Index

Overview
Support
Changelog
Authentication
Account API
Users API
Sites API
Reports API
Raw Logs API
Origin Shield API
SSL API

Overview

Welcome to the StackPath API Docs. Do the following to get started:

Login to the StackPath Control Panel
Create a new application

Support

Have a question? Check out our Knowledge Base to see if your question has already been answered.
Still need help? Found a bug or security issue? Visit our Contact Page to get in touch.
Feel free to Tweet and follow us @StackPath.

Changelog

2017-11-11 Correct WAF endpoint documentation

2017-01-04 Correct raw log and SSL endpoint definition

2016-08-15 Added WAF endpoints

2016-08-12 Rebranded to StackPath

2016-05-19 Updated docs for HTTP/2

2015-09-10 Updated docs for Reseller API

2015-07-27 Updated validation for use_stale

2015-03-06 Added ssl, ssl_sni, and geo_enabled flags for Pull Zones

2015-01-19 Added account-level SSL

2014-12-18 Removed Live Zone API documentation (EOL)

2014-12-09 Added new Origin Shield API documentation

2014-10-20 Updated description for use_stale

2014-07-16 Added SNI option on SSL Installation

2014-07-11 Updated PHP and .NET libs

2014-06-30 Add RUM code for webperf measuring

2014-06-24 Updated BootstrapCDN and favicon urls

2014-06-20 Removed create Live Zone endpoint (EOL)

2014-06-19 Removed links outdated Perl and .NET SDKs, added Go SDK (beta)

2014-06-13 Updated all URL endpoints to api.stackpath.com

2014-06-10 Added documentation for the Raw Logs API

2014-05-19 Added feature "SPDY" to Pull and Push Zone settings

2014-04-15 Added new MIME type for Pull Zone GZip compression: application/octet-stream

2014-04-10 Added feature "X-Forwarded-For" to Pull Zone settings

2014-03-05 Firefox bug fixes.

2014-03-05 Added stats per zone reporting endpoint

2014-03-03 Documented dns_check property of Pull Zones

2014-01-10 Minor grammatical fixes

2013-09-10 Rebranded for MaxCDN

2013-07-22 Added JSON responses to SSL

2013-07-09 Added Authentication section

2013-06-03 Fixed formatting and display issues

2013-06-02 Added Ruby code examples

2013-05-31 Added Python code examples

2013-05-29 Added Node code examples

2013-05-28 Added response examples

2013-05-25 Added PHP code examples

2013-03-29 Added "Bad Request" for purges without file(s) parameter in body

2013-03-14 Added .ie to the TLD validation

2013-03-12 Added single file purge to use cURL multi

2013-03-12 Fixed SSL Update Bug

2013-03-08 cURL multi purge files

2013-03-07 Fix 3-legged OAuth restriction

2013-01-16 Fixed SSL bug

2012-12-05 Added 2xx_hit calculation to all statuscodebyfilename reports

2012-02-27 Released alpha Version of RWS API.

Authentication

Auth-Overview

The first thing to do in order to use the StackPath REST Web Service is to register your application. Upon registration, your application will be issued a consumer key and secret which is similar to public and private keys used in ssh protocol. You will need to use this in conjunction with an OAuth library in the programming language of your choice.

OAuth defines three roles: client, server, and resource owner (nicknamed the OAuth Love Triangle by Leah Culver).

The StackPath REST Web Service supports both 2-legged and 3-legged authentication.

3-legged OAuth is best used to allow 3rd party apps/services (e.g. Leftronic) access to a user’s profile - the user just needs to grant access to the app.

2-legged OAuth is more limited in that it only allows a consumer access to resources that belong to it, which can be useful for building a 3rd party app, a control panel where the consumer is a reseller, or an account with sub-accounts (this means the reseller/main account also has access to sub-account resources). This does not require any user intervention in the process.

3-legged OAuth

3-legged OAuth describes the scenario for which OAuth was originally developed: a resource owner wants to give a client access to a server without sharing their credentials (i.e. username/password). On a conceptual level it works in the following way:

Client has signed up to the server and received their client credentials (also known as “consumer key and secret”) ahead of time
User wants to give the client access to their protected resources on the server
Client retrieves the temporary credentials (also known as “request token”) from the server
Client redirects the resource owner to the server
Resource owner grants the client access to their protected resources on the server
Server redirects the user back to the client
Client uses the temporary credentials to retrieve the token credentials (also known as “access token”) from the server
Client uses the token credentials to access the protected resources on the server

2-legged OAuth

2-legged OAuth describes a typical client-server scenario, without any user involvement. On a conceptual level 2-legged OAuth simply consists of the first and last steps of 3-legged OAuth:

Client has signed up to the server and received their client credentials (also known as “consumer key and secret”)
Client uses their client credentials (and empty token credentials) to access the protected resources on the server

Registering Your Application

Signing Requests

All OAuth 1.0a requests use the same basic algorithm for creating a signature base string and a signature.

Request Tokens

The first step to authenticating a user is to obtain a request token from StackPath.

The end point for requesting a token is: https://api.stackpath.com/v1/oauth/request_token

User Authorization

The User Authorization step sends the user to the StackPath RWS authorization page, which grants your application privileges to use their account with the API. You will need the oauth_token from the previous step to complete this.

The endpoint for the authorization url is: https://api.stackpath.com/v1/oauth/authorize

Key: Path Parameters

Parameter	Description
`{companyalias}`	The alias used when creating the account
`{site_id}`	The id number of the Site
`{report_type}`	The format you want the reports summarized by — `hourly`, `daily`, or `monthly`. This value can be left blank to receive ungrouped totals

Account

Get Account

Gets account information

GET https://api.stackpath.com/v1/{companyalias}/account

Response Parameters

Parameter	Description
`id`	Account ID
`name`	The name of your account
`address_id`	Address ID
`alias`	Company Alias
`ssl_credits`	SSL Credits
`flex_credits`	Flex Location Credits
`date_created`	Date Created
`date_updated`	Date Updated

Update Account

Updates account information

PUT https://api.stackpath.com/v1/{companyalias}/account

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`name`	-	required length: 1-30 chars	The name of your account

Response Parameters

Parameter	Description
`id`	Account ID
`name`	The name of your account
`address_id`	Address ID
`alias`	Company Alias
`ssl_credits`	SSL Credits
`flex_credits`	Flex Location Credits
`date_created`	Date Created
`date_updated`	Date Updated

Get Account Address

Gets account address information

GET https://api.stackpath.com/v1/{companyalias}/account/address

Response Parameters

Parameter	Description
`id`	Address ID
`street1`	Street Address Line 1
`street2`	Street Address Line 2
`city`	City
`state`	State
`zip`	ZIP
`country`	Country Code
`date_created`	Date Created
`date_updated`	Date Updated

Update Account Address

Updates account address information

PUT https://api.stackpath.com/v1/{companyalias}/account/address

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`street1`	-	length: 1-200 chars	Street Address Line 1
`street2`	-	length: 1-200 chars	Street Address Line 2
`city`	-	length: 1-50 chars	City
`state`	-	length: 1-50 chars	State
`zip`	-	length: 3-5 chars; only digits accepted	ZIP
`country`	-	length: 2 chars	Country Code

Response Parameters

Parameter	Description
`id`	Address ID
`street1`	Street Address Line 1
`street2`	Street Address Line 2
`city`	City
`state`	State
`zip`	ZIP
`country`	Country Code
`date_created`	Date Created
`date_updated`	Date Updated

Users

List Users

Returns a list of all users on the specified account

GET https://api.stackpath.com/v1/{companyalias}/users

Response Parameters

Parameter	Description
`id`	User ID
`email`	Email Address
`firstname`	First Name
`lastname`	Last Name
`phone`	Phone Number
`timezone`	User’s Timezone
`date_last_login`	The date and time the user last logged into the system
`ip_last_login`	The IP for the user at the last login
`date_created`	Date Created
`date_updated`	Date Updated
`roles`	An array of roles for the given user

Create User

Creates a new user on the specified account

POST https://api.stackpath.com/v1/{companyalias}/users

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`email`	-	required length: 6-200 chars; valid email address	Email Address
`password`	-	required length: 5-30 chars	Password
`firstname`	-	required length: 1-32 chars	First Name
`lastname`	-	required length: 1-32 chars	Last Name
`phone`	-	length: 7, 10, 11, or 14 chars; only digits considered	Phone Number
`timezone`	-	valid::timezone	Valid timezone (see List of Supported Timezones)

Response Parameters

Parameter	Description
`id`	User ID
`email`	Email Address
`firstname`	First Name
`lastname`	Last Name
`phone`	Phone Number
`timezone`	User’s Timezone
`date_last_login`	The date and time the user last logged into the system
`ip_last_login`	The IP for the user at the last login
`date_created`	Date Created
`date_updated`	Date Updated
`roles`	An array of roles for the given user

