API standard and pre-built SDKs in multi-language
The OpenAPI specification of this product (waf-openapi/2021-10-01) follows the RPC standard. Alibaba Cloud provides pre-built SDKs for popular programming languages to abstract low-level complexities such as request signing. This enables developers to call APIs using language-specific syntax without dealing with HTTP details directly.
Custom signature
If your specific needs, such as a customized signature, are not supported by the SDK, manually sign requests using the signature mechanism. Note that manual signing requires significant effort (usually about 5 business days). For support, join our DingTalk group (ID: 78410016550).
Before you begin
An Alibaba Cloud account has full administrative privileges. A compromised AccessKey pair exposes all associated resources to unauthorized access, posing a significant security risk. Create a Resource Access Management (RAM) user with API-only access and use RAM policies to apply the principle of least privilege (PoLP). Alibaba Cloud accounts are only used when explicitly required.
To call APIs securely, configure the following:
A RAM user account
An AccessKey pair for the account
Instance information
|
API |
Title |
Description |
| CreatePostpaidInstance | CreatePostpaidInstance | Creates a pay-as-you-go Web Application Firewall (WAF) 3.0 instance. |
| DescribeInstance | DescribeInstance | Queries the details of a Web Application Firewall (WAF) instance within the current Alibaba Cloud account. |
| ReleaseInstance | ReleaseInstance | Releases a Web Application Firewall (WAF) 3.0 instance. |
Website Configuration
|
API |
Title |
Description |
| Cloud Native | Cloud Native | |
| SyncProductInstance | SyncProductInstance | Synchronizes Elastic Compute Service (ECS), Classic Load Balancer (CLB), and Network Load Balancer (NLB) instances to Web Application Firewall (WAF). |
| DescribeCloudResources | DescribeCloudResources | Queries cloud service resources that are added to Web Application Firewall (WAF). |
| DescribeProductInstances | DescribeProductInstances | Queries synchronized cloud service instances. |
| DescribeResourceSupportRegions | DescribeResourceSupportRegions | Queries the list of regions supported by cloud native mode, primarily for CLB and ECS products. |
| DescribeResourceRegionId | DescribeResourceRegionId | Queries the region IDs of the resources that are added to Web Application Firewall (WAF) by using the SDK integration mode. The resources refer to Application Load Balancer (ALB) and Microservices Engine (MSE) instances. |
| DescribeResourceInstanceCerts | DescribeResourceInstanceCerts | Queries the certificates that are used in cloud service instances. The certificates returned include the certificates within the delegated administrator account and the certificates within members to which specific instances belong. For example, the delegated administrator account has certificate 1, instance lb-xx-1 belongs to member B, and member B has certificate 2. If you specify instance lb-xx-1 in the request, certificate 1 and certificate 2 are returned. |
| CreateCloudResource | CreateCloudResource | Adds a service to Web Application Firewall (WAF). This operation is supported only for the Elastic Compute Service (ECS) and Classic Load Balancer (CLB) services. |
| ModifyCloudResource | ModifyCloudResource | Modifies the configurations of a service that is added to Web Application Firewall (WAF). |
| DeleteCloudResource | DeleteCloudResource | Removes a service from Web Application Firewall (WAF). This operation is supported for only the Elastic Compute Service (ECS) and Classic Load Balancer (CLB) services. |
| DescribeCloudResourceAccessedPorts | DescribeCloudResourceAccessedPorts | Queries the ports of the cloud service that is added to Web Application Firewall (WAF). This operation is supported for only Elastic Compute Service (ECS) and Classic Load Balancer (CLB). |
| DescribeCloudResourceAccessPortDetails | DescribeCloudResourceAccessPortDetails | Queries a port of the cloud service that is added to Web Application Firewall (WAF). This operation is supported for only Elastic Compute Service (ECS) and Classic Load Balancer (CLB). |
| CNAME access | CNAME access | |
| CreateDomain | CreateDomain | Adds a domain name to Web Application Firewall (WAF). |
| ModifyDomain | ModifyDomain | Modifies the configurations of a domain name that is added to Web Application Firewall (WAF) in CNAME record mode. |
| DeleteDomain | DeleteDomain | Deletes a domain name that is added to Web Application Firewall (WAF). |
