To ensure a Site is fully optimized with the StackPath WAF, it's important to ensure the StackPath WAF recognizes all API endpoints correctly. Configuring all API endpoint ensures that users access APIs securely and do not receive browser validation techniques.
This article assumes a Site is already configured through the StackPath Control Portal to use the StackPath WAF. If you haven't yet set up WAF for a Site, please view the how-to article here.
For APIs hosted on a separate domain, StackPath will soon launch dedicated API protection and acceleration.
WAF Behavioral Adjustments
How to add an endpoint
If your web application is using an API that is implemented on the same domain, e.g. www.yoursite.com/restfulapi, then you need to configure it under Sites > Website Domain > WAF and then under the API URL Configuration section.
- Log into your StackPath Control Portal
- Select the Stack the site is located in
- Navigate to the Sites tab for your selected Stack and select the site you want to modify
- Select WAF from the top menu bar. The API URL Configuration section is found on this page.
- Enter the path of the APIs under your domain you would like to configure.
- are recursively allowed. For example, api/ allows api/v1/*, api/v2/*, etc.
- do not accept regex/wildcard input. For example, use api/ instead of api/*
- do not include protocol (or domain). For example, use api/ instead of https://example.foobar.com/api/ (the domain is added automatically)
- are case insensitive. API/ and api/ are interchangeable.
- require multiple entries for multiple APIs
Changes will be automatically applied, and your API should be accessible. Test your endpoints by performing a cURL on any endpoint to verify that data is retrievable outside of a browser. A 200 server response code should be returned.
If you have any additional questions or concerns, please contact our 24/7 support at firstname.lastname@example.org or via live chat.