Get User

Gets a user specified by the {user_id} parameter

GET https://api.stackpath.com/v1/{companyalias}/users/{user_id}

Response Parameters

Parameter	Description
`id`	User ID
`email`	Email Address
`firstname`	First Name
`lastname`	Last Name
`phone`	Phone Number
`timezone`	User’s Timezone

Update User

Updates a user specified by the {user_id} parameter

PUT https://api.stackpath.com/v1/{companyalias}/users/{user_id}

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`email`	-	length: 6-200 chars; valid email address	Email Address
`firstname`	-	length: 1-32 chars	First Name
`lastname`	-	length: 1-32 chars	Last Name
`phone`	-	length: 7, 10, 11, or 14 chars; only digits considered	Phone Number
`timezone`	-	valid::timezone	Valid timezone (see List of Supported Timezones)

Response Parameters

Parameter	Description
`id`	User ID
`email`	Email Address
`firstname`	First Name
`lastname`	Last Name
`phone`	Phone Number
`timezone`	User’s Timezone

Delete User

Deletes a user specified by the {user_id} parameter

DELETE https://api.stackpath.com/v1/{companyalias}/users/{user_id}

Sites

List Sites

Returns a list of all sites on the specified account

GET https://api.stackpath.com/v1/{companyalias}/sites

Response Parameters

Parameter	Description
`id`	Site ID
`name`	Site name
`url`	Origin URL
`port`	Port
`ip`	IP address of the Origin URL
`compress`	Enables on the fly GZip compression of your files from our edge servers for the following file types: text/plain, text/html, text/javascript, text/css, text/xml, application/javascript, application/x-javascript, application/xml, text/x-component, application/json, application/xhtml+xml, application/rss+xml, application/atom+xml, app/vnd.ms-fontobject, image/svg+xml, application/x-font-ttf, font/opentype, application/octet-stream
`backend_compress`	Enables us to cache, from origin, GZip compressed versions of your files for the following file types: text/plain, text/html, text/javascript, text/css, text/xml, application/javascript, application/x-javascript, application/xml, text/x-component, application/json, application/xhtml+xml, application/rss+xml, application/atom+xml, app/vnd.ms-fontobject, image/svg+xml, application/x-font-ttf, font/opentype
`queries`	Treat Query Strings as a separate cacheable item
`set_host_header`	The URL sent as the Host in all HTTP Response Headers
`cache_valid`	Ignore the origin Cache-Control Header and set every request to have a Max-Age of 1d, 7d, 1M or 12M
`ignore_setcookie_header`	Ignore any cookies set by the origin in order to make the content consistently cacheable
`ignore_cache_control`	Ignore any max age values set by the origin and use the CDN set value instead
`use_stale`	Serve expired content while fetching new content. This will also cause the CDN to serve expired content in cases where the origin is down
`proxy_cache_lock`	When multiple requests for an uncached file are received, they will wait until the first response is received rather than sending each request back to the origin
`label`	Something that describes your Site
`valid_referers`	List of domains for http referrer protection (separated by space), only the domains in the list will be treated as valid referrers
`expires`	Set any request with a no “Cache-Control header” from the origin to stay on the server. Possible values are 1d, 7d, 1M, 12M
`disallow_robots`	Enable robots.txt
`disallow_robots_txt`	Use custom robots.txt
`canonical_link_headers`	Pass the canonical URL in the Link HTTP Header
`content_disposition`	Force files to download
`pseudo_streaming`	Enable the Site for pseudo streaming content
`sslshared`	Enable Shared SSL for your Site, so you can use HTTPS, using our SSL certificate for netdna-ssl.com
`suspend`	Flag denoting if the Site has been suspended
`locked`	Flag denoting if the Site has been locked
`inactive`	Flag denoting if the Site has been deleted
`creation_date`	Date Created
`http2`	Flag denoting if the Site has HTTP/2 protocol enabled
`ssl`	Read-only flag denoting if the Site has Dedicated IP SSL enabled
`ssl_sni`	Read-only flag denoting if the Site has SNI SSL enabled
`geo_enabled`	Read-only flag denoting if the Site has ‘More Locations’ enabled

Get Sites Count

Counts all Sites on the specified account

GET https://api.stackpath.com/v1/{companyalias}/sites/count

Response Parameters

Parameter	Description
`count`	The number of Sites on the specified account

Get Site

Gets a Sites’ settings specified by the {site_id} parameter

GET https://api.stackpath.com/v1/{companyalias}/sites/{site_id}

Response Parameters

Parameter	Description
`id`	The Site ID
`name`	Site name
`url`	Origin URL
`port`	Port
`ip`	Valid IP address of the Origin URL, if omitted the service will automatically try to find the IP
`compress`	Enables on the fly GZip compression of your files from our edge servers for the following file types: text/plain, text/html, text/javascript, text/css, text/xml, application/javascript, application/x-javascript, application/xml, text/x-component, application/json, application/xhtml+xml, application/rss+xml, application/atom+xml, app/vnd.ms-fontobject, image/svg+xml, application/x-font-ttf, font/opentype
`backend_compress`	Enables us to cache, from origin, GZip compressed versions of your files for the following file types: text/plain, text/html, text/javascript, text/css, text/xml, application/javascript, application/x-javascript, application/xml, text/x-component, application/json, application/xhtml+xml, application/rss+xml, application/atom+xml, app/vnd.ms-fontobject, image/svg+xml, application/x-font-ttf, font/opentype
`queries`	Treat Query Strings as a separate cacheable item
`set_host_header`	The URL sent as the Host in all HTTP Response Headers
`cache_valid`	Ignore the origin Cache-Control Header and set every request to have a Max-Age of 1d, 7d, 1M or 12M
`ignore_setcookie_header`	Ignore any cookies set by the origin in order to make the content consistently cacheable
`ignore_cache_control`	Ignore any max age values set by the origin and use the CDN set value instead
`use_stale`	Serve expired content while fetching new content. This will also cause the CDN to serve expired content in cases where the origin is down
`proxy_cache_lock`	When multiple requests for an uncached file are received, they will wait until the first response is received rather than sending each request back to the origin
`label`	Something that describes your Site
`valid_referers`	List of domains for http referrer protection (separated by space), only the domains in the list will be treated as valid referrers
`expires`	Set any request with a no “Cache-Control header” from the origin to stay on the server. Possible values are 1d, 7d, 1M, 12M
`disallow_robots`	Enable robots.txt
`disallow_robots_txt`	Use custom robots.txt
`canonical_link_headers`	Pass the canonical URL in the Link HTTP Header
`content_disposition`	Force files to download
`x_forward_for`	Add X-Forwarded-For (XFF) HTTP Header
`pseudo_streaming`	Enable the Site for pseudo streaming content
`sslshared`	Enable Shared SSL for your Site, so you can use HTTPS, using our SSL certificate for netdna-ssl.com
`suspend`	Flag denoting if the Site has been suspended
`locked`	Flag denoting if the Site has been locked
`inactive`	Flag denoting if the Site has been deleted
`creation_date`	Date Created
`http2`	Flag denoting if the Site has the HTTP/2 protocol enabled
`ssl`	Read-only flag denoting if the Site has Dedicated IP SSL enabled
`ssl_sni`	Read-only flag denoting if the Site has SNI SSL enabled
`geo_enabled`	Read-only flag denoting if the Site has ‘More Locations’ enabled

