Set API request body and resource constraints

If you’re a Kona Site Defender (KSD) customer, you can specify the API request body and resource constraints that you want to enforce as whitelists in your KSD security policies. This optional feature protects your API from excessively large requests.

How to

  1. On the Register new API page, in the API request body and resource constraints panel, set the Yes/No switch to Yes.
    By setting this switch to Yes, you instruct KSD to respect any resource-level constraints specified in the API resources panel.
  2. Expand the Request body content maximum values node.
    A group of configuration parameters appears.
  3. From the Request body content menu, select the content type expected from the API request body.
  4. In the Max number of JSON members or XML elements field, enter the maximum number of JSON or XML elements allowed in the request body.
  5. In the Max length for any string value field, enter the maximum allowed string value length.
  6. In the Max integer value field, enter the maximum allowed integer value.
  7. In the Max length for any JSON member or XML element field, enter the maximum allowed JSON or XML element length.
  8. In the Max body size (bytes) field, enter the maximum allowed body size in bytes.
  9. In the Max nesting depth field, enter the maximum number of nested JSON objects or XML elements allowed in the request body.