id}/bot-managers',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

200
404
429
500

Content type

application/json

[{"id": "e3mpHQY5",
"name": "my_bot_manager_configuration",
"last_modified_date": "2023-09-29T23:31:39.402145Z"
}
]

Get Bot Manager Configuration

Retrieves a bot manager configuration.

Authorizations:

bot_securityScope

path Parameters

organization_id required	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
bot_manager_id required	string A bot manager configuration's system-defined ID. Use the Get All Bot Managers operation to retrieve a list of bot manager configurations and their system-defined IDs.

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://edgioapis.com/bot-security/v0.9/{organization_id}/bot-managers/{bot_manager_id}',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

200
404
429
500

Content type

application/json

{"actions": {"ALERT": {"enf_type": "ALERT",
"id": "HJMoufdM",
"name": "known_bot action"
},
"BLOCK_REQUEST": {"enf_type": "BLOCK_REQUEST",
"id": "1cwCQpgv",
"name": "known_bot action"
},
"BROWSER_CHALLENGE": {"enf_type": "BROWSER_CHALLENGE",
"id": "lpqOMXaF",
"name": "known_bot action",
"status": 200,
"valid_for_sec": 200
}
},
"customer_id": "12345678-1234-1234-1234-1234567890ab",
"id": "e34YwKtg",
"inspect_known_bots": true,
"known_bots": [ ],
"last_modified_date": "2023-10-13T23:29:34.170006Z",
"name": "bot-manager-configuration-1",
"spoof_bot_action_type": "ALERT",
"team_config": true
}

Update Bot Manager Configuration

Updates a bot manager configuration.

Authorizations:

bot_securityScope

path Parameters

organization_id required	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
bot_manager_id required	string A bot manager configuration's system-defined ID. Use the Get All Bot Managers operation to retrieve a list of bot manager configurations and their system-defined IDs.

Request Body schema: application/json
required

	object (Actions) Contains an object for each enforcement action associated with this bot manager configuration.
bots_prod_id	string The system-defined ID for the bot ruleset that will be applied to production traffic when this bot manager configuration is applied to a Security App. Use the Get All Bot Rulesets operation to retrieve a list of bot rulesets and their system-defined IDs.
exception_cookie	Array of strings Identifies traffic that will be exempt from bot detection by cookie. Cookie syntax: `<COOKIE NAME>:<COOKIE VALUE>`. Edgio treats the cookie’s value as a regular expression.
exception_ja3	Array of strings Identifies traffic that will be exempt from bot detection by JA3 fingerprint. A JA3 fingerprint identifies a client using key characteristics from a TLS request.
exception_url	Array of strings A regular expression that identifies traffic that will be exempt from bot detection by URL.
exception_user_agent	Array of strings A regular expression that identifies traffic that will be exempt from bot detection by user agent.
inspect_known_bots	boolean Determines whether Edgio will automatically detect the known bots defined within the `known_bots` array.
	Array of objects (Known Bot Object) Contains the set of known bots that Edgio may automatically detect and the enforcement action that may be applied to them.
customer_id	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
last_modified_date	string The date and time at which this configuration was last modified.
last_modified_by	string The Edgio Console user that last modified this access rule. This field does not reflect updates performed through the REST API.
name	string The bot manager configuration's name.
spoof_bot_action_type	string Enum: "ALERT" "BLOCK_REQUEST" "CUSTOM_RESPONSE" "BROWSER_CHALLENGE" "REDIRECT_302" "RECAPTCHA" The enforcement action that will be applied to traffic spoofing a known bot defined within the `known_bots` array. Learn more about enforcement actions.
team_config required	boolean This property must always be `true`. If passed in the request, set it to `true`.