Create Site

Creates a new Site

POST https://api.stackpath.com/v1/{companyalias}/sites

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`name`	-	required length: 3-30 chars; only letters, digits, and dash (-)accepted	Site Name
`url`	-	required length: 4-100 chars; only valid URLs accepted	Origin URL
`port`	80	length: 1-5 chars; only digits accepted	Port
`dns_check`	1	only 0 or 1 accepted	This field determines how your Origin resolves. When set to 1, we automatically grab the origin’s IP using DNS. Setting it to 0 allows you explicitly provide the IP of the origin.
`ip`	-	length: 1-10 chars, only digits accepted	Valid IP address of the Origin URL. Be sure to set `dns_check` to 0 to prevent this value from being overwritten.
`compress`	0	only 0 or 1 accepted	Enables on the fly GZip compression of your files from our edge servers for the following file types: text/plain, text/html, text/javascript, text/css, text/xml, application/javascript, application/x-javascript, application/xml, text/x-component, application/json, application/xhtml+xml, application/rss+xml, application/atom+xml, app/vnd.ms-fontobject, image/svg+xml, application/x-font-ttf, font/opentype
`backend_compress`	0	only 0 or 1 accepted	Enables us to cache, from origin, GZip compressed versions of your files for the following file types: text/plain, text/html, text/javascript, text/css, text/xml, application/javascript, application/x-javascript, application/xml, text/x-component, application/json, application/xhtml+xml, application/rss+xml, application/atom+xml, app/vnd.ms-fontobject, image/svg+xml, application/x-font-ttf, font/opentype
`queries`	0	only 0 or 1 accepted	Treat Query Strings as a separate cacheable item
`set_host_header`	-	length: 4-100 chars; only valid URLs accepted	The URL to send as the Host in all HTTP Response Headers
`cache_valid`	1d	length: 1-30 chars; must be a number followed by one of s, m, h, d, M, or Y	Ignore the origin Cache-Control Header and set every request to have a Max-Age of 1d, 7d, 1M or 12M
`ignore_setcookie_header`	0	only 0 or 1 accepted	Ignore any cookies set by the origin in order to make the content consistently cacheable
`ignore_cache_control`	0	only 0 or 1 accepted	Ignore any max age values set by the origin and use the CDN set value instead
`use_stale`	0	List of status codes separated with space - empty character - (?use_stale=500 502 503 504 403 404) are accepted as a valid request. 0 or 1 are accepted by legacy but, these are not valid parameters any more. To disable use_stale you can pass 0 (as a part of the legacy) or empty string “”.	Serve expired content while fetching new content. This will also cause the CDN to serve expired content in cases where the origin is down
`proxy_cache_lock`	0	only 0 or 1 accepted	When multiple requests for an uncached file are received, they will wait until the first response is received rather than sending each request back to the origin
`label`	-	length: 1-255 chars	Something that describes your Site
`valid_referers`	-	length: 1-100 chars	List of domains for http referrer protection (separated by space), only the domains in the list will be treated as valid referrers
`expires`	1d	length: 1-32 chars	Set any request with a no “Cache-Control header” from the origin to stay on the server. Possible values are 1d, 7d, 1M, 12M
`disallow_robots`	0	only 0 or 1 accepted	Enable robots.txt
`disallow_robots_txt`	-	length 1-255 chars	Use custom robots.txt
`canonical_link_headers`	1	only 0 or 1 accepted	Pass the canonical URL in the Link HTTP Header
`content_disposition`	0	only 0 or 1 accepted	Force files to download
`x_forward_for`	0	only 0 or 1 accepted	Add X-Forwarded-For (XFF) HTTP Header
`pseudo_streaming`	0	only 0 or 1 accepted	Enable the Site for pseudo streaming content
`secret`	-	length: 1 - 32 chars	Use a secret to protect your files from unwanted visitors
`sslshared`	0	only 0 or 1 accepted	Enable Shared SSL for your Site, so you can use HTTPS, using our SSL certificate for netdna-ssl.com

Response Parameters

Parameter	Description
`id`	Site ID
`name`	Site name
`url`	Origin URL
`port`	Port
`ip`	IP address of the Origin URL
`compress`	Enables on the fly GZip compression of your files from our edge servers for the following file types: text/plain, text/html, text/javascript, text/css, text/xml, application/javascript, application/x-javascript, application/xml, text/x-component, application/json, application/xhtml+xml, application/rss+xml, application/atom+xml, app/vnd.ms-fontobject, image/svg+xml, application/x-font-ttf, font/opentype
`backend_compress`	Enables us to cache, from origin, GZip compressed versions of your files for the following file types: text/plain, text/html, text/javascript, text/css, text/xml, application/javascript, application/x-javascript, application/xml, text/x-component, application/json, application/xhtml+xml, application/rss+xml, application/atom+xml, app/vnd.ms-fontobject, image/svg+xml, application/x-font-ttf, font/opentype
`queries`	Treat Query Strings as a separate cacheable item
`set_host_header`	The URL sent as the Host in all HTTP Response Headers
`cache_valid`	Ignore the origin Cache-Control Header and set every request to have a Max-Age of 1d, 7d, 1M or 12M
`ignore_setcookie_header`	Ignore any cookies set by the origin in order to make the content consistently cacheable
`ignore_cache_control`	Ignore any max age values set by the origin and use the CDN set value instead
`use_stale`	Serve expired content while fetching new content. This will also cause the CDN to serve expired content in cases where the origin is down
`proxy_cache_lock`	When multiple requests for an uncached file are received, they will wait until the first response is received rather than sending each request back to the origin
`label`	Something that describes your Site
`valid_referers`	List of domains for http referrer protection (separated by space), only the domains in the list will be treated as valid referrers
`expires`	Set any request with a no “Cache-Control header” from the origin to stay on the server. Possible values are 1d, 7d, 1M, 12M
`disallow_robots`	Enable robots.txt
`disallow_robots_txt`	Use custom robots.txt
`canonical_link_headers`	Pass the canonical URL in the Link HTTP Header
`content_disposition`	Force files to download
`x_forward_for`	Add X-Forwarded-For (XFF) HTTP Header
`pseudo_streaming`	Enable the Site for pseudo streaming content
`sslshared`	Enable Shared SSL for your Site, so you can use HTTPS, using our SSL certificate for netdna-ssl.com
`suspend`	Flag denoting if the Site has been suspended
`locked`	Flag denoting if the Site has been locked
`inactive`	Flag denoting if the Site has been deleted
`creation_date`	Date Created
`ssl`	Read-only flag denoting if the Site has Dedicated IP SSL enabled
`ssl_sni`	Read-only flag denoting if the Site has SNI SSL enabled
`geo_enabled`	Read-only flag denoting if the Site has ‘More Locations’ enabled

Update Site

Updates a Site specified by the {site_id} parameter

PUT https://api.stackpath.com/v1/{companyalias}/sites/{site_id}

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`url`	-	length: 4-100 chars; only valid URLs accepted	Origin URL
`port`	80	length: 1-5 chars; only digits accepted	Port
`dns_check`	1	only 0 or 1 accepted	This field determines how your Origin resolves. When set to 1, we automatically grab the origin’s IP using DNS. Setting it to 0 allows you explicitly provide the IP of the origin.
`ip`	-	length: 1-10 chars, only digits accepted	Valid IP address of the Origin URL. Be sure to set `dns_check` to 0 to prevent this value from being overwritten.
`compress`	0	only 0 or 1 accepted	On the fly compression of your files served from our edges. Enables GZip compression for the following file types: text/plain, text/html, text/javascript, text/css, text/xml, application/javascript, application/x-javascript, application/xml, text/x-component, application/json, application/xhtml+xml, application/rss+xml, application/atom+xml, app/vnd.ms-fontobject, image/svg+xml, application/x-font-ttf, font/opentype
`backend_compress`	0	only 0 or 1 accepted	Allow us to cache compressed versions of your files from the origin. Enables GZip compression for the following file types: text/plain, text/html, text/javascript, text/css, text/xml, application/javascript, application/x-javascript, application/xml, text/x-component, application/json, application/xhtml+xml, application/rss+xml, application/atom+xml, app/vnd.ms-fontobject, image/svg+xml, application/x-font-ttf, font/opentype
`queries`	0	only 0 or 1 accepted	Treat Query Strings as a separate cacheable item
`set_host_header`	-	length: 4-100 chars; only valid URLs accepted	The URL to send as the Host in all HTTP Response Headers
`cache_valid`	-	length: 1-30 chars; must be a number followed by one of s, m, h, d, M, or Y	Ignore the origin Cache-Control Header and set every request to have a Max-Age of 1d, 7d, 1M or 12M
`ignore_setcookie_header`	0	only 0 or 1 accepted	Ignore any cookies set by the origin in order to make the content consistently cacheable
`ignore_cache_control`	0	only 0 or 1 accepted	Ignore any max age values set by the origin and use the CDN set value instead
`use_stale`	0	List of status codes separated with space - empty character - (?use_stale=500 502 503 504 403 404) are accepted as a valid request. 0 or 1 are accepted by legacy but, these are not valid parameters any more. To disable use_stale you can pass 0 (as a part of the legacy) or empty string “”.	Serve expired content while fetching new content. This will also cause the CDN to serve expired content in cases where the origin is down
`proxy_cache_lock`	0	only 0 or 1 accepted	When multiple requests for an uncached file are received, they will wait until the first response is received rather than sending each request back to the origin
`label`	-	length: 1-255 chars	Something that describes your Site
`valid_referers`	-	length: 1-100 chars	List of domains for http referrer protection (separated by space), only the domains in the list will be treated as valid referrers
`expires`	1d	length: 1-32 chars	Set any request with a no “Cache-Control header” from the origin to stay on the server. Possible values are 1d, 7d, 1M, 12M
`disallow_robots`	0	only 0 or 1 accepted	Enable robots.txt
`disallow_robots_txt`	-	length: 1-255 chars	Use custom robots.txt
`canonical_link_headers`	1	only 0 or 1 accepted	Pass the canonical URL in the Link HTTP Header
`content_disposition`	0	only 0 or 1 accepted	Force files to download
`x_forward_for`	0	only 0 or 1 accepted	Add X-Forwarded-For (XFF) HTTP Header
`pseudo_streaming`	0	only 0 or 1 accepted	Enable the Site for pseudo streaming content
`secret`	-	length: 1 - 32 chars	Use a secret to protect your files from unwanted visitors
`sslshared`	0	only 0 or 1 accepted	Enable Shared SSL for your Site, so you can use HTTPS, using our SSL certificate for netdna-ssl.com
`http2`	0	only 0 or 1 accepted	Enable HTTP/2 protocol on the Site (requires SSL)