| DescribeDomains | DescribeDomains | Queries the domain names that are added to Web Application Firewall (WAF). |
| DescribeDomainDetail | DescribeDomainDetail | Queries the details of a domain name that is added to Web Application Firewall (WAF). |
| DescribePunishedDomains | DescribePunishedDomains | Queries a list of domain names that are added to Web Application Firewall (WAF) and penalized for failing to obtain an Internet Content Provider (ICP) filing. |
| ModifyDomainPunishStatus | ModifyDomainPunishStatus | Re-adds a domain name that is penalized for failing to obtain an Internet Content Provider (ICP) filing to Web Application Firewall (WAF). |
| DescribeCertDetail | DescribeCertDetail | Queries the details of a certificate, such as the certificate name, expiration time, issuance time, and associated domain name. |
| DescribeCerts | DescribeCerts | Queries the certificates issued for your domain names that are added to Web Application Firewall (WAF). |
| DescribeDomainDNSRecord | DescribeDomainDNSRecord | Checks whether the Domain Name System (DNS) settings of a domain name are properly configured. |
| DescribeWafSourceIpSegment | DescribeWafSourceIpSegment | Queries the back-to-origin CIDR blocks of a Web Application Firewall (WAF) instance. |
| DescribeResourcePort | DescribeResourcePort | Queries the ports of a cloud service instance that are added to Web Application Firewall (WAF). |
| DescribeDDoSStatus | DescribeDDoSStatus | Checks whether DDoS attacks occur on specific domain names protected by a Web Application Firewall (WAF) instance. |
| CreateSM2Cert | CreateSM2Cert | Uploads a ShangMi (SM) certificate for a domain name that is added to Web Application Firewall (WAF) in CNAME record mode. |
| DescribeCnameCount | DescribeCnameCount | Queries the total number of domain names that are added to Web Application Firewall (WAF) in CNAME record mode and hybrid cloud reverse proxy mode. |
| DescribeDefaultHttps | DescribeDefaultHttps | Queries the default SSL and Transport Layer Security (TLS) settings. |
| ModifyDefaultHttps | ModifyDefaultHttps | Modifies the default Secure Sockets Layer (SSL) and Transport Layer Security (TLS) settings. |
| Hybrid Cloud | Hybrid Cloud | |
| DescribeHybridCloudResources | DescribeHybridCloudResources | Queries the domain names that are added to a Web Application Firewall (WAF) instance in hybrid cloud mode. |
Protection Configurations
|
API |
Title |
Description |
| Protected objects | Protected objects | |
| CreateDefenseResourceGroup | CreateDefenseResourceGroup | Creates a protected object group. |
| ModifyDefenseResourceGroup | ModifyDefenseResourceGroup | Modifies the configurations of a protected object group. |
| DeleteDefenseResourceGroup | DeleteDefenseResourceGroup | Deletes a protected object group. |
| DescribeDefenseResourceGroup | DescribeDefenseResourceGroup | Queries the information about a protected object group. |
| DescribeDefenseResourceGroups | DescribeDefenseResourceGroups | Performs a pagination query to retrieve the information about protected object groups. |
| DescribeDefenseResourceGroupNames | DescribeDefenseResourceGroupNames | Queries the names of protected object groups. |
| DescribeDefenseResource | DescribeDefenseResource | Queries the information about a protected object. |
| DescribeDefenseResources | DescribeDefenseResources | Queries protected objects by page. |
| DescribeDefenseResourceNames | DescribeDefenseResourceNames | Performs a pagination query to retrieve the names of protected objects. |
| ModifyDefenseResourceXff | ModifyDefenseResourceXff | Modifies the cookie settings of a protected object and the method to identify the originating IP addresses of clients. |
| DescribePauseProtectionStatus | DescribePauseProtectionStatus | Queries the protection status of Web Application Firewall (WAF). |
| Protection rules | Protection rules | |
| ModifyDefenseRuleCache | ModifyDefenseRuleCache | Updates the cached page of a website that is protected based on a website tamper-proofing rule. |
| DescribeDefenseResourceTemplates | DescribeDefenseResourceTemplates | Queries the protection templates that are associated with a protected object or protected object group. |
| DescribeDefenseTemplateValidGroups | DescribeDefenseTemplateValidGroups | Queries the names of protected object groups for which a protection template can take effect. |
| DescribeDefenseTemplates | DescribeDefenseTemplates | Performs a paging query to retrieve protection templates. |
| CreateDefenseTemplate | CreateDefenseTemplate | Creates a protection rule template. |