Responses

Request samples

Payload
Node
JavaScript
curl
Python3

Content type

application/json

{"actions": {"ALERT": {"id": "string",
"name": "string",
"enf_type": "ALERT"
},
"CUSTOM_RESPONSE": {"id": "string",
"name": "string",
"enf_type": "CUSTOM_RESPONSE",
"response_body_base64": "string",
"status": 0,
"response_headers": {"property1": "string",
"property2": "string"
}
},
"BLOCK_REQUEST": {"id": "string",
"name": "string",
"enf_type": "BLOCK_REQUEST"
},
"REDIRECT_302": {"id": "string",
"name": "string",
"enf_type": "REDIRECT_302",
"url": "string"
},
"BROWSER_CHALLENGE": {"id": "string",
"name": "string",
"enf_type": "BROWSER_CHALLENGE",
"is_custom_challenge": true,
"response_body_base64": "string",
"valid_for_sec": 0,
"status": 0
},
"RECAPTCHA": {"id": "string",
"name": "string",
"enf_type": "RECAPTCHA",
"valid_for_sec": 0,
"status": 0,
"failed_action_type": "ALERT"
}
},
"bots_prod_id": "string",
"exception_cookie": ["string"
],
"exception_ja3": ["string"
],
"exception_url": ["string"
],
"exception_user_agent": ["string"
],
"inspect_known_bots": true,
"known_bots": [{"action_type": "ALERT",
"bot_token": "string"
}
],
"customer_id": "string",
"last_modified_date": "string",
"last_modified_by": "string",
"name": "string",
"spoof_bot_action_type": "ALERT",
"team_config": true
}

Response samples

200
404
429
500

Content type

application/json

{"id": "VzhYZAMT",
"status": "success",
"success": true
}

Delete Bot Manager Configuration

Deletes a bot manager configuration.

Authorizations:

bot_securityScope

path Parameters

organization_id required	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
bot_manager_id required	string A bot manager configuration's system-defined ID. Use the Get All Bot Managers operation to retrieve a list of bot manager configurations and their system-defined IDs.

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'DELETE',
  url: 'https://edgioapis.com/bot-security/v0.9/{organization_id}/bot-managers/{bot_manager_id}',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

200
404
429
500

Content type

application/json

{"id": "VzhYZAMT",
"status": "success",
"success": true
}

Bot Ruleset

A bot ruleset contains one or more rule(s) for determining how bots will be identified.

Learn more about bot rulesets.

Add Bot Ruleset

Creates a bot ruleset. A bot ruleset defines criteria for bot identification.

Authorizations:

bot_securityScope

path Parameters

organization_id

required

string

Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab).

From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.

Request Body schema: application/json
required

id	string The bot ruleset's system-defined ID.
required	Array of Reputation DB Include (object) or Security Rule (object) Contains the bot rules associated with this bot ruleset. You may create up to 10 bot rules per bot ruleset.
customer_id	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
last_modified_date	string The date and time at which this bot ruleset was last modified.
name	string The bot ruleset's name.
team_config required	boolean This property must always be `true`. If passed in the request, set it to `true`.

Responses

Request samples

Payload
Node
JavaScript
curl
Python3

Content type

application/json

{"id": "string",
"directive": [{"include": "r3010_ec_bot_challenge_reputation.conf.json"
}
],
"customer_id": "string",
"last_modified_date": "string",
"name": "string",
"team_config": true
}

Response samples

200
429
500

Content type

application/json

{"id": "VzhYZAMT",
"status": "success",
"success": true
}

Get All Bot Rulesets

Lists all bot rulesets.

Authorizations:

bot_securityScope

path Parameters

organization_id

required

string

Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab).

From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://edgioapis.com/bot-security/v0.9/{organization_id}/bots',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

200
404
429
500

Content type

application/json

[{"id": "e3mpHQY5",
"name": "my_bot_ruleset",
"last_modified_date": "2023-09-29T23:31:39.402145Z"
}
]

Get Bot Ruleset

Retrieves a bot ruleset. A bot ruleset defines criteria for bot identification.

Authorizations:

bot_securityScope

path Parameters

organization_id required	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
bot_id required	string A bot ruleset's system-defined ID. Use the Get All Bot Rulesets operation to retrieve a list of bot rulesets and their system-defined IDs.

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://edgioapis.com/bot-security/v0.9/{organization_id}/bots/{bot_id}',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

200
404
429
500

Content type

application/json

{"customer_id": "ae2b89dc-b7a5-45bb-98af-5039ac0fe989",
"directive": [{"sec_rule": {"action": {"bot_action": "BLOCK_REQUEST",
"id": "77777777",
"msg": "Blocked",
"t": ["NONE"
]
},
"chained_rule": [ ],
"id": "Db0z7Gh5",
"name": "My second bot rule",
"operator": {"is_negated": false,
"is_regex": false,
"type": "STREQ",
"value": "faux"
},
"variable": [{"is_count": false,
"match": [ ],
"type": "REQUEST_COOKIES"
}
]
}
}
],
"id": "vipDxgOV",
"last_modified_date": "2023-10-13T23:36:11.333280Z",
"name": "My first bot ruleset",
"team_config": true
}

Update Bot Ruleset

Updates a bot ruleset. A bot ruleset defines criteria for bot identification.

