This page applies to Apigee and Apigee hybrid.
View
Apigee Edge documentation.
This page describes how to manage security actions using the Apigee Management APIs. For an overview of the security actions functionality, including limitations and latencies, see the Security actions overview and UI.
You can access all of the security actions features through the Apigee Management APIs. See the Security Actions API reference for information on all of the available commands. This page shows examples of some of the available commands.
Variables used in examples
The examples on this page can include these variables:
ORG
is the organization.ENV
is the environment for the security action.ACTION_NAME
is the name of the security action.
Create security actions
This section provides examples for how to create security actions with different action types.
Create a deny action
To create a deny action, enter a command similar to the following:
curl -X POST "https://apigee.googleapis.com/v1/organizations/ORG/environments/ENV/securityActions?security_action_id=ACTION_NAME \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{"state": "ENABLED", "deny": {"response_code": 404}, "condition_config": {"ip_address_ranges": ["100.0.225.0"]}}'
This creates a security action that denies access to requests to the IP addresses listed after
ip_address_ranges
and returns a response code 404
.
Create a flag action
To create a flag action, enter a command similar to the following:
curl -X POST "https://apigee.googleapis.com/v1/organizations/ORG/environments/ENV/securityActions?security_action_id=ACTION_NAME" \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{"state": "ENABLED", "flag": {"headers": [{"name": "senseflag", "value": "flagvalue"}]}, "condition_config": {"ip_address_ranges": ["100.0.230.0"]}}'
This creates a security action that flags requests from the IP addresses listed after
ip_address_ranges
and adds a header senseflag
with value flagvalue
.
Create an allow action
To create an allow action, enter a command similar to the following:
curl -X POST "https://apigee.googleapis.com/v1/organizations/ORG/environments/ENV/securityActions?security_action_id=ACTION_NAME \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{"state": "ENABLED", "allow": {}, "condition_config": {"ip_address_ranges": ["100.0.220.0", "200.0.0.0"]}}'
This creates a security action that allows requests from the IP addresses listed after
ip_address_ranges
.
Edit security actions
This section provides an example for how to edit an existing security action configuration. See Enable or disable a security action or Delete a security action to see examples for those types of changes.
Edit a deny action
This section shows an example for editing a deny action. The APIs also support editing the other action types.
update_mask
can include any of these options: description,condition_config,
api_proxies,expire_time,ttl,flag,allow,deny,*
(everything), or omitted
(defaults to everything).
See the Security Actions API reference documentation for more information about potential values when editing actions.
curl -X PATCH "https://apigee.googleapis.com/v1/organizations/ORG/environments/ENV/securityActions/ACTION_NAME?update_mask=deny,condition_config" \ -H "Authorization: Bearer $TOKEN" \ -d '{"deny": {"response_code": 404}, "condition_config": {"ip_address_ranges": ["100.0.230.0"]}}' \ -H "Content-Type: application/json" { "name": "ACTION_NAME", "state": "ENABLED", "createTime": "2022-12-29T18:28:50Z", "updateTime": "2022-12-29T18:28:50Z", "conditionConfig": { "ipAddressRanges": [ "100.0.230.0" ] }, "deny": { "responseCode": 404 } }
Enable or disable a security action
The following examples show API calls to enable or disable security actions.
Enable a security action
To enable a security action, enter a command similar to the following:
curl -X POST "https://apigee.googleapis.com/v1/organizations/ORG/environments/ENV/securityActions/ACTION_NAME:enable" -H "Authorization: Bearer $TOKEN"
This returns a response like the following:
{ "name": "ACTION_NAME", "state": "ENABLED", "createTime": "2022-12-29T18:27:31Z", "updateTime": "2023-01-03T23:19:26.650965481Z", "conditionConfig": { "ipAddressRanges": [ "100.0.220.0", "200.0.0.0" ] }, "allow": {}, "expireTime": "2028-01-01T00:00:00Z" }
Disable a security action
To disable a security action, enter a command similar to the following:
curl -X POST "https://apigee.googleapis.com/v1/organizations/ORG/environments/ENV/securityActions/ACTION_NAME:disable" -H "Authorization: Bearer $TOKEN"
This returns a response like the following:
{ "name": "actionallow", "state": "DISABLED", "createTime": "2022-12-29T18:27:31Z", "updateTime": "2023-01-03T23:13:04.874540001Z", "conditionConfig": { "ipAddressRanges": [ "100.0.220.0", "200.0.0.0" ] }, "allow": {}, "expireTime": "2028-01-01T00:00:00Z" }
Get or list security actions
The following examples show how to get or list security actions
Get a security action
To get a security action, enter a command similar to the following:
curl -X GET "https://apigee.googleapis.com/v1/organizations/ORG/environments/ENV/securityActions/ACTION_NAME" -H "Authorization: Bearer $TOKEN"
This returns a response like the following:
{ "name": "ACTION_NAME", "state": "DISABLED", "createTime": "2022-12-29T18:27:31Z", "updateTime": "2023-01-03T23:13:04Z", "conditionConfig": { "ipAddressRanges": [ "100.0.220.0", "200.0.0.0" ] }, "allow": {}, "expireTime": "2028-01-01T00:00:00Z" }
List security actions
To list all security actions, enter a command similar to the following:
curl -X GET "https://apigee.googleapis.com/v1/organizations/ORG/environments/ENV/securityActions" -H "Authorization: Bearer $TOKEN"
Pause or resume security actions
The following examples show how to pause or resume security actions
Pause all security actions
To Pause all security actions, enter a command similar to the following:
curl -X PATCH "https://apigee.googleapis.com/v1/organizations/ORG/environments/ENV/securityActionsConfig" \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{"enabled": "false", "name": "organizations/ORG/environments/ENV/securityActionsConfig"}'
This returns a response like the following:
{ "name": "organizations/ORG/environments/ENV/securityActionsConfig", "enabled": false, "updateTime": "2023-01-23T21:44:58.063807Z" }
Resume paused security actions
To resume paused security actions, enter a command similar to the following:
curl -X PATCH "https://apigee.googleapis.com/v1/organizations/ORG/environments/ENV/securityActionsConfig" \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{"enabled": "true", "name": "organizations/ORG/environments/ENV/securityActionsConfig"}'
This returns a response like the following:
{ "name": "organizations/ORG/environments/ENV/securityActionsConfig", "enabled": true, "updateTime": "2023-01-23T21:44:58.063807Z" }
Delete security actions
To delete a security action, enter a command similar to the following:
curl -X DELETE "https://apigee.googleapis.com/v1/organizations/ORG/environments/ENV/securityActions/ACTION_NAME" -H "Authorization: Bearer $TOKEN"