Response Parameters

Parameter	Description
`id`	Site ID
`name`	Site name
`url`	Origin URL
`port`	Port
`ip`	Valid IP address of the Origin URL, if omitted the service will automatically try to find the IP
`compress`	On the fly compression of your files served from our edges. Enables GZip compression for the following file types: text/plain, text/html, text/javascript, text/css, text/xml, application/javascript, application/x-javascript, application/xml, text/x-component, application/json, application/xhtml+xml, application/rss+xml, application/atom+xml, app/vnd.ms-fontobject, image/svg+xml, application/x-font-ttf, font/opentype
`backend_compress`	Allow us to cache compressed versions of your files from the origin. Enables GZip compression for the following file types: text/plain, text/html, text/javascript, text/css, text/xml, application/javascript, application/x-javascript, application/xml, text/x-component, application/json, application/xhtml+xml, application/rss+xml, application/atom+xml, app/vnd.ms-fontobject, image/svg+xml, application/x-font-ttf, font/opentype
`queries`	Treat Query Strings as a separate cacheable item
`set_host_header`	The URL sent as the Host in all HTTP Response Headers
`cache_valid`	Ignore the origin Cache-Control Header and set every request to have a Max-Age of 1d, 7d, 1M or 12M
`ignore_setcookie_header`	Ignore any cookies set by the origin in order to make the content consistently cacheable
`ignore_cache_control`	Ignore any max age values set by the origin and use the CDN set value instead
`use_stale`	Serve expired content while fetching new content. This will also cause the CDN to serve expired content in cases where the origin is down
`proxy_cache_lock`	When multiple requests for an uncached file are received, they will wait until the first response is received rather than sending each request back to the origin
`label`	Something that describes your Site
`valid_referers`	List of domains for http referrer protection (separated by space), only the domains in the list will be treated as valid referrers
`expires`	Set any request with a no “Cache-Control header” from the origin to stay on the server. Possible values are 1d, 7d, 1M, 12M
`disallow_robots`	Enable robots.txt
`disallow_robots_txt`	Use custom robots.txt
`canonical_link_headers`	Pass the canonical URL in the Link HTTP Header
`content_disposition`	Force files to download
`x_forward_for`	Add X-Forwarded-For (XFF) HTTP Header
`pseudo_streaming`	Enable the Site for pseudo streaming content
`sslshared`	Enable Shared SSL for your Site, so you can use HTTPS, using our SSL certificate for netdna-ssl.com
`suspend`	Flag denoting if the Site has been suspended
`locked`	Flag denoting if the Site has been locked
`inactive`	Flag denoting if the Site has been deleted
`creation_date`	Date Created
`http2`	Flag denoting if the Site has the HTTP/2 protocol enabled
`ssl`	Read-only flag denoting if the Site has Dedicated IP SSL enabled
`ssl_sni`	Read-only flag denoting if the Site has SNI SSL enabled
`geo_enabled`	Read-only flag denoting if the Site has ‘More Locations’ enabled

Enable Flex

Enables additional locations on a Site specified by the {site_id} parameter

POST https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/flex

Disable Flex

Disables additional locations on a Site specified by the {site_id} parameter

DELETE https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/flex

Delete Site

Deletes a Site specified by the {site_id} parameter

DELETE https://api.stackpath.com/v1/{companyalias}/sites/{site_id}

Enable Site

Enables a Site specified by the {site_id} parameter

PUT https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/enable

Disable Site

Disables a Site specified by the {site_id} parameter

PUT https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/disable

Purge Site Cache

Purges Site cache

DELETE https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/cache

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`files`	-	An array containing relative paths of the files to purge (i.e./favicon.ico)

Site Custom Domains

List Custom Domains

Returns a list of all custom domains on the Site specified by {site_id}

GET https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/customdomains

Response Parameters

Parameter	Description
`id`	The id of the custom domain
`bucket_id`	The id of the Site the custom domain belongs to
`custom_domain`	A valid custom domain

Create Custom Domain

Adds a new custom domain to {site_id}

POST https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/customdomains

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`custom_domain`	-	required length: 1-255 chars, valid::custom_domain, !valid::full_domain	A valid custom domain
`type`	-	Applies only to VOD Zones and must be either ‘vod-rtmp’,’vod-pseudo’, ‘vod-direct’, or ‘vod-ftp’	The type of custom domain being created

Response Parameters

Parameter	Description
`id`	The id of the custom domain
`bucket_id`	The id of the Site the custom domain belongs to
`custom_domain`	The valid custom domain

Get Custom Domain

Gets a custom domain specified by the {site_id} and {customdomain_id} parameters

GET https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/customdomains/{customdomain_id}

Response Parameters

Parameter	Description
`id`	The id of the custom domain
`bucket_id`	The id of the Site the custom domain belongs to
`custom_domain`	The valid custom domain

Update Custom Domain

Updates a custom domain specified by the id parameter

PUT https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/customdomains/{customdomain_id}

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`custom_domain`	-	required length: 1-255 chars, valid::custom_domain, !valid::full_domain	A new valid custom domain

Response Parameters

Parameter	Description
`id`	The id of the custom domain
`bucket_id`	The id of the Site the custom domain belongs to
`custom_domain`	The new valid custom domain

Delete Custom Domain

Deletes a custom domain specified by the {site_id} and {customdomain_id} parameters

DELETE https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/customdomains/{customdomain_id}

Site SSL

Get Site’s SSL Information

Get the SSL certificate for the specified {site_id}.

GET https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/ssl

Install SSL on Site

Upload an SSL certificate for the specified {site_id}.

POST https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/ssl

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`ssl_id`	-	digit	id of previously created certificate (NOTE: This will become required in future revisions)
`ssl_crt`	-	-	The SSL certificate you are installing. (NOTE: Not required if ssl_id specified)
`ssl_key`	-	-	The key for the SSL certificate you are installing.
`ssl_cabundle`	-	-	The CA Bundle for the SSL Certificate you are installing.
`ssl_sni`	0	only 0 or 1 accepted	If this flag is set to 1 your Site will use SNI to identify your certificate, rather than requiring a dedicated IP.

Response Parameters

Parameter	Description
`id`	The SSL Certificate ID.
`ssl_crt`	The SSL certificate.
`ssl_cabundle`	The CA Bundle for the certificate.
`domain`	The domain applicable to this certificate.
`date_expiration`	The date of expiration for the certificate.
`wildcard`	Flag to signify whether this is a wildcard certificate.

Update Site’s SSL Information

Update the SSL certificate for the specified {site_id}.

PUT https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/ssl

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`ssl_id`	-	digit	id of previously created certificate (NOTE: This will become required in future revisions)
`ssl_crt`	-	required	The SSL certificate you are installing.
`ssl_key`	-	required	The key for the SSL certificate you are installing.
`ssl_cabundle`	-	The CABundle for the SSL Certificate you are installing.
`ssl_sni`	0	only 0 or 1 accepted	If this flag is set to 1 your Site will use SNI to identify your certificate, rather than requiring a dedicated IP.

Response Parameters

Parameter	Description
`id`	The SSL Certificate ID.
`ssl_crt`	The SSL certificate.
`ssl_cabundle`	The CA Bundle for the certificate.
`domain`	The domain applicable to this certificate.
`date_expiration`	The date of expiration for the certificate.
`wildcard`	Flag to signify whether this is a wildcard certificate.

Remove Site’s SSL Information

Remove the SSL certificate for the specified {site_id}.

DELETE https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/ssl

Site Upstream

Get Upstream information for the current Site

Get the upstream information for the specified {site_id}.

GET https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/upstream

Enable Upstream on Site

Create and enable Upstream for a specific {site_id}.

POST https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/upstream

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`server`	-	required	The server URL or IP to provide the streaming resources
`port`	-	required	The port where server is to be called

Response Parameters

Parameter	Description
`id`	The Upstream ID.
`bucket_id`	The id of the site this upstream belongs to
`server`	The server URL or IP
`port`	The port it uses to call the server

Read Upstream’s Information

Read Upstream information for the specified {upstream_id}.