Authorizations:

bot_securityScope

path Parameters

organization_id required	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
bot_id required	string A bot ruleset's system-defined ID. Use the Get All Bot Rulesets operation to retrieve a list of bot rulesets and their system-defined IDs.

Request Body schema: application/json
required

id	string The bot ruleset's system-defined ID.
required	Array of Reputation DB Include (object) or Security Rule (object) Contains the bot rules associated with this bot ruleset. You may create up to 10 bot rules per bot ruleset.
customer_id	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
last_modified_date	string The date and time at which this bot ruleset was last modified.
name	string The bot ruleset's name.
team_config required	boolean This property must always be `true`. If passed in the request, set it to `true`.

Responses

Request samples

Payload
Node
JavaScript
curl
Python3

Content type

application/json

{"id": "string",
"directive": [{"include": "r3010_ec_bot_challenge_reputation.conf.json"
}
],
"customer_id": "string",
"last_modified_date": "string",
"name": "string",
"team_config": true
}

Response samples

200
404
429
500

Content type

application/json

{"id": "VzhYZAMT",
"status": "success",
"success": true
}

Delete Bot Ruleset

Deletes a bot ruleset. A bot ruleset defines criteria for bot identification.

Authorizations:

bot_securityScope

path Parameters

organization_id required	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
bot_id required	string A bot ruleset's system-defined ID. Use the Get All Bot Rulesets operation to retrieve a list of bot rulesets and their system-defined IDs.

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'DELETE',
  url: 'https://edgioapis.com/bot-security/v0.9/{organization_id}/bots/{bot_id}',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

200
404
429
500

Content type

application/json

{"id": "VzhYZAMT",
"status": "success",
"success": true
}

Known Bots

Lists all known bots.

Get Available Known Bots

Retrieves a list of all known bots. Each known bot is identified by a token (e.g., google and yahoo).

Authorizations:

bot_securityScope

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://edgioapis.com/bot-security/v0.9/known-bots/companies',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

200

Content type

application/json

["ahrefs",
"apple",
"aspiegel",
"baidu",
"datadog",
"line",
"msn",
"neeva",
"pingdom",
"semrush",
"uptimerobot",
"yahoo",
"yandex",
"google",
"facebook",
"twitter",
"other"
]

Custom Rules

A custom rule tailors how Edgio Security identifies a threat.

Learn more about custom rules.

Add Custom Rule

Creates a custom rule that defines custom threat assessment criteria.

Authorizations:

wafScope

path Parameters

organization_id

required

string

Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab).

From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.

Request Body schema: application/json
required

id	string The custom rule's system-defined ID.
	Array of objects (Security Rule) Contains custom rules. Each `directive` object defines a custom rule through the `sec_rule` object. You may create up to 10 custom rules.
customer_id	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
last_modified_date	string The date and time at which this configuration was last modified.
name	string The custom rule's name.
team_config required	boolean This property must always be `true`. If passed in the request, set it to `true`.

Responses

Request samples

Payload
Node
JavaScript
curl
Python3

Content type

application/json

{"id": "string",
"directive": [{"sec_rule": {"id": "string",
"name": "string",
"variable": [{"type": "REQUEST_HEADERS",
"match": [{"value": "string",
"is_negated": true,
"is_regex": true
}
],
"is_count": true
}
],
"operator": {"type": "RX",
"value": "string",
"is_negated": true
},
"action": {"id": "string",
"msg": "string",
"t": ["NONE"
]
},
"chained_rule": [{"variable": [{"type": "REQUEST_HEADERS",
"match": [{"value": null,
"is_negated": null,
"is_regex": null
}
],
"is_count": true
}
],
"operator": {"type": "RX",
"value": "string",
"is_negated": true
},
"action": {"id": "string",
"msg": "string",
"t": ["NONE"
]
}
}
]
}
}
],
"customer_id": "string",
"last_modified_date": "string",
"name": "string",
"team_config": true
}

Response samples

200
429
500

Content type

application/json

{"id": "VzhYZAMT",
"status": "success",
"success": true
}

Get All Custom Rules

Retrieves a list of custom rules. A custom rule allows you to define custom threat assessment criterion.

