REST API for inline and sideband ASE - PingIntelligence for APIs

API Security Enforcer (ASE) REST API allows you to add, remove, and modify your backend servers.

The REST API payload uses a JSON format. REST API also helps integrate ASE with third-party products. The default port for ASE REST API is 8010.

The following is a list of formats for ASE’s REST APIs:

Create API (POST) – Inline and sideband ASE
Read API (GET) – Inline and sideband ASE
List API (GET) – Inline and sideband ASE
Update API (PUT) – Inline and sideband ASE
Create Server (POST) – Inline ASE
Read Server (GET) – Inline ASE
Delete Server (DELETE) – Inline ASE
Read Cluster (GET) – Inline ASE
Read Persistent Connections (GET) – Inline ASE
Read Firewall Status (GET) – Inline and sideband ASE
Update Firewall Status (POST) – Inline and sideband ASE
Add Attack Type to Blacklist (POST) – Inline and sideband ASE
Delete Attack Type from the Whitelist (DELETE) – Inline and sideband ASE
Clear the Blacklist (DELETE) – Inline and sideband ASE
View Blacklist (GET) – Inline and sideband ASE
Add Attack Type to Whitelist (POST) – Inline and sideband ASE
Delete Attack Type from the Whitelist (DELETE) – Inline and sideband ASE
Clear Whitelist (DELETE) – Inline and sideband ASE
View Whitelist (POST) – Inline and sideband ASE
Read Flow Control of an API (GET) – Inline ASE
Update Flow Control for an API (POST) – Inline ASE
Update Flow Control for a Server of an API (POST) – Inline ASE

Common request headers

Header	Value
`x-ase-access-key`	`admin` Note: The default and only allowed access key is `admin`.
`x-ase-secret-key`	`<Secret Key>` Note: The default secret key is `admin`. You can change the default secret key using the update_passowrd command.
`Accept`	`application/json`

Create API (POST)

Request
`POST`	`/v4/ase/api?api_id=sample_api`
`Content-Type`	`application/json`
`x-ase-access-key`	`<Access Key>`
`x-ase-secret-key`	`<Secret Key>`
`Accept`	`application/json`

REST API request:

{
 "api_metadata": {
 "protocol": "http",
 "url": "/your_rest_api",
 "hostname": "*",
 "cookie": "",
 "cookie_idle_timeout": "200m",
 "logout_api_enabled": false,
 "cookie_persistence_enabled": false,
 "oauth2_access_token": false,
 "apikey_qs": "",
 "apikey_header": "",
 "login_url": "",
 "enable_blocking": true,
 "api_mapping": {
 "internal_url": ""
 },
 "api_pattern_enforcement": {
 "protocol_allowed": "",
 "http_redirect": {
 "response_code": "",
 "response_def": "",
 "https_url": ""
 },
 "methods_allowed": [],
 "content_type_allowed": "",
 "error_code": "401",
 "error_def": "Unauthorized",
 "error_message_body": "401 Unauthorized"
 },
 "flow_control": {
 "client_spike_threshold": "0/second",
 "server_connection_queueing": false
 },
 "api_memory_size": "128mb",
 "health_check": true,
 "health_check_interval": 60,
 "health_retry_count": 4,
 "health_url": "/health",
 "server_ssl": false,
 "servers": [
 {
 "host": "127.0.0.1",
 "port": 8080,
 "server_spike_threshold": "0/second",
 "server_connection_quota": 0
 },
 {
 "host": "127.0.0.1",
 "port": 8081,
 "server_spike_threshold": "0/second",
 "server_connection_quota": 0
 }
 ],
 "decoy_config": {
 "decoy_enabled": false,
 "response_code": 200,
 "response_def": "",
 "response_message": "",
 "decoy_subpaths": []
 }
 }
}

WebSocket API request:

{
 "api_metadata": {
 "protocol": "ws",
 "url": "/your_websocket_api",
 "hostname": "*",
 "cookie": "",
 "cookie_idle_timeout": "200m",
 "logout_api_enabled": false,
 "cookie_persistence_enabled": false,
 "oauth2_access_token": false,
 "apikey_qs": "",
 "apikey_header": "",
 "login_url": "",
 "enable_blocking": true,
 "api_mapping": {
 "internal_url": ""
 },
 "api_pattern_enforcement": {
 "protocol_allowed": "",
 "http_redirect": {
 "response_code": "",
 "response_def": "",
 "https_url": ""
 },
 "methods_allowed": [],
 "content_type_allowed": "",
 "error_code": "401",
 "error_def": "Unauthorized",
 "error_message_body": "401 Unauthorized"
 },
 "flow_control": {
 "client_spike_threshold": "0/second",
 "bytes_in_threshold": "0/second",
 "bytes_out_threshold": "0/second",
 "server_connection_queueing": false
 },
 "api_memory_size": "128mb",
 "health_check": true,
 "health_check_interval": 60,
 "health_retry_count": 4,
 "health_url": "/health",
 "server_ssl": false,
 "servers": [
 {
 "host": "127.0.0.1",
 "port": 8080,
 "server_connection_quota": 0
 },
 {
 "host": "127.0.0.1",
 "port": 8081,
 "server_connection_quota": 0
 }
 ],
 "decoy_config": {
 "decoy_enabled": false,
 "response_code": 200,
 "response_def": "",
 "response_message": "",
 "decoy_subpaths": []
 }
 }
}