GET https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/upstream/{upstream_id}

Response Parameters

Parameter	Description
`id`	The Upstream ID.
`bucket_id`	The id of the site this upstream belongs to
`server`	The server URL or IP
`port`	The port it uses to call the server

Update Upstream’s Information

Update the Upstream information for the specified {upstream_id}.

PUT https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/upstream/{upstream_id}

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`upstream_id`	-	required	The Upstream Information you’re modifying
`server`	-	required	The server URL or IP
`port`	-	required	The port used to call the server

Response Parameters

Parameter	Description
`id`	The Upstream ID.
`bucket_id`	The id of the site this upstream belongs to
`server`	The server URL or IP
`port`	The port it uses to call the server

Remove Site Upstream

Remove the Upstream with an id of {upstream_id}.

DELETE https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/upstream/{upstream_id}

Reports

Get Account Stats

Gets the total usage statistics for your account, optionally broken up by {report_type}. If no {report_type} is given the request will return the total usage on your account.

GET https://api.stackpath.com/v1/{companyalias}/reports/stats/{report_type}

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`date_from`	now() - 1 month	Y-m-d (e.g. 2012-01-01)	Start date
`date_to`	now()	Y-m-d (e.g. 2012-01-01)	End date

Response Parameters

Parameter	Description
`size`	The amount of bytes transferred
`hit`	The number of times files were requested
`noncache_hit`	The number of times a requested file was not in cache
`cache_hit`	The number of times a requested file was already cached
`timestamp`	The timestamp for the corresponding {report_type}

Get All Zone Stats

Gets the total usage statistics for each of your zones, optionally broken up by {report_type}. If no {report_type} is given the timestamp response parameter will be omitted.

GET https://api.stackpath.com/v1/{companyalias}/reports/statsbyzone/{report_type}

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`date_from`	now() - 1 month	Y-m-d (e.g. 2012-01-01)	Start date
`date_to`	now()	Y-m-d (e.g. 2012-01-01)	End date

Response Parameters

Parameter	Description
`bucket_id`	The Zone ID that corresponds to this set of stats
`size`	The amount of bytes transferred
`hit`	The number of times files were requested
`noncache_hit`	The number of times a requested file was not in cache
`cache_hit`	The number of times a requested file was already cached
`timestamp`	The timestamp for the corresponding {report_type}

Get a Zone’s Stats

Gets the {zone_id} usage statistics optionally broken up by {report_type}. If no {report_type} is given the request will return the total usage for the zones.

GET https://api.stackpath.com/v1/{companyalias}/reports/{zone_id}/stats/{report_type}

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`date_from`	now() - 1 month	Y-m-d (e.g. 2012-01-01)	Start date
`date_to`	now()	Y-m-d (e.g. 2012-01-01)	End date

Response Parameters

Parameter	Description
`size`	The amount of bytes transferred
`hit`	The number of times files were requested
`noncache_hit`	The number of times a requested file was not in cache
`cache_hit`	The number of times a requested file was already cached
`timestamp`	The timestamp for the corresponding {report_type}

Reports by Location API

List Nodes

Gets a list of all active nodes (locations)

GET https://api.stackpath.com/v1/{companyalias}/reports/nodes

Response Parameters

Parameter	Description
`id`	Node Id
`name`	Node 3 letter code
`description`	Full node name

List Nodes by Zone

Gets a list of all active nodes (locations) specified by the {zone_id} parameter

GET https://api.stackpath.com/v1/{companyalias}/reports/{zone_id}/nodes

Response Parameters

Parameter	Description
`id`	Node Id
`name`	Node 3 letter code
`description`	Full node name

List Zone Node Stats by Report Type

Get usage statistics broken up by nodes and optionally {report_type}. If no {report_type} is given the request will return the total usage broken up by node.

GET https://api.stackpath.com/v1/{companyalias}/reports/nodes/stats/{report_type}

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`date_from`	now() - 1 month	Y-m-d (e.g. 2012-01-31)	Start date
`date_to`	now()	Y-m-d (e.g. 2012-01-31)	End date

Response Parameters

Parameter	Description
`pop_id`	Node Id
`pop_name`	Node 3 letter code, only returned when {report_type} is not empty
`pop_description`	Full node name, only returned when {report_type} is not empty
`size`	The amount of bytes transferred
`hit`	The number of times files were requested
`noncache_hit`	The number of times a requested file was not in cache
`cache_hit`	The number of times a requested file was already cached
`timestamp`	A timestamp corresponding to {report_type}, only returned when {report_type} is not empty

List Node Stats by Zone and Report Type

Get usage statistics for a particular {zone_id} broken up by nodes and optionally {report_type}. If no {report_type} is given the request will return the total usage broken up by node.

GET https://api.stackpath.com/v1/{companyalias}/reports/{zone_id}/nodes/stats/{report_type}

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`date_from`	now() - 1 month	Y-m-d (e.g. 2012-01-01)	Start date
`date_to`	now()	Y-m-d (e.g. 2012-01-01)	End date

Response Parameters

Parameter	Description
`pop_id`	Node Id
`pop_name`	Node 3 letter code, only returned when {report_type} is not empty
`pop_description`	Full node name, only returned when {report_type} is not empty
`size`	The amount of bytes transferred
`hit`	The number of times files were requested
`noncache_hit`	The number of times a requested file was not in cache
`cache_hit`	The number of times a requested file was already cached
`timestamp`	A timestamp corresponding to {report_type}, only returned when {report_type} is not empty

Get Zone Node

Gets the node information for the specified {node_id}

GET https://api.stackpath.com/v1/{companyalias}/reports/nodes/{node_id}

Response Parameters

Parameter	Description
`id`	Node Id
`name`	Node 3 letter code
`description`	Full node name

Get Node by Zone

Gets the node information for the specified {node_id} and {zone_id}

GET https://api.stackpath.com/v1/{companyalias}/reports/{zone_id}/nodes/{node_id}

Response Parameters

Parameter	Description
`id`	Node Id
`name`	Node 3 letter code
`description`	Full node name

Get Zone Node Stats by Report Type

Get usage statistics for a particular {node_id} optionally broken up by {report_type}. If no {report_type} is given the request will return the total usage for the node.

GET https://api.stackpath.com/v1/{companyalias}/reports/nodes/{node_id}/stats/{report_type}

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`date_from`	now() - 1 month	Y-m-d (e.g. 2012-01-01)	Start date.
`date_to`	now()	Y-m-d (e.g. 2012-01-01)	End date.

Response Parameters

Parameter	Description
`size`	The amount of bytes transferred
`hit`	The number of times files were requested
`noncache_hit`	The number of times a requested file was not in cache
`cache_hit`	The number of times a requested file was already cached
`timestamp`	A timestamp corresponding to {report_type}, only returned when {report_type} is not empty

Get Node Stats by Zone and Report Type

Get usage statistics for a particular {node_id} and {zone_id}, optionally broken up by {report_type}. If no {report_type} is given the request will return the total usage for the node.

GET https://api.stackpath.com/v1/{companyalias}/reports/{zone_id}/nodes/{node_id}/stats/{report_type}

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`date_from`	now() - 1 month	Y-m-d (e.g. 2012-01-01)	Start date
`date_to`	now()	Y-m-d (e.g. 2012-01-01)	End date

Response Parameters

Parameter	Description
`size`	The amount of bytes transferred
`hit`	The number of times files were requested
`noncache_hit`	The number of times a requested file was not in cache
`cache_hit`	The number of times a requested file was already cached
`timestamp`	A timestamp corresponding to {report_type}, only returned when {report_type} is not empty

Reports by Popular Files API

List Popular Files

Gets the most popularly requested files for your account, grouped into daily statistics

GET https://api.stackpath.com/v1/{companyalias}/reports/popularfiles

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`date_from`	now() - 1 month	Y-m-d (e.g. 2012-01-01).	Start date
`date_to`	now()	Y-m-d (e.g. 2012-01-01).	End date

Response Parameters

Parameter	Description
`bucket_id`	The Zone ID for the popular file
`uri`	The URI for the requested popular file
`hit`	The number of times the file was requested
`size`	The amount of bytes transferred for the given file
`vhost`	The CDN URL for the corresponding zone
`timestamp`	UTC timestamp of the request

List Popular Files By Zone Type

Gets the most popularly requested files for your account, filtered by {zone_type} and grouped into daily statistics

GET https://api.stackpath.com/v1/{companyalias}/reports/{zone_type}/popularfiles

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`date_from`	now() - 1 month	Y-m-d (e.g. 2012-01-01)	Start date
`date_to`	now()	Y-m-d (e.g. 2012-01-01)	End date

Response Parameters

Parameter	Description
`bucket_id`	The Zone ID for the popular file
`uri`	The URI for the requested popular file
`hit`	The number of times the file was requested
`size`	The amount of bytes transferred for the given file
`vhost`	The CDN URL for the corresponding zone
`timestamp`	UTC timestamp of the request

