Application Security API

The Application Security API allows you to access and modify your Security Configurations for Kona Site Defender, Web Application Protector, App & API Protector, Advanced Security Module, and Client Reputation. You can create, update, activate, and export versions of a security configuration. You can get selectable hostnames and add them to the selected list to protect your website or API content. You also can add, modify, or delete custom rules and assign policy actions.

A Web Application Firewall (WAF) is an application security measure deployed between a web client and a web server that performs a deep inspection of every request and response for all common forms of web traffic. Identifying and isolating or blocking abnormal malicious traffic, a WAF effectively prevents threats from reaching the server.

Adaptive Security Engine (ASE) replaces previous web application firewall protections like Automated Attack Groups and the Kona Rule Set. ASE, our latest web application firewall protection engine, has advances that help you protect your websites and APIs with greater accuracy and less effort. Existing operations for Kona Rule Set and Automated Attack Group will contain the updated ASE payloads for newly-contracted customers. Established customers can opt into to the ASE features at a later date, and will continue to see the existing payloads you are currently familiar with.

Operations with ASE available describe the specific changes to their payloads.

Product compatibility varies by operation. Look for Products: X,Y or Products: All in each operation description to see which operations work with each product. All includes App & API Protector, Advanced Security Module, Kona Site Defender, and Web Application Protector.

All operations are now GA. Some operations have additional beta functionality related only to their payloads or data and are marked as Beta.

This API is for security operations teams and developers who implement Akamai security products for their organization. You need to have a working knowledge of your application and how the configurable objects interact.

To protect your site against bots, see Bot Manager once you've configured your security policy.