For requests that you cover with App & API Protector, you set up API protection in two high-level steps.
After you have your web properties, including your API domains, on the platform, you're ready to set up APIs for protection. You can do so in any of the following ways:
When you set up protections in App & API Protector, you also specify what you want to protect. Usually, you create a dedicated security policy for an API, then specify its scope. To set the scope of a security policy in:
App & API Protector, add the hostname for your API to hostnames associated with the security policy
App & API Protector with Advanced Security Management, create an API match target for the security policy you want to use and select the API you defined. With this product you can also set and enforce API request body and resource constraints. Get an overview of these elements in the App & API Protector intro. Or read details and best practices for setting up an API match target (login required).
Updated about 1 month ago