get https://{hostname}/appsec/v1/configs//versions//security-policies//selected-hostnames
Web Application Protector, App & API Protector List the hostnames that the configuration version selects as candidates of protected hostnames, which you can use in match targets.