HTTP Code Status Content body (application/JSON)

200

success

{“status” : “success” , “status_message” : “success”
            }

403

fail

{“status” :”api_already_exists” ,”status_message” :”api sample_api
                 already exists”}

403

fail

{“status” : “validation_error” , “status_message” : “<detailed
                validation error description” }

Read API (GET)

Request
`GET`	`/v4/ase/api?api_id=sample_api`
`x-ase-access-key`	`<Access Key>`
`x-ase-secret-key`	`<Secret Key>`
`Accept`	`application/json`

HTTP Code Status Content body (application/JSON)

Response
HTTP Code	Status	Content body (application/JSON)
`200`	`success`	REST API: { "api_metadata": { "protocol": "http", "url": "/your_rest_api", "hostname": "", "cookie": "", "cookie_idle_timeout": "200m", "logout_api_enabled": false, "cookie_persistence_enabled": false, "oauth2_access_token": false, "apikey_qs": "", "apikey_header": "", "login_url": "", "enable_blocking": true, "api_mapping": { "internal_url": "" }, "api_pattern_enforcement": { "protocol_allowed": "", "http_redirect": { "response_code": "", "response_def": "", "https_url": "" }, "methods_allowed": [], "content_type_allowed": "", "error_code": "401", "error_def": "Unauthorized", "error_message_body": "401 Unauthorized" }, "flow_control": { "client_spike_threshold": "0/second", "server_connection_queueing": false }, "api_memory_size": "128mb", "health_check": true, "health_check_interval": 60, "health_retry_count": 4, "health_url": "/health", "server_ssl": false, "servers": [ { "host": "127.0.0.1", "port": 8080, "server_spike_threshold": "0/second", "server_connection_quota": 0 }, { "host": "127.0.0.1", "port": 8081, "server_spike_threshold": "0/second", "server_connection_quota": 0 } ], "decoy_config": { "decoy_enabled": false, "response_code": 200, "response_def": "", "response_message": "", "decoy_subpaths": [] } } } WebSocket API: { "api_metadata": { "protocol": "ws", "url": "/your_websocket_api", "hostname": "", "cookie": "", "cookie_idle_timeout": "200m", "logout_api_enabled": false, "cookie_persistence_enabled": false, "oauth2_access_token": false, "apikey_qs": "", "apikey_header": "", "login_url": "", "enable_blocking": true, "api_mapping": { "internal_url": "" }, "api_pattern_enforcement": { "protocol_allowed": "", "http_redirect": { "response_code": "", "response_def": "", "https_url": "" }, "methods_allowed": [], "content_type_allowed": "", "error_code": "401", "error_def": "Unauthorized", "error_message_body": "401 Unauthorized" }, "flow_control": { "client_spike_threshold": "0/second", "bytes_in_threshold": "0/second", "bytes_out_threshold": "0/second", "server_connection_queueing": false }, "api_memory_size": "128mb", "health_check": true, "health_check_interval": 60, "health_retry_count": 4, "health_url": "/health", "server_ssl": false, "servers": [ { "host": "127.0.0.1", "port": 8080, "server_connection_quota": 0 }, { "host": "127.0.0.1", "port": 8081, "server_connection_quota": 0 } ], "decoy_config": { "decoy_enabled": false, "response_code": 200, "response_def": "", "response_message": "", "decoy_subpaths": [] } } }
`404`	`not found`	`{“status” :”api_not_found” ,”status_message” :”api sample_api does not exist”}`

200

success

REST API:

{
 "api_metadata": {
 "protocol": "http",
 "url": "/your_rest_api",
 "hostname": "*",
 "cookie": "",
 "cookie_idle_timeout": "200m",
 "logout_api_enabled": false,
 "cookie_persistence_enabled": false,
 "oauth2_access_token": false,
 "apikey_qs": "",
 "apikey_header": "",
 "login_url": "",
 "enable_blocking": true,
 "api_mapping": {
 "internal_url": ""
 },
 "api_pattern_enforcement": {
 "protocol_allowed": "",
 "http_redirect": {
 "response_code": "",
 "response_def": "",
 "https_url": ""
 },
 "methods_allowed": [],
 "content_type_allowed": "",
 "error_code": "401",
 "error_def": "Unauthorized",
 "error_message_body": "401 Unauthorized"
 },
 "flow_control": {
 "client_spike_threshold": "0/second",
 "server_connection_queueing": false
 },
 "api_memory_size": "128mb",
 "health_check": true,
 "health_check_interval": 60,
 "health_retry_count": 4,
 "health_url": "/health",
 "server_ssl": false,
 "servers": [
 {
 "host": "127.0.0.1",
 "port": 8080,
 "server_spike_threshold": "0/second",
 "server_connection_quota": 0
 },
 {
 "host": "127.0.0.1",
 "port": 8081,
 "server_spike_threshold": "0/second",
 "server_connection_quota": 0
 }
 ],
 "decoy_config": {
 "decoy_enabled": false,
 "response_code": 200,
 "response_def": "",
 "response_message": "",
 "decoy_subpaths": []
 }
 }
}

WebSocket API:

{
 "api_metadata": {
 "protocol": "ws",
 "url": "/your_websocket_api",
 "hostname": "*",
 "cookie": "",
 "cookie_idle_timeout": "200m",
 "logout_api_enabled": false,
 "cookie_persistence_enabled": false,
 "oauth2_access_token": false,
 "apikey_qs": "",
 "apikey_header": "",
 "login_url": "",
 "enable_blocking": true,
 "api_mapping": {
 "internal_url": ""
 },
 "api_pattern_enforcement": {
 "protocol_allowed": "",
 "http_redirect": {
 "response_code": "",
 "response_def": "",
 "https_url": ""
 },
 "methods_allowed": [],
 "content_type_allowed": "",
 "error_code": "401",
 "error_def": "Unauthorized",
 "error_message_body": "401 Unauthorized"
 },
 "flow_control": {
 "client_spike_threshold": "0/second",
 "bytes_in_threshold": "0/second",
 "bytes_out_threshold": "0/second",
 "server_connection_queueing": false
 },
 "api_memory_size": "128mb",
 "health_check": true,
 "health_check_interval": 60,
 "health_retry_count": 4,
 "health_url": "/health",
 "server_ssl": false,
 "servers": [
 {
 "host": "127.0.0.1",
 "port": 8080,
 "server_connection_quota": 0
 },
 {
 "host": "127.0.0.1",
 "port": 8081,
 "server_connection_quota": 0
 }
 ],
 "decoy_config": {
 "decoy_enabled": false,
 "response_code": 200,
 "response_def": "",
 "response_message": "",
 "decoy_subpaths": []
 }
 }
}

404

not found

{“status” :”api_not_found” ,”status_message” :”api sample_api does
                not exist”}

List API (GET)

Request
`GET`	`/v4/ase/api`
`x-ase-access-key`	`<Access Key>`
`x-ase-secret-key`	`<Secret Key>`
`Accept`	`application/json`

Response
HTTP Code	Status	Content body (application/JSON)
`200`	`success`	`{ "api_count": "1", "api": [ { "api_id": "sample_api", "status": "loaded" } ] }`
`404`	`not found`	`{“status” :”api_not_found” ,”status_message” :”api sample_api does not exist”}`

Update API (PUT)

Request
`PUT`	`/v4/ase/api?api_id=sample_api`
`Content-Type`	`application/json`
`x-ase-access-key`	`<Access Key>`
`x-ase-secret-key`	`<Secret Key>`
`Accept`	`application/json`

REST API request:

{
 "api_metadata": {
 "protocol": "http",
 "url": "/your_rest_api",
 "hostname": "*",
 "cookie": "",
 "cookie_idle_timeout": "200m",
 "logout_api_enabled": false,
 "cookie_persistence_enabled": false,
 "oauth2_access_token": false,
 "apikey_qs": "",
 "apikey_header": "",
 "login_url": "",
 "enable_blocking": true,
 "api_mapping": {
 "internal_url": ""
 },
 "api_pattern_enforcement": {
 "protocol_allowed": "",
 "http_redirect": {
 "response_code": "",
 "response_def": "",
 "https_url": ""
 },
 "methods_allowed": [],
 "content_type_allowed": "",
 "error_code": "401",
 "error_def": "Unauthorized",
 "error_message_body": "401 Unauthorized"
 },
 "flow_control": {
 "client_spike_threshold": "0/second",
 "server_connection_queueing": false
 },
 "api_memory_size": "128mb",
 "health_check": true,
 "health_check_interval": 60,
 "health_retry_count": 4,
 "health_url": "/health",
 "server_ssl": false,
 "servers": [
 {
 "host": "127.0.0.1",
 "port": 8080,
 "server_spike_threshold": "0/second",
 "server_connection_quota": 0
 },
 {
 "host": "127.0.0.1",
 "port": 8081,
 "server_spike_threshold": "0/second",
 "server_connection_quota": 0
 }
 ],
 "decoy_config": {
 "decoy_enabled": false,
 "response_code": 200,
 "response_def": "",
 "response_message": "",
 "decoy_subpaths": []
 }
 }
}

