Akamai API Security · Schema
rate-policy
Contains details about a rate policy.
API DiscoveryAPI SecurityCloud SecurityPosture ManagementRuntime ProtectionThreat Protection
Properties
| Name | Type | Description |
|---|---|---|
| additionalMatchOptions | array | The list of additional match conditions. |
| apiSelectors | array | The API endpoints to match in incoming requests. This only applies to the `api` `matchType`. |
| averageThreshold | integer | The allowed hits per second during any two-minute interval. |
| bodyParameters | array | The list of body parameters to match on. |
| burstThreshold | integer | The allowed hits per second during any five-second interval. |
| burstWindow | integer | The time span for the `burstThreshold` interval. For existing rate policies, analyze your traffic in Alert mode before you reduce the measure window from 5 seconds. [Learn more about thresholds here]( |
| clientIdentifier | string | The client identifier you want to use to identify and track request senders. The value is required only for WAF type, and `api-key` is supported only for API match criteria. Using `ip-useragent` is ty |
| condition | object | Contains information about the criteria that trigger the rate policy. |
| counterType | string | The rate policy counter type. Either `per_edge` for rate limiting to work per edge node, or `region_aggregated` for rate limiting to work using aggregated rate accounting across multiple edge nodes. |
| createDate | string | __Read-only__ The time stamp when you created the rate policy. |
| description | string | Descriptive text you provide about a policy. |
| evaluation | object | Contains details about rate policy evaluation. |
| fileExtensions | object | Contains the file extension match criteria. |
| hostnames | array | __Deprecated__. The hostnames to match. This array member is deprecated. Use the `hosts` object instead. |
| hosts | object | The hostnames to match, and whether to trigger on a match or absence of match. |
| id | integer | __Read-only__ Uniquely identifies each rate policy. |
| matchType | string | The match type in a rate policy. Either `path` to match website paths or `api` to match API paths. |
| name | string | The name you assign to a rate policy. |
| path | object | Contains details about the path match criteria. |
| pathMatchType | string | The type of paths to match in incoming requests. Either `AllRequests` to match an empty path or any path that ends in a trailing slash (`/`), `TopLevel` to match top-level hostnames only, or `Custom` |
| pathUriPositiveMatch | boolean | Whether the condition should trigger on a match (`true`) or a lack of match (`false`). |
| queryParameters | array | The list of query parameter objects to match on. |
| requestType | string | The type of requests to count towards the rate policy's thresholds. Either `ClientRequest` to count client requests to edge servers, `ClientResponse` to count edge responses to the client, `ForwardRes |
| sameActionOnIpv6 | boolean | Whether to apply the same action to the IPv6 traffic as to the IPv4 traffic. |
| type | string | The rate policy type. Either `WAF` for Web Application Firewall, or `BOTMAN` for Bot Manager. |
| updateDate | string | __Read-only__ The ISO 8601 timestamp when you last updated the rate policy. |
| useXForwardForHeaders | boolean | Whether to check the contents of the `X-Forwarded-For` header in incoming requests. |
| used | boolean | __Read-only__ Whether you're currently using the rate policy. |