Set origin success and failure conditions
When you set up an operation, to capture data on successful and unsuccessful attempts to use the resource, you must define their traits. You can set up success and failure reporting for every operation type except Search and Add to cart. For multistep operations, you can also set up a multistep group success condition and a step success condition. You must define the multistep group success condition for at least one operation in the group.
-
On the API Definitions page, in the Registered APIs section, find the API definition in which you want to create an operation and click its ... Action menu.
-
From the menu, select Manage versions.
-
In the Version history panel, select the version you want to edit.
-
From the list of delivery options, select API Operations.
-
On the API Operations page, click + to add a new operation.
-
Enter your operation data. For details, see set up an operation.
-
In the Origin Response section, click Add to create your conditions in the Success condition and/or Failure condition sections.
- In Response Code, select matches or does not match, and enter the code you want to track, like 401.
You can enter multiple codes. - In Response Header, enter the header name, select matches or does not match, and enter the value you want to track.
To add another response header, click Add. - In Set-cookie, enter the cookie name and select matches or does not match.
You can use * and ? wildcards and you can turn the Case-sensitive switch on. - In Response Body, select JSON or XML, enter the path in XPath format, select between exists, does not exist, matches, does not match, and enter the value you want to track. XPath format supports arrays. Matching on arrays for JSON starts from index 0, and XML starts from index 1.
You can set the following origin response conditions:
- In Response Code, select matches or does not match, and enter the code you want to track, like 401.
- Step success condition: Indicate the success of a single step or operation within a multistep flow.
- Failure condition: Indicate the failure of an operation.
- Success condition: Always configure it in the final operation of every multistep group. It allows account protection to understand when an operation or an application flow was completed successfully and use this information to update the user profile.
The following table lists all the origin response conditions and their meaning:
Step success condition Success condition Failure condition Meaning Defined Not defined Not defined You set the origin response step success conditions. All other responses will report as failures. Defined Not defined Defined You set the origin response step success and operation failure conditions. All other responses will report as unknown. Defined Defined Not defined You set the origin response step success and success conditions. All other responses will report as failures. Defined Defined Defined You set the origin response step success, success, and operation failure conditions. All other responses will report as unknown. Not defined Not defined Not defined You set no origin response conditions. All responses will report as unknown. Not defined Not defined Defined You set the origin response operation failure conditions. All other responses will report as success. Not defined Defined Not defined You set the origin response success conditions. All other responses will report as failure. Not defined Defined Defined You set the origin response success and operation failure conditions. All other responses will report as unknown. If you define:
- Only failure conditions, then any other activity on the endpoints is treated as success.
- Only success, then any other activity is a failure.
- Both failure and success, then any other activity is labeled as unknown.
- No conditions, then all activity on the endpoints is labeled as unknown.
- Multiple values of the same condition (for example, response code = 200, 201), then the success or failure condition is met if any of these values apply.
- Multiple conditions (response code = 200, response header = X-LoginSuccess:true), then the success or failure condition is met only if all of these conditions apply.
Unknown is a label that is also applied in a scenario where bot management detections are bypassed, like when you set an exception, or when the request is denied, allowed, or ignored by an earlier protection, and account protection doesn't run.
After you set the conditions, the successes, failures, and unknown activity appear in the Bot Endpoint Protection report, Account Protector User Intelligence Console, and Web Security Analytics.
XPath format examples
- Supported for JSON and XML:
/customDataA/customDataB/customDataC
/customDataA/customDataB/customDataC[8]
/customDataA[1]/customDataB[1]/customDataC[3]
- Not supported for XML:
/customDataA[0]/customDataB[1]/customDataC[3]
The following images show the examples of correctly defined response body type success and failure conditions:
In the first example, wildcards are used to find the “true” value in a string:

In the second example, selecting the case-sensitive option ensures that only values in the upper case match the criteria:

Updated 5 days ago