WebSocket API request:

{
 "api_metadata": {
 "protocol": "ws",
 "url": "/your_websocket_api",
 "hostname": "*",
 "cookie": "",
 "cookie_idle_timeout": "200m",
 "logout_api_enabled": false,
 "cookie_persistence_enabled": false,
 "oauth2_access_token": false,
 "apikey_qs": "",
 "apikey_header": "",
 "login_url": "",
 "enable_blocking": true,
 "api_mapping": {
 "internal_url": ""
 },
 "api_pattern_enforcement": {
 "protocol_allowed": "",
 "http_redirect": {
 "response_code": "",
 "response_def": "",
 "https_url": ""
 },
 "methods_allowed": [],
 "content_type_allowed": "",
 "error_code": "401",
 "error_def": "Unauthorized",
 "error_message_body": "401 Unauthorized"
 },
 "flow_control": {
 "client_spike_threshold": "0/second",
 "bytes_in_threshold": "0/second",
 "bytes_out_threshold": "0/second",
 "server_connection_queueing": false
 },
 "api_memory_size": "128mb",
 "health_check": true,
 "health_check_interval": 60,
 "health_retry_count": 4,
 "health_url": "/health",
 "server_ssl": false,
 "servers": [
 {
 "host": "127.0.0.1",
 "port": 8080,
 "server_connection_quota": 0
 },
 {
 "host": "127.0.0.1",
 "port": 8081,
 "server_connection_quota": 0
 }
 ],
 "decoy_config": {
 "decoy_enabled": false,
 "response_code": 200,
 "response_def": "",
 "response_message": "",
 "decoy_subpaths": []
 }
 }
}

Response
HTTP Code	Status	Content body (application/JSON)
`200`	`success`	`{“status” : “success” , “status_message” : “success” }`
`404`	`fail`	`{“status” :”api_not_found” ,”status_message” :”api sample_api does not exist”}`

Delete API (DELETE)

Request
`DELETE`	`/v4/ase/api?api_id=sample_api`
`x-ase-access-key`	`<Access Key>`
`x-ase-secret-key`	`<Secret Key>`
`Accept`	`application/json`

Response
HTTP Code	Status	Content body (application/JSON)
`200`	`success`	`{“status” : “success” , “status_message” : “success” }`
`404`	`fail`	`{“status” :”api_not_found” ,”status_message” :”api sample_api does not exist”}`

Create server (POST)

Request
`POST`	`/v4/ase/server?api_id=<api>`
`Content-Type`	`application/json`
`x-ase-access-key`	`<Access Key>`
`x-ase-secret-key`	`<Secret Key>`
`Accept`	`application/json`

REST API request:

{
 "server":
 {
 "host": "192.168.1.100",
 "port": 8080,
 "server_spike_threshold": "1/second",
 "server_connection_quota": 100
 }
}
WebSocket API Request
{
 "server":
 {
 "host": "192.168.1.100",
 "port": 8080,
 "server_connection_quota": 100
 }
}

Response
HTTP Code	Status	Content body (application/JSON)
`200`	`success`	`{“status” : “success” , “status_message” : “success” }`
`404`	`fail`	`{“status” :”api_not_found” ,”status_message” :”api sample_api does not exist”}`
`403`	`fail`	`{“status” : “validation_error” , “status_message” : “detailed info about validation error”}`
`403`	`fail`	`{“status” : “server_exists” , “status_message” :”server already exists”}`

Read server (GET)

Request
`GET`	`/v4/ase/server?api_id=<api_id>`
`x-ase-access-key`	`<Access Key>`
`x-ase-secret-key`	`<Secret Key>`
`Accept`	`application/json`

HTTP Code Status Content body (application/JSON)

