Fastly API Essential Guide

What type of API does Fastly provide?

Fastly primarily uses a RESTful API. Here are the key points about Fastly's API:

Type of API

• Fastly uses a RESTful API

Key Features

• Provides access to all features available through the Fastly web interface
• Organized into collections of endpoints for manipulating objects related to Fastly services and accounts
• Requires TLS 1.2 for security

Authentication

• Most endpoints require authentication using an API token
• API tokens can be created via the API or web interface
• Tokens are included in requests using the Fastly-Key HTTP header

Clients and Tools

• Official client libraries available in multiple languages including Go, JavaScript, PHP, Perl, Python, Ruby, and Rust
• Terraform provider available
• Postman collection available for exploring the API

Other API Support

• While Fastly's main API is RESTful, they do offer protection for other API types like GraphQL through their Next-Gen WAF product

Does the Fastly API have webhooks?

Yes, the official Fastly API does have webhooks. Here are the key points about Fastly's webhook capabilities:

Webhook Support

1. Fastly offers webhook functionality as part of its Notification Service API.

2. Webhooks are supported as one of the integration types for notifications and alerts related to the Fastly product.

Event Types

You can subscribe to various types of events through Fastly's webhooks, including:

1. Next-Gen WAF activity:

   • You can subscribe to notifications for certain activity on the Next-Gen WAF.
   • You can choose to be alerted for "All activity" or "Specific activity" types.

2. Service status notifications:

   • Fastly allows subscribing to status notifications for their global network and related services.
   • You can receive updates about scheduled maintenance, hardware upgrades, traffic re-routing, or service interruptions.

3. While not explicitly listed, it's likely that other types of events related to Fastly's services can also be subscribed to via webhooks, given the broad scope of the Notification Service API.

Setting Up Webhooks

To set up a webhook:

1. For Next-Gen WAF:

   • Select a site from the Sites menu.
   • Enter a URL to receive notifications in the Webhook URL field.
   • Choose between "All activity" or "Specific activity" for alerts.

2. For service status notifications:

   • Navigate to the subscription options on Fastly's status page.
   • Enter the URL of your custom webhook in the Webhook field.

3. Through the API:

   • Use the Notification Service API to programmatically create and manage webhook integrations.

Best Practices

1. Use HTTPS endpoints to ensure secure transmission of webhook data.
2. Implement proper authentication and validation on your webhook endpoint to ensure the integrity of received data.
3. Design your webhook handling system to be idempotent, as Fastly may send multiple notifications for the same event in some cases.

In summary, Fastly's API does support webhooks, allowing you to subscribe to various events related to their services, including Next-Gen WAF activity and service status updates. The exact range of event types may be broader, and you can set up webhooks through both the web interface and the API.

Rate Limits and other limitations

Based on the search results provided, here are the key points about the API rate limits for the Fastly API:

General API Rate Limit

• The default rate limit for API write operations is 1,000 requests per hour per user account or automation token [3].

• This general rate limit applies to each user account, regardless of how many tokens are attached to that user [3].

Exceptions to the General Rate Limit

• Read operations (GET and HEAD requests): Unlimited [3]

• Single-URL and surrogate key purges: Limited to an average of 100,000 purges per customer per hour [3]

• Anonymous (unauthenticated) requests: Unlimited [3]

Rate Limit Response

• If you exceed the rate limit, you will receive a 429 Too Many Requests HTTP response [3].

• Rate limit information is provided in response headers:

  • Fastly-RateLimit-Remaining: Number of API requests remaining in the current rate limit window
  • Fastly-RateLimit-Reset: Time at which the current rate limit window resets (Unix timestamp) [3]

Key Considerations

• Overlapping write requests to the API may result in lost updates. Fastly strongly recommends avoiding concurrent requests that modify configuration within the same service [3].

• If you have purchased a Fastly service package that includes specific rate limits for API operations, those will apply instead of the default limits [3].