Reports by Status Codes API

List Status Code Responses

Gets HTTP status code response statistics for your account

GET https://api.stackpath.com/v1/{companyalias}/reports/statuscodes/{report_type}

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`date_from`	now() - 1 month	Y-m-d (e.g. 2012-01-01)	Start date
`date_to`	now()	Y-m-d (e.g. 2012-01-01)	End date

Response Parameters

Parameter	Description
`status_code`	The HTTP status code for the response
`hit`	The number of responses with this status code
`definition`	The definition for the status code

List Status Code Responses by Zone Id

Gets HTTP status code response statistics for a specific {zone_id}

GET https://api.stackpath.com/v1/{companyalias}/reports/{zone_id}/statuscodes/{report_type}

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`date_from`	now() - 1 month	Y-m-d (e.g. 2012-01-01)	Start date
`date_to`	now()	Y-m-d (e.g. 2012-01-01)	End date

Response Parameters

Parameter	Description
`status_code`	The HTTP status code for the response
`hit`	The number of responses with this status code
`definition`	The definition for the status code

List Status Codes by Zone Type

Gets HTTP status code response statistics for a specific {zone_type}

GET https://api.stackpath.com/v1/{companyalias}/reports/{zone_type}/statuscodes/{report_type}

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`date_from`	now() - 1 month	Y-m-d (e.g. 2012-01-01)	Start date
`date_to`	now()	Y-m-d (e.g. 2012-01-01)	End date

Response Parameters

Parameter	Description
`status_code`	The HTTP status code for the response
`hit`	The number of responses with this status code
`definition`	The definition for the status code

List Status Codes by Zone Id and Zone Type

Gets HTTP status code response statistics for a specific {zone_type} and {zone_id}

GET https://api.stackpath.com/v1/{companyalias}/reports/{zone_type}/{zone_id}/statuscodes/{report_type}

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`date_from`	now() - 1 month	Y-m-d (e.g. 2012-01-01)	Start date
`date_to`	now()	Y-m-d (e.g. 2012-01-01)	End date

Response Parameters

Parameter	Description
`status_code`	The HTTP status code for the response
`hit`	The number of responses with this status code
`definition`	The definition for the status code

Reports by File Types API

List File Types

Gets file type statistics for your account

GET https://api.stackpath.com/v1/{companyalias}/reports/filetypes/{report_type}

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`date_from`	now() - 1 month	Y-m-d (e.g. 2012-01-01)	Start date
`date_to`	now()	Y-m-d (e.g. 2012-01-01)	End date

Response Parameters

Parameter	Description
`file_type`	The file type requested
`hit`	The number of times a file of this type has been requested

List File Types by Zone Id

Gets file type statistics for a specific {zone_id}

GET https://api.stackpath.com/v1/{companyalias}/reports/{zone_id}/filetypes/{report_type}

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`date_from`	now() - 1 month	Y-m-d e.g. 2012-01-01	Start date
`date_to`	now()	Y-m-d e.g. 2012-01-01	End date

Response Parameters

Parameter	Description
`file_type`	The file type requested
`hit`	The number of times a file of this type has been requested

List File Types by Zone Type

Gets file type statistics for a specific {zone_type}

GET https://api.stackpath.com/v1/{companyalias}/reports/{zone_type}/filetypes/{report_type}

Response Parameters

Parameter	Description
`file_type`	The file type requested
`hit`	The number of times a file of this type has been requested

List File Types by Zone Id

Gets file type statistics for a specific {zone_type} and {zone_id}

GET https://api.stackpath.com/v1/{companyalias}/reports/{zone_type}/{zone_id}/filetypes/{report_type}

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`date_from`	now() - 1 month	Y-m-d (e.g. 2012-01-01)	Start date
`date_to`	now()	Y-m-d (e.g. 2012-01-01)	End date

Response Parameters

Parameter	Description
`file_type`	The file type requested
`hit`	The number of times a file of this type has been requested

Reports by File Size Ranges API

List File Sizes

Gets request statistics for your account based on file size ranges

GET https://api.stackpath.com/v1/{companyalias}/reports/filesizes/{report_type}

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`date_from`	now() - 1 month	Y-m-d (e.g. 2012-01-01)	Start date
`date_to`	now()	Y-m-d (e.g. 2012-01-01)	End date

Response Parameters

Parameter	Description
`le_10k_hits`	The number of requests for files <= 10KB
`le_50k_hits`	The number of requests for files <= 50KB
`le_100k_hits`	The number of requests for files <= 100KB
`le_500k_hits`	The number of requests for files <= 500KB
`le_1m_hits`	The number of requests for files <= 1MB
`le_10m_hits`	The number of requests for files <= 10MB
`le_100m_hits`	The number of requests for files <= 100MB
`gt_100m_hits`	The number of requests for files > 100MB

List File Sizes by Zone Id

Gets request statistics for the specified {zone_id} based on file size ranges

GET https://api.stackpath.com/v1/{companyalias}/reports/{zone_id}/filesizes/{report_type}

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`date_from`	now() - 1 month	Y-m-d e.g. 2012-01-01	Start date
`date_to`	now()	Y-m-d e.g. 2012-01-01	End date

Response Parameters

Parameter	Description
`le_10k_hits`	The number of requests for files <= 10KB
`le_50k_hits`	The number of requests for files <= 50KB
`le_100k_hits`	The number of requests for files <= 100KB
`le_500k_hits`	The number of requests for files <= 500KB
`le_1m_hits`	The number of requests for files <= 1MB
`le_10m_hits`	The number of requests for files <= 10MB
`le_100m_hits`	The number of requests for files <= 100MB
`gt_100m_hits`	The number of requests for files > 100MB

List File Sizes by Zone Type

Gets request statistics for the specified {zone_type} based on file size ranges

GET https://api.stackpath.com/v1/{companyalias}/reports/{zone_type}/filesizes/{report_type}

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`date_from`	now() - 1 month	Y-m-d e.g. 2012-01-01	Start date
`date_to`	now()	Y-m-d e.g. 2012-01-01	End date

Response Parameters

Parameter	Description
`le_10k_hits`	The number of requests for files <= 10KB
`le_50k_hits`	The number of requests for files <= 50KB
`le_100k_hits`	The number of requests for files <= 100KB
`le_500k_hits`	The number of requests for files <= 500KB
`le_1m_hits`	The number of requests for files <= 1MB
`le_10m_hits`	The number of requests for files <= 10MB
`le_100m_hits`	The number of requests for files <= 100MB
`gt_100m_hits`	The number of requests for files > 100MB

List File Sizes by Zone Type and Zone ID

Gets request statistics for the specified {zone_type} and {zone_id} based on file size ranges

GET https://api.stackpath.com/v1/{companyalias}/reports/{zone_type}/{zone_id}/filesizes/{report_type}

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`date_from`	now() - 1 month	Y-m-d (e.g. 2012-01-01)	Start date
`date_to`	now()	Y-m-d (e.g. 2012-01-01)	End date

Response Parameters

Parameter	Description
`le_10k_hits`	The number of requests for files <= 10KB
`le_50k_hits`	The number of requests for files <= 50KB
`le_100k_hits`	The number of requests for files <= 100KB
`le_500k_hits`	The number of requests for files <= 500KB
`le_1m_hits`	The number of requests for files <= 1MB
`le_10m_hits`	The number of requests for files <= 10MB
`le_100m_hits`	The number of requests for files <= 100MB
`gt_100m_hits`	The number of requests for files > 100MB

WAF

Enable WAF

POST https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/waf

Disable WAF

Disables the WAF on a specific Site ID

DELETE https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/waf

Get WAF Details

Retrieves the status about the WAF on a specific Site ID

GET https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/waf

Response Parameters

Parameter	Description
`mode`	Status of the WAF: `active`, `monitor`, `disabled`, `deleted` or `locked`

Get DDoS Config

Retrieves DDoS configuration from a specific Site ID

GET https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/waf/ddos

Response Parameters

Parameter	Description
`global_threshold`	Integer greater or equal to `1500`
`burst_threshold`	Integer greater or equal to `1000`
`sub_second_burst_threshold`	Integer greater or equal to `50`

Update DDoS Config

Updates the DDoS configuration on a specific Site ID

PUT https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/waf/ddos

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`global_threshold`	-	required	Integer greater or equal to `1500`
`burst_threshold`	-	required	Integer greater or equal to `1000`
`sub_second_burst_threshold`	-	required	Integer greater or equal to `50`

Get WAF Policies

Retrieves WAF Policies from a specific Site ID

GET https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/waf/policies

Response Parameters

Parameter	Description
`name`	The group’s programmatic name
`description`	A human readable group name
`long_description`	A brief description of the policy group
`policies`	An array containing the following entries: `id`, `group`, `name`, `description`, `mode`, or `action`