Response
HTTP Code	Status	Content body (application/JSON)
`200`	`success`	REST API: `{ “api_id” : “sample_api” “server_count” : 2, “server”: [ { “host” : “192.168.1.100” “port” : 8080, "server_connection_quota": 1000, "server_spike_threshold": "10/second", “health_status” :”Up” }, { “host” : “192.168.1.100” “port” : 8081, server_connection_quota": 1000, "server_spike_threshold": "10/second", “health_status” :”Down” } ] }` WebSocket API: `{ “api_id” : “sample_api” “server_count” : 2, “server”: [ { "host" : “192.168.1.100” “port” : 8080, "server_connection_quota": 1000, “health_status” :”Up” }, { "host" : “192.168.1.100” “port” : 8081, "server_connection_quota": 1000, “health_status” :”Down” } ] }`
`404`	`fail`	`{“status” :”api_not_found” ,”status_message” :”api sample_api does not exist”}`

200

success

REST API:

{
“api_id” : “sample_api”
 “server_count” : 2,
 “server”:
 [ {
 “host” : “192.168.1.100”
 “port” : 8080,
 "server_connection_quota": 1000,
 "server_spike_threshold": "10/second",
 “health_status” :”Up”
 }, {
 “host” : “192.168.1.100”
 “port” : 8081,
 server_connection_quota": 1000,
 "server_spike_threshold": "10/second",
 “health_status” :”Down” 
 } ] }

WebSocket API:

{
 “api_id” : “sample_api”
 “server_count” : 2,
 “server”:
 [ {
 "host" : “192.168.1.100”
 “port” : 8080,
 "server_connection_quota": 1000,
 “health_status” :”Up”
 }, {
 "host" : “192.168.1.100”
 “port” : 8081,
 "server_connection_quota": 1000,
 “health_status” :”Down”
 } ] }

404

fail

{“status” :”api_not_found” ,”status_message” :”api sample_api does
                not  exist”}

Delete server (DELETE)

Request
`DELETE`	`/v4/ase/server?api_id=<api>`
`Content-Type`	`application/json`
`x-ase-access-key`	`<Access Key>`
`x-ase-secret-key`	`<Secret Key>`
`Accept`	`application/json`

{
 “server”:
 {
 "host" : “192.168.1.100”,
 "port" : 8080
 }
}

Response
HTTP Code	Status	Content body (application/JSON)
`200`	`success`	`{“status” : “success” , “status_message” : “success” }`
`404`	`fail`	`{“status” :”api_not_found” ,”status_message” :”api sample_api does not exist”}`
`404`	`fail`	`{“status” :”server_not_found” ,”status_message” :”server does not exist”}`
`403`	`fail`	`{“status” : “validation_error” , “status_message” : “detailed info about json validation error”}`

Read cluster (GET)

Request
`GET`	`/v4/ase/cluster`
`x-ase-access-key`	`<Access Key>`
`x-ase-secret-key`	`<Secret Key>`
`Accept`	`application/json`

HTTP Code Status Content body (application/JSON)

Response
HTTP Code	Status	Content body (application/JSON)
`200`	`success`	`{ “cluster_id” : “test_cluster” “node_count” : 2 , “node”: [ { "host" : “192.168.2.100” “port” : 8080 “uuid” : “1c359368-22b6-4713-a5be-15e5cbbddf7a” “status” :”active” }, { "host" : “192.168.2.101” “port” : 8080 “uuid” : “2d359368-20b6-4713-a5be-15e5cbbde8d” “status” :”inactive” } ] }`
`404`	`fail`	`{“status” :”no_cluster_mode” ,”status_message” :”ase is not in cluster mode”}`

200

success

{
 “cluster_id” : “test_cluster”
 “node_count” : 2
, “node”:
 [
 {
 "host" : “192.168.2.100”
 “port” : 8080
 “uuid” : “1c359368-22b6-4713-a5be-15e5cbbddf7a”
 “status” :”active”
 },
 {
 "host" : “192.168.2.101”
 “port” : 8080
 “uuid” : “2d359368-20b6-4713-a5be-15e5cbbde8d”
 “status” :”inactive”
 }
]
}

404

fail

{“status” :”no_cluster_mode” ,”status_message” :”ase is not in
                cluster mode”}

Read persistent connections (GET)

Request
`GET`	`/v4/ase/persistentconnection?api_id=sample`
`x-ase-access-key`	`<Access Key>`
`x-ase-secret-key`	`<Secret Key>`
`Accept`	`application/json`

Response
HTTP Code	Status	Content body (application/JSON)
`200`	`success`	`{ “api_id” : “sample” “persistent_connection_count” : { “ws”:1, “wss”:0 } }`
`404`	`fail`	`{“status” :”api_not_found” ,”status_message” :”api sample does not exist”}`

Read firewall status (GET)

Request
`GET`	`/v4/ase/firewall`
`x-ase-access-key`	`<Access Key>`
`x-ase-secret-key`	`<Secret Key>`
`Accept`	`application/json`

Response
HTTP Code	Status	Content body (application/JSON)
`200`	`success`	`{` `“status” :”enabled/disabled”,` `”status_message” :”Ok”` `}`

