Overview
You can use this document to learn how to add API endpoints to the WAF.
To ensure a site is fully optimized with the StackPath WAF, you must ensure that the WAF correctly recognizes all API endpoints. Configured API endpoints ensure that users securely access your APIs and do not receive browser validation techniques.
When you add an API URL endpoint to the WAF, note that:
- The JavaScript Injection and Captcha functionalities for each API URL path will be disabled; however, DDoS protection, IP reputation policies, and rate limitation policies will continue to protect the configured API endpoints.
- Custom firewall policies can still impact API URL delivery and potentially block users.
- This settings does not whitelist API endpoints.
Adding an Endpoint
If your web application uses an API that is implemented on the same domain, such as www.yoursite.com/restfulapi
, then you must configure your WAF settings and add this endpoint.
- In the StackPath Control Portal, in the left-side navigation menu, click Sites.
- Locate and select the desired site. This action will refresh the portal.
- In the left-side navigation menu, click WAF.
- Navigate to API URL Configuration, and then in the field, click Add.
- Enter the path to the API under your domain that you would like to configure, and then click Save. When you enter a path, note that:
- Paths are recursively allowed.
- For example, api/ allows api/v1/*, api/v2/*, etc.
- Regex/wildcard input is not accepted.
- Use api/ instead of api/*.
- Do not enter the protocol or domain.
- Use api/ instead of https://example.foobar.com/api/.
- The domain is automatically added.
- Paths are not case sensitive.
- API/ and api/ are interchangeable.
- To add multiple APIs, you must create multiple, separate entries.
- Paths are recursively allowed.
Changes will be automatically applied, and your API should be accessible.
To test your endpoints, run a cURL command on any endpoint to verify that data is retrievable outside of a browser. You should receive a 200 server response code.