For requests that you cover with App & API Protector, you set up API protection in two high-level steps.

Register your APIs

After you have your web properties, including your API domains, on the platform, you're ready to set up APIs for protection. You can do so in any of the following ways:

• Import an API definition file

• Enter details manually in the API definitions app

• Detect new APIs your staff added, but neglected to protect

Apply protectons to your APIs

When you set up protections in App & API Protector, you also specify what you want to protect. Usually, you create a dedicated security policy for an API, then specify its scope. To set the scope of a security policy in:

• App & API Protector, add the hostname for your API to hostnames associated with the security policy

• App & API Protector with Advanced Security Management, create an API match target for the security policy you want to use and select the API you defined. With this product you can also set and enforce API request body and resource constraints. Get an overview of these elements in the App & API Protector intro. Or read details and best practices for setting up an API match target (login required).