Update firewall status (POST)

Request
`POST`	`/v4/ase/firewall?status=enable/disable`
`x-ase-access-key`	`<Access Key>`
`x-ase-secret-key`	`<Secret Key>`
`Accept`	`application/json`

HTTP Code Status Content body (application/JSON)

Response
HTTP Code	Status	Content body (application/JSON)
`200`	`success`	If there is a status change: `{ “status” :”enabled/disabled”, ”status_message” :”Firewall is now enabled/disabled” }` If there is no change in status: `{ “status” :”enabled/disabled”, ”status_message” :”Firewall is already enabled/disabled” }`
`403`	`fail`	`{“status” :”invalid_value” ,”status_message” :”query parameter status contains invalid value”}`

200

success

If there is a status change:

{
“status” :”enabled/disabled”,
”status_message” :”Firewall is now enabled/disabled”
}

If there is no change in status:

{
“status” :”enabled/disabled”,
”status_message” :”Firewall is already enabled/disabled”
}

403

fail

{“status” :”invalid_value” ,”status_message” :”query parameter status
                contains invalid value”}

Add attack type to deny list (POST)

Request
`POST`	`/v4/ase/firewall/blacklist`
`x-ase-access-key`	`<Access Key>`
`x-ase-secret-key`	`<Secret Key>`
`Accept`	`application/json`

===============for IP===============
{
 "type" : "ip",
 "value" : "1.1.1.1"
}
===============for Token=============
{
 "type" : "token",
 "value" : "sadjhasiufgkjdsbfkgfa"
}
=============for Cookie/api_key=======
{
 "type" : "cookie/token/api_key",
 "name" : "JSESSIONID",
 "value" : "ljkhasioutfdqbjsfdmakhflia"
}

Response
Status code	Response body
`200 OK`	Cookie `JSESSIONID ljkhasioutfdqbjsfdmakhflia` added to blacklist
`403 Forbidden`	Cookie `JSESSIONID ljkhasioutfdqbjsfdmakhflia` already exist
`403 Forbidden`	`content-type header missing`
`403 Forbidden`	`x-ase-access-key header missing`
`403 Forbidden`	`x-ase-secret-key header missing`
`403 Forbidden`	`authorization failure`
`403 Forbidden`	`json parsing error`
`500 Internal Server Error`	`unknown error`

Delete attack type to deny list (DELETE)

Request
`DELETE`	`/v4/ase/firewall/blacklist`
`x-ase-access-key`	`<Access Key>`
`x-ase-secret-key`	`<Secret Key>`
`Accept`	`application/json`

===============for IP===============
{
 "type" : "ip",
 "value" : "1.1.1.1"
}
===============for Token=============
{
 "type" : "token",
 "value" : "sadjhasiufgkjdsbfkgfa"
}
=============for Cookie/api_key=======
{
 "type" : "cookie/token/api_key",
 "name" : "JSESSIONID",
 "value" : "ljkhasioutfdqbjsfdmakhflia"
}

Response
Status code	Response body
`200 OK`	Cookie `JSESSIONID ljkhasioutfdqbjsfdmakhflia` deleted from blacklist
`403 Forbidden`	Cookie `JSESSIONID ljkhasioutfdqbjsfdmakhflia` already exist
`403 Forbidden`	`content-type header missing`
`403 Forbidden`	`x-ase-access-key header missing`
`403 Forbidden`	`x-ase-secret-key header missing`
`403 Forbidden`	`authorization failure`
`403 Forbidden`	`json parsing error`
`500 Internal Server Error`	`unknown error`

Clear the deny list (DELETE)

Request
`DELETE`	`/v4/ase/firewall/blacklist?tag=all`
`x-ase-access-key`	`<Access Key>`
`x-ase-secret-key`	`<Secret Key>`
`Accept`	`application/json`

Response
Status code	Response body
`200 OK`	`Blacklist cleared`
`403 Forbidden`	`content-type header missing`
`403 Forbidden`	`x-ase-access-key header missing`
`403 Forbidden`	`x-ase-secret-key header missing`
`403 Forbidden`	`authorization failure`
`500 Internal Server Error`	`unknown error`

View deny list (GET)

Request
`GET`	`/v4/ase/firewall/blacklist?tag=`
`Tags`	Note: Default is `tag=all`. `all` `manual` `abs_generated` `invalid_content_type` `invalid_method` `invalid_protocol` `decoy`
`x-ase-access-key`	`<Access Key>`
`x-ase-secret-key`	`<Secret Key>`
`Accept`	`application/json`

