Set API request body and resource constraints

Once you register your API with Akamai and Kona Site Defender (KSD) is in your contract, you can turn on and define API request body and resource constraints. KSD then uses a positive security model to enforce these constraints on incoming API requests and alerts you on or denies an invalid request. Among other advantages, this lets you prevent API consumers from sending excessively large requests to your API.

How to

  1. On the Register new API page, in the API request body and resource constraints panel, set the Yes/No switch to Yes.
    By setting this switch to Yes, you also instruct KSD to respect any resource-level constraints specified in the API resources panel.
  2. Expand the Request body content maximum values node.
  3. From the Request body content menu, select the content type expected from the API request body.
  4. In the Max number of JSON members or XML elements field, enter the maximum number of JSON or XML elements allowed in the request body.
  5. In the Max length for any string value field, enter the maximum allowed string value length.
  6. In the Max integer value field, enter the maximum allowed integer value.
  7. In the Max length for any JSON member or XML element field, enter the maximum allowed JSON or XML element length.
  8. In the Max body size (bytes) field, enter the maximum allowed body size in bytes.
  9. In the Max nesting depth field, enter the maximum number of nested JSON objects or XML elements allowed in the request body.