Get WAF Policy

Retrieves an individual WAF Policy from a specific Site ID and Policy ID

GET https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/waf/policies/{policy_id}

Response Parameters

Parameter	Description
`id`	A policy’s programmatic ID. Policy IDs may change over time
`group`	The group that a policy belongs to
`name`	A human readable policy name
`description`	A human readable policy description
`mode`	A boolean signifying whether a policy is `on` or `off`
`action`	The action taken when a policy is triggered: `allow`, `block`, `captcha`, `gateway`, `handshake`, or `monitor`

Toggle Policy Status

Toggles an Individual Policy Status to on or off

PUT https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/waf/policies/{policy_id}

Response Parameters

Parameter	Description
`mode`	A boolean that should be the opposite of the policy’s original mode

Update Multiple Policies

Sets multiple WAF policies on or off by policy ID

PUT https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/waf/policies

Accepted Request Parameters

Parameter	Description
`policies`	A set of key/value pairs of policy IDs and booleans representing their desired `on` and `off` states

Get WAF Custom Rules

Retrieves all WAF Custom Rules from a specific Site ID

GET https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/waf/rules

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`name`	-	-	The name of the custom rule
`action`	-	-	One of the following: `Allow`, `Block`, `Captcha`, `Gateway`, `Handshake`, or `Monitor`
`mode`	-	`0` or `1`	A boolean signifying `off` or `on`
`page`	1	-	The page number of events to retrieve. The first page is page 1
`page_size`	50	<= 50	The number of events to retrieve per page
`sort_by`	-	-	The field to sort events by, one of `id`, `name`, `scope`, `data`, or `active`
`sort_dir`	-	-	The order to sort events by: `asc` or `desc`

Response Parameters

Parameter	Description
`id`	The ID of the custom rule
`name`	The name of the custom rule
`condition`	A set of expressions to run in the custom rule set
`expressions`	An array containing the following entries: `scope` & `data`
`scope`	Valid Scopes are `HttpMethod`, `Wordpress`, `SearchEngine`, `Ip`, `Country`, `Organization`, `MimeType`, `FileExt`, `UserAgent`, `Header`, `Url`, or `IpRange`
`data`	The data to match in the rule’s condition
`action`	What the rule should do, e.g.: `Allow`, `Block`, `Captcha`, `Gateway`, `Handshake`, or `Monitor`
`active`	A boolean signifying `true` or `false`

Get WAF Custom Rule

Retrieves an individual WAF custom rule from a specific Site ID

GET https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/waf/rules/{rule_id}

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`rule_id`	-	required	Integer

Response Parameters

Parameter	Description
`id`	The ID of the custom rule
`name`	The name of the custom rule
`condition`	A set of expressions to run in the custom rule set. A rule must have between 1 and 5 conditions
`expressions`	An array containing the following entries: `scope` & `data`
`scope`	Valid Scopes are `HttpMethod`, `Wordpress`, `SearchEngine`, `Ip`, `Country`, `Organization`, `MimeType`, `FileExt`, `UserAgent`, `Header`, `Url`, or `IpRange`
`data`	The data to match in the rule’s condition
`action`	What the rule should do, e.g.: `Allow`, `Block`, `Captcha`, `Gateway`, `Handshake`, or `Monitor`
`active`	A boolean signifying `true` or `false`

Update WAF Custom Rule

Updates an individual custom WAF rule on a specific Site ID

PUT https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/waf/rules/{rule_id}

Delete WAF Custom Rules

Deletes all WAF custom rules on a specific Site ID

DELETE https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/waf/rules

Delete WAF Custom Rule

Deletes a single WAF custom rule on a specific Site ID

DELETE https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/waf/rules/{rule_id}

Get WAF Traffic

Retrieves a WAF traffic report from a specific Site ID

GET https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/waf/traffic

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`resolution`	-	-	String that retrieves either by `hour` or `minute`
`start`	-	-	ISO-8601 formatted date/time
`end`	now()	-	ISO-8601 formatted date/time
`fields`	-	-	GET parameter is a comma separated list of fields to return from the call. E.g. `&fields=abs_blocked,cms_blocked,total_blocked`

Response Parameters

Parameter	Description
`abs_blocked`	Form Submission Validation blocked
`abs_count`	Form Submission Validation blocked + passed
`cms_blocked`	Content Management System rules blocked
`cms_count`	Content Management System rules blocked + passed
`csrf_blocked`	Cross Site Request Forgery rules blocked
`csrf_count`	Cross Site Request Forgery rules blocked + passed
`ddos_blocked`	Distributed Denial of Service blocked
`dyn_blocked`	Heuristic (behavioral + anti-automation) rules blocked
`dyn_count`	Heuristic (behavioral + anti-automation) rules blocked + passed
`err40x`	`40x` error count
`err50x`	`50x` error count (except for `504` timeout)
`rep_blocked`	IP reputation blocked
`rep_count`	IP reputation blocked + passed
`resp_time`	Average response time (milliseconds)
`se`	Search Engines count
`stc_blocked`	Custom/Edge rules blocked
`timeout`	`504` (timeout) error count
`timestamp`	Unix time
`waf_blocked`	WAF rules blocked
`wl`	Whitelisted count
`pg`	Page views count (didn’t trigger any rule)

Get WAF Events

Retrieves a WAF event report from a specific Site ID

GET https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/waf/events

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`start`	-	-	ISO-8601 formatted date/time
`end`	now()	-	ISO-8601 formatted date/time
`page`	1	-	The page number of events to retrieve. The first page is page 1
`page_size`	50	<= 100	The number of events to retrieve per page
`sort_by`	_id	-	The field to sort events by, one of `_id`, `ref_id`, `domain`, `result`, `blocked`, `count`, `scope`, `type`, `method`, `client_ip`, `timestamp`, `rule_name`, `rule_id`, `country`, or `action`
`sort_dir`	asc	-	The order to sort events by: `asc` or `desc`
`filter_client_ip`	-	-	IPv4 address only
`filter_ref_id`	-	-	The reference ID displayed to the user when the WAF blocks a request to a site
`filter_action`	-	-	The action taken by the WAF
`filter_result`	-	-	The result of the event

Response Parameters

Parameter	Description
`events`	An array of simple WAF event objects. Each event contains:
`_id`	The WAF event’s programmatic ID
`count`	Number of requests blocked + passed
`client_ip`	IPv4 address only
`rule_name`	Name of the rule that triggered the event
`timestamp`	Unix time
`ref_id`	33 character alphanumeric string displayed to the user when the WAF blocks a request to a site
`scope_value`	Depending on the `engine` and `scope` fields, it MAY contain value. If it has a value, it will be the value describing the `scope` field.
`scope`	Can be any of the following: `IPS`: IP `IPR`: IP Range `URL`: URL `UAG`: User Agent `HED`: Header `MTH`: Http Method `EXT`: File Type/Extension `MIM`: Content Type `CNT`: Country `ORG`: Organization `SEN`: Search Engine `REP`: IP Rep `WAF`: Web Application Firewall `CMS`: CMS `ABS`: Form Submission Validation `CLX`: Complex Custom Rule `SES`: Session `UTG`: User Tag
`result`	Result of the event e.g. `blocked`
`country`	Two-letter country code
`action`	Can be any of the following: `A`: Allow `B`: Block `C`: Captcha `G`: Gateway (Browser Validation) `H`: Handshake (Extended Browser Validation) `M`: Monitor
`method`	HTTP method
`type`	Describing the nature of the data. Can be any of the following: `block`: A blocked request `se`: Search engine `error`: 40x, 50x `header`: HTTP header
`rule_id`	ID of the WAF rule that triggered the event
`blocked`	The count of blocked requests
`scope_description`	Example: “User Tag”
`action_description`	Example: “Handshake”
`engine_description`	Example: “WAF”

Get WAF Event Statistics

Retrieves a WAF event summary report from a specific Site ID

GET https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/waf/events/stats

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`start`	-	-	ISO-8601 formatted date/time
`end`	now()	-	ISO-8601 formatted date/time
`filter_client_ip`	-	-	IPv4 address only
`filter_ref_id`	-	-	The reference ID displayed to the user when the WAF blocks a request to a site
`filter_action`	-	-	The action taken by the WAF
`filter_result`	-	-	The result of the event

Response Parameters

Parameter	Description
`count`	Statistics for requests blocked + passed
`blocked`	Statistics for requests blocked. Each statistic report contains:
`actions`	A set of key/value pairs of WAF actions and their number of total or blocked requests
`countries`	A list of countries, the country’s two-letter code, and the count of total or blocked requests from that country
`organizations`	A list of organizations and the count of total or blocked requests from that organization
`threats`	A list WAF rule names and the the count of total or blocked requests triggered by the rule