Response
Status code	Response body
`200 OK`	`{ "manual_blacklist" : [ { "type" : "cookie", "name" : "JSESSIONID", "value" : "ljkhasiosalia", }, { "type" : "ip", "value" : "1.1.1.1", } ], "abs_generated_blacklist" : [ { "type" : "cookie", "name" : "JSESSIONID", "value" : "ljkhasisadosalia", }, { "type" : "ip", "value" : "1.1.1.2", } ] }`
`403 Forbidden`	Cookie `JSESSIONID ljkhasioutfdqbjsfdmakhflia` already exist
`403 Forbidden`	`content-type header missing`
`403 Forbidden`	`x-ase-access-key header missing`
`403 Forbidden`	`x-ase-secret-key header missing`
`403 Forbidden`	`authorization failure`
`500 Internal Server Error`	`unknown error`

Add attack type to allow list (POST)

Request
`POST`	`/v4/ase/firewall/whitelist`
`x-ase-access-key`	`<Access Key>`
`x-ase-secret-key`	`<Secret Key>`
`Accept`	`application/json`

===============for IP===============
{
 "type" : "ip",
 "value" : "1.1.1.1"
}
===============for Token=============
{
 "type" : "token",
 "value" : "sadjhasiufgkjdsbfkgfa"
}
=============for Cookie/api_key=======
{
 "type" : "cookie/token/api_key",
 "name" : "JSESSIONID",
 "value" : "ljkhasioutfdqbjsfdmakhflia"
}

Response
Status code	Response body
`200 OK`	Cookie `JSESSIONID ljkhasioutfdqbjsfdmakhflia` added to whitelist
`403 Forbidden`	Cookie `JSESSIONID ljkhasioutfdqbjsfdmakhflia` already exist
`403 Forbidden`	`content-type header missing`
`403 Forbidden`	`x-ase-access-key header missing`
`403 Forbidden`	`x-ase-secret-key header missing`
`403 Forbidden`	`authorization failure`
`403 Forbidden`	`json parsing error`
`500 Internal Server Error`	`unknown error`

Delete attack type from the allow list (DELETE)

Request
`DELETE`	`/v4/ase/firewall/whitelist`
`x-ase-access-key`	`<Access Key>`
`x-ase-secret-key`	`<Secret Key>`
`Accept`	`application/json`

===============for IP===============
{
 "type" : "ip",
 "value" : "1.1.1.1"
}
===============for Token=============
{
 "type" : "token",
 "value" : "sadjhasiufgkjdsbfkgfa"
}
=============for Cookie/api_key=======
{
 "type" : "cookie/token/api_key",
 "name" : "JSESSIONID",
 "value" : "ljkhasioutfdqbjsfdmakhflia"
}

Response
Status code	Response body
`200 OK`	Cookie `JSESSIONID ljkhasioutfdqbjsfdmakhflia` added to whitelist
`403 Forbidden`	Cookie `JSESSIONID ljkhasioutfdqbjsfdmakhflia` already exist
`403 Forbidden`	`content-type header missing`
`403 Forbidden`	`x-ase-access-key header missing`
`403 Forbidden`	`x-ase-secret-key header missing`
`403 Forbidden`	`authorization failure`
`403 Forbidden`	`json parsing error`
`500 Internal Server Error`	`unknown error`

Clear allow list (DELETE)

Request
`DELETE`	`/v4/ase/firewall/whitelist?tag=all`
`x-ase-access-key`	`<Access Key>`
`x-ase-secret-key`	`<Secret Key>`
`Accept`	`application/json`

Response
Status code	Response body
`200 OK`	`Whitelist cleared`
`403 Forbidden`	`content-type header missing`
`403 Forbidden`	`x-ase-access-key header missing`
`403 Forbidden`	`x-ase-secret-key header missing`
`403 Forbidden`	`authorization failure`
`500 Internal Server Error`	`unknown error`

View allow list (POST)

Request
`GET`	`/v4/ase/firewall/whitelist`
`x-ase-access-key`	`<Access Key>`
`x-ase-secret-key`	`<Secret Key>`
`Accept`	`application/json`

Response
Status code	Response body
`200 OK`	`{ "whitelist" : [ { "type" : "cookie", "name" : "JSESSIONID", "value" : "ljkhasiosalia", }, { "type" : "ip", "value" : "1.1.1.1", } ] }`
`403 Forbidden`	`content-type header missing`
`403 Forbidden`	`x-ase-access-key header missing`
`403 Forbidden`	`x-ase-secret-key header missing`
`403 Forbidden`	`authorization failure`
`500 Internal Server Error`	`unknown error`

Read flow control of an API (GET)

Request
`GET`	`/v4/ase/firewall/flowcontrol?api_id=<api_name>`
`x-ase-access-key`	`<Access Key>`
`x-ase-secret-key`	`<Secret Key>`
`Accept`	`application/json`

