API Endpoint Definition API

The API Endpoint Definition API allows you to programmatically define an API endpoint and its set of component resources. If you're a Kona Site Defender customer, you can define request body and resource constraints and enforce them separately as allow lists in your Akamai web application firewall policy.

Akamai provides APIs for developers, DevOps, and operations personnel as an alternative to using Akamai Control Center. You may want to automate and instrument the Akamai web application firewall and Web Performance products you're using with APIs. This API provides the same functions available under the Manage API Definitions menu selection of Control Center.

Use this API to automate deployment or configuration of APIs onto the Akamai platform. Register your API endpoints by specifying their hostnames and base paths, identify the set of expected URL resources and operations, and, if you're a web application firewall customer, configure security constraints related to the size and shape of the exchanged data objects.

This API also introduces additional API Gateway delivery features that can help you manage your APIs more efficiently, improve interoperability, gain control over API access, help API consumers troubleshoot errors more effectively, and enhance the overall performance of your API traffic. These features include API privacy, JSON web tokens (JWT), cross-origin resource sharing (CORS), caching, GraphQL caching, origin request redirect, GZIP compression, and error response customization. They're available to you if you add API Gateway to your product.


The OAuth scopes operations have been deprecated. For similar functionality, see Akamai Identity Cloud.

The API privacy feature lets you control access to endpoints and individual resources. To apply API privacy, you need to deploy API keys. Private endpoints and resources that you register in API Gateway require API consumers to identify with appropriate API keys before they can access these endpoints and resources. For more details on API keys and how you can manage them, see the API Keys and Traffic Management API.

When you register your API endpoints, you specify obligatory hostnames for publishing your APIs over the Akamai network. If you haven't created any hostnames in Property Manager yet, you can leverage the Property Manager API to batch-create hostnames dynamically and activate API traffic for these hostnames. Once you activate the hostnames, you can deploy your APIs and configure how they respond to requests.

Note that this API does not modify any web application firewall policies that protect your API endpoints, but is a prerequisite to apply such security in a WAF product like App & API Protector. You may use this API to define your API endpoint in order to configure protections for them. Use this API before your security team applies a Kona Site Defender firewall policy to your API endpoints.