Prerequisites and user access

Here's what you need in place before you deploy ​App & API Protector Hybrid:

• An account set up in Akamai Control Center.
• Roles assigned to your user:
  • App & API Protector Hybrid - View
  • App & API Protector Hybrid - Edit
• An Account and Group ID number.
• Resources required to run Protector on your infrastructure.
• Infrastructure setup that allows Protector to communicate with Akamai services, which is needed to enable update options, data collection, and monitoring.
• Scaling plan according to expected traffic, which includes load balancing, creating required number of instances, providing needed resources, such as CPU and memory.
• To leverage all features of App & API Protector Hybrid, you need to propagate the X-Forwarded-For (XFF) header in your routing configuration. The XFF header identifies the IP address of users connecting to a web server through proxy. Without it, App & API Protector Hybrid’s options for traffic protection and inspection may be limited. You should configure your on-premises proxy to add the XFF header to all incoming traffic so that Protector can check the XFF header value in individual requests.
• Persistent storage for Protector instances to retain application logs and configuration files inside instances. It’s needed for upscaling or creating new instances.

That's it! Once you have those things in place, you're ready to set up security protections.

👍

Shared Responsibility Model

For any more details on the division of responsibilities that cover the configuration, operation and management of App & API Protector Hybrid, refer to the Shared Responsibility Model.

Next steps

Start with creating a Connection Configuration to generate a token. You’ll need it for deployment to establish communication between Akamai services and the application engine. You can create a Security Configuration at the same time, but it also can be completed later.