Get WAF Event

Retrieves an individual WAF event from a specific Site ID and Event ID

GET https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/waf/events/{event_id}

Response Parameters

Parameter	Description
`id`	The WAF event’s programmatic ID
`count`	Number of requests blocked + passed
`blocked`	The count of blocked requests
`timestamp`	Unix time
`ref_id`	33 character alphanumeric string displayed to the user when the WAF blocks a request to a site
`request_type`	Describing the nature of the data. Can be any of the following: `block`: A blocked request `se`: Search engine `error`: 40x, 50x `header`: HTTP header
`action`	Can be any of the following: `A`: Allow `B`: Block `C`: Captcha `G`: Gateway (Browser Validation) `H`: Handshake (Extended Browser Validation) `M`: Monitor
`result`	Result of the event e.g. `blocked`
`rule_id`	ID of the WAF rule that triggered the event
`rule_name`	Name of the rule that triggered the event
`client_ip`	IPv4 address only
`organization`	The client IP’s owning organization
`country`	A human readable country name
`country_code`	Two-letter country code
`method`	HTTP method
`scheme`	The request scheme: `HTTP` or `HTTPS`
`domain`	The domain name
`url`	The path portion of the URI
`query_string`	The query string portion of the URI
`user_agent`	A set of key/value pairs describing the user agent used in the request that triggered the event, including the raw user agent string, and estimations of the client type, OS, browser, and device
`headers`	A set of key/value pairs of the headers of the request that triggered the WAF event

Get WAF Statistics

Retrieves a WAF traffic and event summary report from a specific Site ID

GET https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/waf/stats

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`date_from`	-	-	ISO-8601 formatted date/time
`date_to`	now()	-	ISO-8601 formatted date/time
`report_type`	-	-	`hourly` or `minutely` granularity

Response Parameters

Parameter	Description
`request_count`	The number of requests blocked + passed
`blocked_count`	The number of requests blocked
`policy_hit_count`	The number of requests blocked by policy
`rule_hit_count`	The number of requests blocked by rule
`bot_count`	The number of requests blocked by bot detection
`traffic`	The WAF traffic reported from `date_from` to `date_to`
`statistics`	A summary of WAF events reported from `date_from` to `date_to`. These statistics contain:
`countries`	A list of countries, the country’s two-letter code, and the count of blocked requests from that country
`organizations`	A list of organizations and the count of blocked requests from that organization
`threats`	A list WAF rule names and the the count of blocked requests triggered by the rule

Raw Logs

Get Raw Logs

Retrieve up to five days of raw log data

GET https://api.stackpath.com/v1/{companyalias}/logs

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`start`	now() - 1 hour	ISO-8601 formatted date/time	The start of the range for requests to pull.
`end`	now()	ISO-8601 formatted date/time	The end of the range for requests to pull
`zones`	-	CSV of ints	The specific zones whose requests you want to pull. Separate multiple zone ids by comma
`uri`	-	string	Use this filter to view requests made for a specific resource (or group of resources). You can do a literal match or regular expression in this field (i.e. ‘/images/header.png’ or ‘regex:/images/’)
`status`	-	CSV of ints	The specific HTTP status code responses you want to pull. Separate multiple HTTP status codes by comma (i.e. 200,201,304)
`ssl`	both	enum(nossl, ssl, both)	Use this filter to distinguish between SSL and non-SSL traffic (choose nossl, ssl or both)
`user_agent`	-	string	Filter logs by specific user agents. You can do a literal match or regular expression in this field (i.e. ‘Python StackPath API Client’ or ‘regex:Chrome’)
`referer`	-	string	Filter logs by a specific referer. You can do a literal match or regular expression in this field (i.e. ‘www.StackPath.com’ or ‘regex:StackPath.com’)
`pop`	-	CSV of strings	Filter logs by specific POPs (Points Of Presence), use comma separation for multiple POPs. Possible values: ams, atl, aus, chi, dal, den, fra, hkg, jfk, lax, lhr, mia, sea, sfo, sin, sjc, slc, tko, vir
`query_string`	-	string	Filter logs by a specific query string. You can do a literal match or regular expression in this field (i.e. ‘width=600’ or ‘regex:width’)
`limit`	100	int	How many records should be retrieved per page. Maximum is 1000
`start_key`	-	string	String-based key for next page of records to return, for easy pagination or streaming. This key will be provided in the “next_page_key” from a response.
`sort`	recent	enum(recent, oldest)	Display records sorted by newest first or oldest first

Response Parameters

Parameter	Description
`limit`	The maximum number of records retrieved
`page`	The current page of records retrieved
`request_time`	Time in milliseconds for request to complete
`next_page_key`	Number string that can be used to load the next page
`records`	Total records displayed
`bytes`	Total bytes of request
`client_asn`	Visitor’s “access network” (ISP)
`client_city`	Visitor’s city
`client_continent`	Visitor’s continent
`client_country`	Visitor’s country
`client_dma`	Visitor’s “designated market area”
`client_ip`	Visitor’s public IP
`client_latitude`	Visitor’s geographical latitude (roughly)
`client_longitude`	Visitor’s geographical longitude (roughly)
`client_state`	Visitor’s state
`company_id`	Your company ID
`cache_status`	CDN status of the file (HIT, MISS)
`hostname`	Domain name that was visited
`method`	HTTP request method
`origin_time`	How long it takes StackPath to retrieve the file (if cache status was a MISS)
`pop`	Point Of Presence that was hit (LAX, LHR, TYO, etc.)
`protocol`	HTTP protocol used
`query_string`	Query string attached to a file (ex. ver=1.2)
`referer`	Referring site
`scheme`	HTTP or HTTPS
`status`	HTTP status code (200, 404, 302, etc.)
`time`	UTC timestamp of the request
`uri`	File requested
`user_agent`	Text identifying the visitor’s browser
`zone_id`	ID of the Push/Pull/VOD zone hit

Origin Shield

Enable Origin Shield

Enable an Origin Shield on your site

POST https://api.stackpath.com/v1/{companyalias}/sites/{zone_id}/zoneshields

Accepted Request Parameters

Parameter	Description
`location`	Possible values: sjc for San Jose, vir for Virginia

Response Parameters

Parameter	Description
`id`	The numerical ID of your request
`site_id`	Your site ID
`reporting_code`	The chosen geographical location of the Origin Shield

Update Origin Shield

Update the active Origin Shield for your site

PUT https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/zoneshields

Accepted Request Parameters

Parameter	Description
`location`	Possible values: sjc for San Jose, vir for Virginia

Response Parameters

Parameter	Description
`id`	The numerical ID of your request
`site_id`	Your site ID
`reporting_code`	The chosen geographical location of the Origin Shield

Delete Origin Shield

Remove the active Origin Shield from your site

DELETE https://api.stackpath.com/v1/{companyalias}/sites/{site_id}/zoneshields

SSL

List Certificates

Returns a list of all certificates on the specified account

GET https://api.stackpath.com/v1/{companyalias}/ssl

Response Parameters

Parameter	Description
`certificates`	An array of certificates for the given user

Create Certificate

Creates a new SSL Certificate on the specified account

POST https://api.stackpath.com/v1/{companyalias}/ssl

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`ssl_crt`	-	required length: text;	Certificate
`ssl_key`	-	required length: text	Certificate Private Key
`ssl_cabundle`	-	length: text	Certificate Authority Intermediate Bundle
`name`	auto_{domain}{expiration}{update}	length: 1-255	Use descriptive name

Response Parameters

Parameter	Description
`ssl`	The information about the certificate (see List Certificates response)

Get SSL Certificate

Gets a specific SSL certificate by the {ssl_id} parameter

GET https://api.stackpath.com/v1/{companyalias}/ssl/{ssl_id}

Response Parameters

Parameter	Description
`ssl`	The information about the certificate (see List Certificates response)

Update SSL Certificate

Updates an SSL Certificate specified by the {ssl_id} parameter

PUT https://api.stackpath.com/v1/{companyalias}/ssl/{ssl_id}

Accepted Request Parameters

Parameter	Default Value	Validation	Description
`ssl_crt`	-	required length: text;	Certificate
`ssl_key`	-	required length: text	Certificate Private Key
`ssl_cabundle`	-	length: text	Certificate Authority Intermediate Bundle
`name`	auto_{domain}{expiration}{update}	length: 1-255	Use descriptive name
`force`	0	digit	Override check to ensure that the domain has not changed

Response Parameters

Parameter	Description
`ssl`	The information about the certificate (see List Certificates response)

Delete SSL Certificate

Deletes a certificate specified by the {ssl_id} parameter

DELETE https://api.stackpath.com/v1/{companyalias}/ssl/{ssl_id}