Guide
TrainingSupportCommunity

Set API constraints

Suggest Edits

📘

Note

This task applies to Kona Site Defender specifically. Your own selections will vary depending on your product.

Once you register your API with Akamai and a web application firewall product like App & API Protector is in your contract, you can turn on and define API request body and resource constraints. Your WAF product then uses a positive security model to enforce these constraints on incoming API requests and alerts you on or denies an invalid request. Among other advantages, this lets you prevent API consumers from sending excessively large requests to your API.

You can set constraints for

  • undefined resources
  • general request body constraints
  • defined resources
    • methods, and for each method:
      • request
        • request parameters
        • request body
      • response
        • response parameters
      • response body

  1. On the Register new API page, in the Request constraints for undefined resources section, select:

    • Yes to allow requests to both defined and undefined API resources.
    • No to apply an action specified in your security configuration to the undefined resources.

    👍

    If your API has undefined resources just in a few cases, you can select No here and override this setting for the specific cases when you Add API resources.

  2. From the Methods dropdown select

    • Any to allow all methods for the API undefined resources.
    • Specific to see the list of the methods and select one or more.

  3. In the Request body constraints section, you can set the limits for both defined and undefined API resources to protect your API from excessively large requests

  4. From the the Request body content type dropdown, select

    • Any to accept any content type
    • Specific and choose JSON, XML or URL-encoded
    • None

  5. In the Body size (bytes) field, enter the maximum allowed body size in bytes.

  6. In the Nesting depth field, enter the maximum number of nested JSON objects or XML elements allowed in the request body.

  7. In the String length field, enter the maximum allowed string value length.

  8. In the Integer value field, enter the maximum allowed integer value.

  9. In the Number of elements pairs field, enter the maximum number of JSON or XML elements allowed in the request body.

  10. In the Element length field, enter the maximum allowed JSON or XML element length.

Updated over 2 years ago