Authorizations:

wafScope

path Parameters

organization_id

required

string

Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab).

From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://edgioapis.com/waf/v0.9/{organization_id}/rules',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

200
404
429
500

Content type

application/json

[{"id": "e3mpHQY5",
"name": "sample_rule_config",
"last_modified_date": "2023-09-29T22:28:09.790308Z"
}
]

Get Custom Rule

Retrieves a custom rule. Use a custom rule to define custom threat assessment criteria.

Authorizations:

wafScope

path Parameters

organization_id required	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
rule_id required	string A custom rule's system-defined ID. Use the Get All Custom Rules operation to retrieve a list of custom rules and their system-defined IDs.

Responses

Request samples

Node
JavaScript
curl
Python3

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://edgioapis.com/waf/v0.9/{organization_id}/rules/{rule_id}',
  headers: {Authorization: 'Bearer REPLACE_BEARER_TOKEN'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

200
404
429
500

Content type

application/json

{"customer_id": "ae2b89dc-b7a5-45bb-98af-5039ac0fe989",
"directive": [{"sec_rule": {"action": {"id": "66000001",
"msg": "Outside of North America",
"t": ["NONE"
]
},
"chained_rule": [ ],
"id": "R20zyMd4",
"name": "new custom rules 01",
"operator": {"is_negated": true,
"is_regex": false,
"type": "EQ",
"value": "US, CA, MX"
},
"variable": [{"is_count": false,
"match": [{"is_negated": false,
"is_regex": false,
"value": "COUNTRY_CODE"
}
],
"type": "GEO"
}
]
}
}
],
"id": "9kaZvYXo",
"last_modified_by": "jsmith@example.com via Edgio AppOps Console",
"last_modified_date": "2023-09-29T22:28:09.790308Z",
"name": "My Custom Rule",
"team_config": true
}

Update Custom Rule

Updates a custom rule that defines custom threat assessment criteria.

Authorizations:

wafScope

path Parameters

organization_id required	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
rule_id required	string A custom rule's system-defined ID. Use the Get All Custom Rules operation to retrieve a list of custom rules and their system-defined IDs.

Request Body schema: application/json
required

id	string The custom rule's system-defined ID.
	Array of objects (Security Rule) Contains custom rules. Each `directive` object defines a custom rule through the `sec_rule` object. You may create up to 10 custom rules.
customer_id	string Your organization's system-defined ID (e.g., 12345678-1234-1234-1234-1234567890ab). From the Edgio Console, select your organization from the top menu and then click Settings. It is listed under Organization ID.
last_modified_date	string The date and time at which this configuration was last modified.
name	string The custom rule's name.
team_config required	boolean This property must always be `true`. If passed in the request, set it to `true`.

Responses

Request samples

Payload
Node
JavaScript
curl
Python3

Content type

application/json

{"id": "string",
"directive": [{"sec_rule": {"id": "string",
"name": "string",
"variable": [{"type": "REQUEST_HEADERS",
"match": [{"value": "string"

Edgio REST API (0.0.4)

Introduction

Quick Start

Scopes

Access Tokens

Authorizing Requests

HTTP Methods

Request URL

Request Headers

Request Body

Response Headers

Rate Limit

Purge

Get Purge Request

Authorizations:

path Parameters

Responses

Request samples

Response samples

Purge Cache

Authorizations:

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

CDN Configuration

Get CDN Configuration

Authorizations:

path Parameters

Responses

Request samples

Response samples

Deploy CDN Configuration

Authorizations:

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Environment Variables

Get Environment Variable

Authorizations:

path Parameters

Responses

Request samples

Response samples

Delete Environment Variable

Authorizations:

path Parameters

Responses

Request samples

Response samples

Get All Environment Variables

Authorizations:

query Parameters

Responses

Request samples

Response samples

Set Environment Variable

Authorizations:

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Deployment Info

Get Deployment Logs

Authorizations:

path Parameters

Responses

Request samples

Response samples

Get Deployment

Authorizations:

path Parameters

Responses

Request samples

Response samples

TLS Certificates

Get TLS Certificate

Authorizations:

path Parameters

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required