| CopyDefenseTemplate | CopyDefenseTemplate | Creates a new protection template from the copy. |
| ModifyDefenseTemplate | ModifyDefenseTemplate | Modifies the configurations of a protection rule template. |
| DescribeDefenseTemplate | DescribeDefenseTemplate | Queries a protection rule template. |
| ModifyDefenseTemplateStatus | ModifyDefenseTemplateStatus | Changes the status of a protection rule template. |
| DeleteDefenseTemplate | DeleteDefenseTemplate | Deletes a protection rule template. |
| CreateDefenseRule | CreateDefenseRule | Creates a protection rule. |
| ModifyDefenseRule | ModifyDefenseRule | Modifies the configuration of a protection rule. |
| ModifyDefenseRuleStatus | ModifyDefenseRuleStatus | Changes the status of a protection rule. |
| DeleteDefenseRule | DeleteDefenseRule | Deletes a protection rule. |
| DescribeDefenseRule | DescribeDefenseRule | Queries a protection rule. |
| DescribeDefenseRules | DescribeDefenseRules | Queries protection rules in a paginated format. |
| ModifyTemplateResources | ModifyTemplateResources | Associates or disassociates a protected object or protected object group with or from a protection rule template. |
| DescribeTemplateResources | DescribeTemplateResources | Queries the resources that are associated to a protection rule template. |
| DescribeTemplateResourceCount | DescribeTemplateResourceCount | Queries the number of protected resources for which a protection template takes effect. |
| DescribeRuleGroups | DescribeRuleGroups | Queries regular expression rule groups by page. |
API security
|
API |
Title |
Description |
| DeleteApisecAbnormals | DeleteApisecAbnormals | Deletes multiple risks detected by the API security module at a time. |
| ModifyApisecAbnormals | ModifyApisecAbnormals | Modifies the status of multiple risks detected by the API security module at a time. |
| DescribeApisecAssetTrend | DescribeApisecAssetTrend | Queries the asset trends in the API security module. |
| DescribeApisecAbnormalDomainStatistic | DescribeApisecAbnormalDomainStatistic | Queries the statistics on domain names on which risks are detected by the API security module. |
| DescribeApisecEventDomainStatistic | DescribeApisecEventDomainStatistic | Queries the statistics on domain names on which security events are detected by the API security module. |
| DescribeApisecSensitiveDomainStatistic | DescribeApisecSensitiveDomainStatistic | Queries the statistics on domain names on which sensitive data is detected by the API security module. |
| ModifyApisecEvents | ModifyApisecEvents | Modifies the status of multiple security events detected by the API security module at a time. |
| DeleteApisecEvents | DeleteApisecEvents | Deletes multiple security events detected by the API security module at a time. |
| ModifyApisecLogDeliveryStatus | ModifyApisecLogDeliveryStatus | Modifies the status of API security log subscription. |
| CreateApiExport | CreateApiExport | Creates a data export task in the API security module. |
| DescribeApiExports | DescribeApiExports | Queries the list of data export tasks in the API security module. |
| DescribeApisecAbnormals | DescribeApisecAbnormals | Queries the list of API security risks. |
| DescribeApisecApiResources | DescribeApisecApiResources | Queries API assets in the API security module. |
| ModifyApisecStatus | ModifyApisecStatus | Changes the status of the API security module for protected objects or protected object groups. |
| ModifyApisecModuleStatus | ModifyApisecModuleStatus | Changes the status of features in the API security module for protected objects or protected object groups. |
| ModifyApisecApiResource | ModifyApisecApiResource | Modifies the annotations of APIs in the API security module. |
| DescribeUserEventType | DescribeUserEventType | Queries the types and statistics of security events in the API security module. |
| DescribeUserEventTrend | DescribeUserEventTrend | Queries the trends of attacks detected by the API security module. |
| DescribeUserAsset | DescribeUserAsset | Queries the user asset statistics in the API security module. |
| DescribeUserApiRequest | DescribeUserApiRequest | Queries the traffic statistics of an API. |
| DescribeUserAbnormalType | DescribeUserAbnormalType | Queries the types and statistics of risks in the API security module. |
| DescribeUserAbnormalTrend | DescribeUserAbnormalTrend | Queries the trends of API security risks. |
| DescribeSensitiveStatistic | DescribeSensitiveStatistic | Queries the sensitive data statistics of the tracing and auditing feature. |
| DescribeSensitiveRequests | DescribeSensitiveRequests | Queries the tracing results of sensitive data. |
