1. Overview

WAAS can enforce API security based on specifications provided in the form of Swagger or OpenAPI files. Alternatively, you can manually define your API (e.g., paths, allowed HTTP methods, parameter names, input types, value ranges, and so on). Once defined, you can configure the actions WAAS applies to requests that do not comply with the API’s expected behavior.

Users should be careful when enabling Prisma Session Cookies along with API protection. Prisma Session Cookies mandates client’s support of cookies and javascript in order for them to reach the protected application. As APIs are often accessed by "primitive" automation clients, avoid enabling Prisma Session Cookies unless you are certain all clients accessing the protected API support BOTH cookies AND Javascript.

2. Import API definition from Swagger or OpenAPI files

  1. Click the App definiton tab.

    waas app definition
  2. Click Import.

    waas import api
  3. Select a file to load.

  4. Click the API protection tab.

    waas api protection tab
  5. Review path and parameter definitions listed under API Resources.

  6. Click the Endpoint setup tab.

    waas endpoint setup tab
  7. Review protected endpoints listed under Protected Endpoints and verify configured base paths all end with a trailing *.

    Base path in the endpoint definition should always end with a * e.g. "/*", "/api/v2/*". If not configured that way, API protection will not apply to sub-paths defined in the API protection tab.
  8. Go back to the API protection tab.

    waas api protection config actions
  9. Configure an API protection action for the resources defined under API resources, and an action for all other resources.

    waas api protection action

3. Define an API manually

  1. Click the App definiton tab.

    waas app definition
  2. Click the Endpoint setup tab.