HTTP Code Status Content body (application/JSON)

Response
HTTP Code	Status	Content body (application/JSON)
`200`	`success`	Flow control for REST API: `{ “api_id”: “api_name” "flow_control": { "client_spike_threshold": "0/second", "server_connection_queueing": false } }` Flow control for WebSocket API: `{ “api_id”: “api_name” "flow_control": { "client_spike_threshold": "100/second", "bytes_in_threshold": "10/second", "bytes_out_threshold": "10/second", "server_connection_queueing": false } }`
`403`	`fail`	`{“status” : “validation_error” , “status_message” : “<detailed validation error description” }`
`404`	`fail`	`{“status” :”api_not_found” ,”status_message” :”api sample does not exist”}`

200

success

Flow control for REST API:

{
 “api_id”: “api_name”
 "flow_control": {
 "client_spike_threshold": "0/second",
 "server_connection_queueing": false
 }
}

Flow control for WebSocket API:

{
 “api_id”: “api_name”
 "flow_control": {
 "client_spike_threshold": "100/second",
 "bytes_in_threshold": "10/second",
 "bytes_out_threshold": "10/second",
 "server_connection_queueing": false
 }
}

403

fail

{“status” : “validation_error” , “status_message” : “<detailed
                validation error description” }

404

fail

{“status” :”api_not_found” ,”status_message” :”api sample does not
                 exist”}

Update flow control for an API (POST)

Request
`POST`	`/v4/ase/firewall/flowcontrol?api_id=<api_name>`
`x-ase-access-key`	`<Access Key>`
`x-ase-secret-key`	`<Secret Key>`
`Accept`	`application/json`

REST APIs:

{ "flow_control": {
 "client_spike_threshold": "0/second"
 } 
 }

WebSocket APIs

{ "flow_control": {
 "client_spike_threshold": "10/second",
 "bytes_in_threshold": "10/second",
 "bytes_out_threshold": "10/second"
 } 
}

HTTP Code Status Content body (application/JSON)

Response
HTTP Code	Status	Content body (application/JSON)
`200`	`success`	Flow control for REST APIs: `{ “api_id”: “api_name” "flow_control": { "client_spike_threshold": "0/second", "server_connection_queueing": false } }` Flow control for WebSocket APIs: `{ “api_id”: “api_name” "flow_control": { "client_spike_threshold": "0/second", "bytes_in_threshold": "10/second", "bytes_out_threshold": "10/second", "server_connection_queueing": false }}`
`403`	`fail`	`{“status” : “validation_error” , “status_message” : “<detailed validation error description” }`
`404`	`fail`	`{“status” :”api_not_found” ,”status_message” :”api sample does not exist”}`

200

success

Flow control for REST APIs:

{
 “api_id”: “api_name”
 "flow_control": {
 "client_spike_threshold": "0/second",
 "server_connection_queueing": false
 } }

Flow control for WebSocket APIs:

{
 “api_id”: “api_name”
 "flow_control": {
 "client_spike_threshold": "0/second",
 "bytes_in_threshold": "10/second",
 "bytes_out_threshold": "10/second",
 "server_connection_queueing": false
 }}

403

fail

{“status” : “validation_error” , “status_message” : “<detailed
                validation error description” }

404

fail

{“status” :”api_not_found” ,”status_message” :”api sample does not
                 exist”}

Update flow control for a server of an API (POST)

Request
`POST`	`/v4/ase/firewall/flowcontrol/server?api_id=<api_name>`
`x-ase-access-key`	`<Access Key>`
`x-ase-secret-key`	`<Secret Key>`
`Accept`	`application/json`

REST APIs:

{
 "server":
 {
 "host": "127.0.0.2",
 "port": 8080,
 "server_connection_quota": 1000,
 "server_spike_threshold": "10/second"
 }
}

WebSocket APIs:

{
 "server":
 {
 "host": "127.0.0.2",
 "port": 8080,
 "server_connection_quota": 100000
 }
}

HTTP Code Status Content body (application/JSON)

Response
HTTP Code	Status	Content body (application/JSON)
`200`	`success`	`{ "status": "success", "status_message": "server updated successfully" }`
`403`	`fail`	`{“status” : “validation_error” , “status_message” : “<detailed validation error description” }`
`404`	`fail`	`{“status” :”api_not_found” ,”status_message” :”api sample does not exist”}`

200

success

{
 "status": "success",
 "status_message": "server updated successfully"
}

403

fail

{“status” : “validation_error” , “status_message” : “<detailed
                validation error description” }

404

fail

{“status” :”api_not_found” ,”status_message” :”api sample does not
                 exist”}