| DescribeSensitiveRequestLog | DescribeSensitiveRequestLog | Queries the access logs of sensitive data. |
| DescribeSensitiveOutboundTrend | DescribeSensitiveOutboundTrend | Queries the trends of cross-border data transfer of personal information. |
| DescribeSensitiveOutboundStatistic | DescribeSensitiveOutboundStatistic | Queries the data types of personal information involved in cross-border data transfer. |
| DescribeSensitiveOutboundDistribution | DescribeSensitiveOutboundDistribution | Queries the traffic distribution of personal information records involved in cross-border data transfer. |
| DescribeSensitiveDetectionResult | DescribeSensitiveDetectionResult | Queries the compliance check results of API security. |
| DescribeSensitiveApiStatistic | DescribeSensitiveApiStatistic | Queries the personal information-related APIs and domain names. |
| DescribeFreeUserEvents | DescribeFreeUserEvents | Queries the list of security events on which basic detection is performed in the API security module. |
| DescribeFreeUserEventTypes | DescribeFreeUserEventTypes | Queries the types of security events on which basic detection is performed in the API security module. |
| DescribeFreeUserEventCount | DescribeFreeUserEventCount | Queries the statistics of security events that are detected by using the basic detection feature of the API security module. |
| DescribeFreeUserAssetCount | DescribeFreeUserAssetCount | Queries the asset statistics provided by basic detection in the API security module. |
| DescribeApisecUserOperations | DescribeApisecUserOperations | Queries user operation records in the API security module. |
| DescribeApisecSuggestions | DescribeApisecSuggestions | Queries the protection suggestions for APIs. |
| DescribeApisecStatistics | DescribeApisecStatistics | Queries the statistics of API security-related risks and events. |
| DescribeApisecRules | DescribeApisecRules | Queries the policies configured in the API security module. |
| DescribeApisecProtectionResources | DescribeApisecProtectionResources | Queries the list of protected objects to which API security policies are applied. |
| DescribeApisecProtectionGroups | DescribeApisecProtectionGroups | Queries the list of protected object groups to which API security policies are applied. |
| DescribeApisecMatchedHosts | DescribeApisecMatchedHosts | Queries the list of domain names detected in the API security module. |
| DescribeApisecEvents | DescribeApisecEvents | Queries API security events. |
Report information
|
API |
Title |
Description |
| DescribeNetworkFlowTimeSeriesMetric | DescribeNetworkFlowTimeSeriesMetric | Retrieves time-series data for all network traffic, including both malicious and legitimate requests. |
| DescribeSecurityEventTopNMetric | DescribeSecurityEventTopNMetric | Queries top N data entries of attack traffic. The system performs statistical aggregation on attack traffic from specific dimensions and returns top N data entries. |
| DescribeSecurityEventTimeSeriesMetric | DescribeSecurityEventTimeSeriesMetric | Queries the time series data of attack traffic. Attack requests refer to requests that match protection rules and are identified as risky. |
| DescribeSecurityEventLogs | DescribeSecurityEventLogs | Queries the logs of attack traffic. Each log records the details of a request that matches protection rules. |
| DescribeNetworkFlowTopNMetric | DescribeNetworkFlowTopNMetric | Retrieves top aggregated traffic statistics, sorted by various dimensions, including malicious and legitimate requests. |
| DescribeFlowChart | DescribeFlowChart | Queries the traffic statistics of requests that are forwarded to Web Application Firewall (WAF). |
| DescribePeakTrend | DescribePeakTrend | Queries the queries per second (QPS) statistics of a WAF instance. |
| DescribeResponseCodeTrendGraph | DescribeResponseCodeTrendGraph | Queries the trend of the number of error codes that are returned to clients or Web Application Firewall (WAF). The error codes include 302, 405, 444, 499, and 5XX. |
| DescribeVisitUas | DescribeVisitUas | Queries the top 10 user agents that are used to initiate requests. |
| DescribeVisitTopIp | DescribeVisitTopIp | Queries the top 10 IP addresses from which requests are sent. |
| DescribeRuleHitsTopResource | DescribeRuleHitsTopResource | Queries the top 10 protected objects that trigger protection rules. |
| DescribeRuleHitsTopRuleId | DescribeRuleHitsTopRuleId | Queries the IDs of the top 10 protection rules that are matched by requests. |
