Book IndexHideShow
Back to topic

Cloud Application Security

API Version 2 Overview

API Version 2 Overview

To better align with REST API standards and best practices, Imperva is gradually rolling out a new version of APIs, available for your use in managing your Cloud Application Security sites.

All existing version 1 APIs, as documented in the Cloud Application Security API Reference, continue to be supported.

The APIs documented in this section either provide an alternative to existing APIs, or provide APIs with new functionality.

In this topic:

What's new in Version 2?

  • Naming and formatting conventions for the HTTP requests are consistent with REST API standards and best practices. For example:
    • The resource to operate on, such as the rule ID, is included in the core HTTP request and not as an additional parameter.
    • Parameters are sent in JSON format in the body of the request, and not as form data.
  • In addition to POST, other common HTTP methods are used (GET, POST, PUT, DELETE).
  • In addition to reporting error codes in the response body, proper HTTP response status codes are now also returned.


The API has the following characteristics:

  • Authentication parameters are sent in the query string.
  • All other parameters are specified in JSON format in the request body.
  • All requests are in SSL.
  • Response content is provided as a JSON document.
  • UTF-8 encoding is always used.
  • Standard HTTP response error codes are used.


In order to use the API, the client must be authenticated by Imperva.

The preferred method is by submitting your API ID and API key using the x-API-Key and x-API-Id headers.

This is a more secure method than sending the API key and ID in the query string, preventing exposure of your personally identifiable information (PII).

Alternatively, you can authenticate by sending the api_id and api_key request parameters in the query string. For example:{siteId}/rules?api_id=12345&api_key=123**************789


You can create and manage API keys with granular permissions and sub account access. For details, see API Key Management.

Learn about and test the APIs

Swagger definition files are available for the Cloud WAF version 2 API.

Swagger is a cloud based, interactive API testing and documentation tool. APIs are visually rendered as a fully interactive document, enabling you to:

  • visualize and interact with the API resources
  • view and download the API documentation
  • learn how to use the API
  • try out the API before integrating it into your code using your API ID and key

For a list of API definition files, see Cloud Application Security API Definition Files.



See also:

Join the Discussion