Add API resources

API resources are unique services in an API endpoint. You add resources by entering their basic information, such as name and path. You also specify HTTP methods that API consumers can use to interact with resources.

  1. Expand the API undefined parameters section.
    Kona Site Defender may evaluate both defined and undefined parameters against the constraints in this section.

    • Select Any if your API accepts any parameters that aren't explicitly defined in API resources.

    • Select Specific to indicate the type of undefined parameters to accept. You can select Cookies, Query-string, Headers, or Request body parameters here.

    • Select None to deny all requests that contain undefined parameters.

  2. In the API resources panel, click +.

  3. Enter the Name and add a Description if you want.

  4. In the Path field, enter the resource path relative to the hostnames and base path where the resource resides in the following format: /path
    The resource path might be case-sensitive if you select the Case-sensitive URLs and parameters check box. This means that, for example, /path and /Path might denote two different resources.

    When entering a resource path, you can use curly brackets ({}) to define path parameters (for example,/path/{pathparam1}). If you want, you can also define multiple path parameters (for example, /path/{pathparam1},{pathparame2},{pathparam3}). All path parameters that you define this way automatically appear in the methods that you select for a resource.
    The resource path appears after the base path in the resource URL.

  5. In the Methods section, select the methods that you want to enable for the resource.
    When you associate a method with a resource, you define how API consumers can use the resource. For example, by selecting the PUT method, you allow API consumers to modify the resource. If a method is not selected, requests that include it won’t be able to use the associated resource.

Add parameters to methods

You can configure header, cookie, query, and body parameters for every method that you associate with a resource. This tells edge servers to look for a parameter in an incoming API request to that resource. Defining body parameters differs from other parameter definitions. Parameters can be useful for resource identification and filtering operations.

  1. On the Register new API page, select the resource that you want to change.

  2. Expand the node of the method that you want to add parameters to.

  3. Optional: If your API has undefined parameters in specific parts of a request for this resource and method combination, you can override the API definition's top-level settings.

    1. Select the Override the top-level settings and allow undefined parameters in checkbox.
    2. Select Yes next to Request header, Request cookie, Query string, or Request body as appropriate.
  4. In the method panel, from the Add dropdown select the location of the parameter:

    • Request header

    • Request cookie

    • Query string

    • Request body

      📘

      The Request body option appears when in the Request body constraints section you selected Specific and then JSON, XML, or URL-encoded as Request body content type.

    • For Request header, Request cookie, Query string

      1. Enter a meaningful parameter Name and, if you want, add a Description.
      2. Select the Type.
      3. If the parameter type is String, Number, or Integer, specify the minimum and maximum parameter values in the Range or Length field.
      4. Specify whether the parameter is Required:
        • If the parameter is mandatory, select Yes.
        • If the parameter is optional, select No.
    • For Request body

      1. Select the body format:
      • JSON
      • XML
      • URL-encoded
      • JSON / XML
      1. Enter a meaningful parameter Name and, if you want, add a Description.
      2. Specify whether the parameter is Required:
        • If the parameter is mandatory, select Yes.
        • If the parameter is optional, select No.
      3. You can further Define body format.
        • If you want to add more details about the request body, select Yes.
        • If you don't need to add the details, select No.
      4. Enter the Property details or Schema details, as appropriate:
        1. Enter a meaningful parameter Name and, if you want, add a Description.
        2. Select the Type.
        3. If the parameter type is String, Number, or Integer, specify the minimum and maximum parameter values in the Range or Length field.
        4. If the parameter is JSON / XML object you can specify the number of array members.
          Select the Array checkbox and enter the minimum and maximum (up to 10) number of the array members.
        5. Specify whether the parameter is Required:
          • If the parameter is mandatory, select Yes.
          • If the parameter is optional, select No.
  5. Click Save.

🚧

If you want your web application firewall solution, like App & API Protector, to enforce the body parameter constraints on this resource, select the Required check box. For body parameters, this check box works independently of the Required parameter toggle applicable for other types of parameters.


Did this page help you?