Fraudsters are becoming increasingly sophisticated, targeting multiple points of the account lifecycle—from account creation to post-login activities like password resets and payments—to commit malicious activities. To stay ahead of these evolving threats, full lifecycle protection is essential to defend against a wide range of online account abuse.

You can now use Account Protector to secure complex multistep application flows.

To ensure optimal account protection, configure the username parameter for account verification and password reset API operations.
You should update your API definitions if you already have such operations without a username parameter.

You can now use the origin HTTP response body for both origin success and failure conditions, and to extract the origin user ID.

The following improvements to API Protections give you better security and greater control over your APIs (for Kona Site Defender and AAP w/ASM only):

To protect a transactional endpoint, like a login or checkout page, you define a resource purpose in API Definitions, then set protections for it in Bot Manager Premier or Account Protector. Perhaps, like us, you never cared for that term. We’re happy to share that we’re changing the term resource purpose to the more apt and appropriate term operation.

We've made the following enhancements and bug fixes:

We've combined the API Gateway and API Discovery documentation into the API Definitions documentation to make it easier for you to find the guides, API docs, and resources you need to define your APIS across your products. Everything is now in one place. Visit the Welcome page for a toolkit of API Definition resources.

Improvements to API Definitions give you better security and greater control over your APIs.

New features