The Cequence Unified API Protection (UAP) platform's API Edge supports two APIs.
API transaction API
The /api-transaction API uses the following data format.
{
"timestamp" : "string. Timestamp in Unix epoch",
"version" : "string. Format version. Default: 1.0",
"transaction-id" : "string. Unique identifier. Example: nginx req-id",
"request" : { ... },
"response" : { ... },
"txn-meta-data" : {
"source_info" : {
"version" : "string. Identifies source device or plugin version",
"type" : "string. Identifies source element type (defender, sensor, apigee, etc.)",
"pool_id" : "string. Identifies source pool or group ID",
"instance_id" : "string. Identifies individual source element. Example: def-1, sensor-2"
},
"filter_info" : {
"filter_name" : "string. Identifies the filter applied for allowed traffic"
},
"sdp_info" : {
"skipped": false,
"found": 2,
"transformed": 1,
"locations": [{
"name": "CREDIT_CARD",
"type": "SDE | NLP",
"location": "REQUEST_BODY",
"field": "accounts.0.cardNumber",
"start": "0",
"end": "12"
}]
},
"data_extractions" : { }
}
}
The request field has the following data format.
{
"client-ip": "string. Optional. Client IP address. See the Client IP extraction section",
"http-scheme" : "string. Optional. Indicates the protocol scheme. Defaults to https",
"http-version": "string. Optional. HTTP version of the request",
"http-method" : "string. Required. HTTP method",
"uri-query-fragment" : "string. Required. URI path including query parameters and fragment",
"host" : "string. URI host",
"connection": {
"connection-ip": "string. Required. IP address of the connecting system (typically load balancer or client)",
"connection-port": "uint16. Optional. Port of the connecting system",
"server-ip": "string. Required. IP address of the system that terminated the HTTP request (or proxy IP)",
"server-port": "uint16. Optional. Port of the system that terminated the HTTP request",
"transaction-depth": "uint16. Optional. Pipeline depth into the connection of this request/response transaction",
"ssl-signature": "string. Optional. Client's SSL signature (SHA1 of client version and cipher bytes)",
"ssl-cipher-bytes": "string. Optional. SSL cipher bytes from SSL client hello. Base64 encoded",
"ssl-extensions-bytes": "string. Optional. SSL extensions bytes from SSL client hello. Base64 encoded"
},
"headers": [
"header-name1 : header-value1",
"header-name2 : header-value2"
],
"body": {
"length": "uint32. Required. Length in bytes",
"data": "string. Required. Body bytes encoded in Base64 (assumes decoded data is UTF-8)"
}
}
The response field has the following data format.
{
"status-code" : "string. Required. HTTP status code sent to the client",
"headers" : [
"header-name1 : header-value1",
"header-name2 : header-value2"
],
"body" : {
"length" : "uint32. Required. Length in bytes",
"data" : "string. Required. Body bytes encoded in Base64 (assumes decoded data is UTF-8)"
}
}
API transactions API
The /api-transactions API supports batch submission and uses the following wrapper format.
{
"data" : [
{ "txn1" },
{ "txn2" }
]
}
Each transaction within the data array uses the same format documented in the API transaction API section.
Client IP address extraction
When the request field contains a client-ip value that is populated, that value is used as the client IP address. This assumes the sender has already extracted the client IP address.
When the client-ip field is empty, contains a hyphen (-), or is not set, the system attempts to extract the client IP address by checking headers listed in the real-IP configuration. The first header in that list that contains a value becomes the client IP address. For details on the client IP address extraction algorithm, see the Client-IP Lookup documentation.