| DescribeRuleHitsTopTuleType | DescribeRuleHitsTopTuleType | Queries the top 10 protection modules that are matched. |
| DescribeRuleHitsTopUrl | DescribeRuleHitsTopUrl | Queries the top 10 URLs that trigger protection rules. |
| DescribeRuleHitsTopClientIp | DescribeRuleHitsTopClientIp | Queries the top 10 IP addresses from which attacks are initiated. |
| DescribeFlowTopResource | DescribeFlowTopResource | Queries the top 10 protected objects that receive requests. |
| DescribeRuleHitsTopUa | DescribeRuleHitsTopUa | Queries the top 10 user agents that are used to initiate attacks. |
| DescribeFlowTopUrl | DescribeFlowTopUrl | Queries the top 10 URLs that are used to initiate requests. |
Log configurations
|
API |
Title |
Description |
| DescribeUserSlsLogRegions | DescribeUserSlsLogRegions | Queries available regions for log storage. |
| DescribeUserWafLogStatus | DescribeUserWafLogStatus | Queries the status, region ID, and status modification time of Web Application Firewall (WAF) logs. |
| DescribeSlsAuthStatus | DescribeSlsAuthStatus | Queries whether Web Application Firewall (WAF) is authorized to access Logstores. |
| DescribeSlsLogStoreStatus | DescribeSlsLogStoreStatus | Queries the status of a Simple Log Service Logstore. |
| DescribeSlsLogStore | DescribeSlsLogStore | Queries information about a Logstore, such as the total capacity, storage duration, and used capacity. |
| ModifyResourceLogStatus | ModifyResourceLogStatus | Enables or disables the log collection feature for a protected object. |
| DescribeResourceLogStatus | DescribeResourceLogStatus | Queries whether the log collection feature is enabled for a protected object. |
Hybrid Cloud Cluster Management
|
API |
Title |
Description |
| DescribeHybridCloudServerRegions | DescribeHybridCloudServerRegions | Queries information about the regions that the hybrid cloud mode supports, such as the Internet service providers (ISPs), continents, and cities. |
| DescribeHybridCloudUnassignedMachines | DescribeHybridCloudUnassignedMachines | Queries servers that are not assigned to a hybrid cloud cluster. |
| ModifyHybridCloudClusterBypassStatus | ModifyHybridCloudClusterBypassStatus | Enables or disables manual bypass for a hybrid cloud cluster whose type is set to SDK Integration Mode. |
| DescribeHybridCloudUser | DescribeHybridCloudUser | Queries the HTTP and HTTPS ports that you can use when you add a domain name to Web Application Firewall (WAF) in hybrid cloud mode. |
| DescribeHybridCloudGroups | DescribeHybridCloudGroups | Queries the hybrid cloud node groups that are added to Web Application Firewall (WAF). |
Multi Account Management
|
API |
Title |
Description |
| CreateMemberAccounts | CreateMemberAccounts | Adds members to use the multi-account management feature of Web Application Firewall (WAF). |
| ModifyMemberAccount | ModifyMemberAccount | Modifies the information about members that are added for multi-account management. |
| DeleteMemberAccount | DeleteMemberAccount | Removes the members that are added for multi-account management in Web Application Firewall (WAF). |
| DescribeAccountDelegatedStatus | DescribeAccountDelegatedStatus | Queries whether an Alibaba Cloud account is the delegated administrator account of a Web Application Firewall (WAF) instance. |
| DescribeMemberAccounts | DescribeMemberAccounts | Queries information about members. |
Resource Group Management
|
API |
Title |
Description |
| ChangeResourceGroup | ChangeResourceGroup | Changes the resource group to which a protected object belongs. |
Tag Management
|
API |
Title |
Description |
| ListTagKeys | ListTagKeys | Queries tag keys. |
| UntagResources | UntagResources | Removes tags from resources and then deletes the tags. |
| ListTagResources | ListTagResources | Queries the tags that are added to a resource. |
| ListTagValues | ListTagValues | Queries the tag values of a tag key. |
| TagResources | TagResources | Adds tags to resources. |
Others
|
API |
Title |
Description |
| ClearMajorProtectionBlackIp | ClearMajorProtectionBlackIp | Clears an IP address blacklist for major event protection. |
| CreateMajorProtectionBlackIp | CreateMajorProtectionBlackIp | Creates an IP address blacklist for major event protection. |
| DeleteMajorProtectionBlackIp | DeleteMajorProtectionBlackIp | Deletes an IP address blacklist for major event protection. |
| DescribeMajorProtectionBlackIps | DescribeMajorProtectionBlackIps | Queries IP addresses in an IP address blacklist for major event protection by page. |
| ModifyMajorProtectionBlackIp | ModifyMajorProtectionBlackIp | Modifies an IP address blacklist for major event protection. |