• The API requires TLS 1.2. TLS versions 1.0 and 1.1 are no longer supported due to PCI Security Standards Council mandate [3].

Authentication

• Most API endpoints require authentication with an appropriately scoped API token [3].

• To authenticate a request, include the API token in the Fastly-Key HTTP header [3].

It's important to note that these rate limits are specific to the Fastly API and may not apply to other Fastly services or features. For example, Fastly also provides rate limiting capabilities for protecting origin servers and services, which have different mechanisms and limits.

Latest API Version

Here is the markdown text with the trailing list of URLs and citation references removed, and any URLs inside the content formatted correctly for the markdown file format:

Here is the answer to your question:

The most recent version of the Fastly API is not explicitly stated in the provided search results. However, we can infer some key information about the Fastly API:

Key points:

1. The Fastly API is a RESTful API that provides access to all features available through the Fastly web interface.

2. The API requires TLS 1.2. TLS versions 1.0 and 1.1 are no longer supported due to PCI Security Standards Council mandate.

3. Most API endpoints are served on the api.fastly.com domain.

4. Authentication is required for most API endpoints using an API token, which should be included in the Fastly-Key HTTP header.

Best practices:

1. Use the latest version of TLS (1.2) when making API requests.

2. Include proper authentication using the Fastly-Key header in your API requests.

3. Consider using one of the official client libraries provided by Fastly for various programming languages.

4. If you use Postman, you can explore the Fastly API workspace or download their Postman collection.

While the search results don't provide a specific version number for the most recent Fastly API, they do indicate that Fastly regularly updates their API and documentation. To ensure you're using the most up-to-date version, it's best to refer to the official Fastly API documentation at https://www.fastly.com/documentation/reference/api/ for the latest information and changes.

How to get a Fastly developer account and API Keys?

To get a developer account for Fastly and create an API integration, you can follow these steps:

Creating a Fastly Account

1. Go to the Fastly website (www.fastly.com) and sign up for an account.
2. Once your account is created, log in to the Fastly web interface.

Obtaining an API Token

1. After logging in, navigate to the "Account" section.
2. Look for the "API Tokens" or "API" section.
3. Click on "Create Token" or a similar option to generate a new API token.

Creating an API Token

When creating your API token, you'll need to configure the following:

1. Name: Give your token a descriptive name.
2. Type: Choose between a User token or an Automation token (if you're a superuser).
3. Role: Select the appropriate role (Engineer, User, or Billing) to set permissions.
4. TLS management: Optionally grant TLS configuration abilities.
5. Scope: Choose specific scopes to limit the token's access.
6. Access: Select which services the token can access.
7. Expiration: Set an expiration date for the token or choose "never expire".

Using the API Token

Once you've created your API token:

1. Copy the token string immediately and store it securely. This is the only time you'll see the full token.

2. Use this token in your API requests by including it in the Fastly-Key HTTP header:

   Fastly-Key: YOUR_FASTLY_TOKEN
   

3. If using curl, you can include the header like this:

   curl -H "Fastly-Key: YOUR_FASTLY_TOKEN" "https://api.fastly.com/service"
   

What can you do with the Fastly API?

Based on the Fastly API documentation, here are the key data models you can interact with using the Fastly API, along with what is possible for each:

Access Control Lists (ACLs)

• Create, read, update and delete ACLs
• Manage entries within ACLs

Account

• Retrieve account details
• Manage users and permissions
• Access billing information

Authentication Tokens

• Create, read and delete API tokens
• Manage token scopes and permissions

Edge Dictionaries

• Create, update and delete edge dictionaries
• Manage key-value pairs within dictionaries

Load Balancing

• Configure load balancers and server pools
• Manage health checks and failover rules

Metrics and Stats

• Retrieve real-time and historical metrics
• Access usage statistics

Observability

• Configure real-time logging endpoints
• Retrieve and manage log data

Products

• Manage product enablements and configurations

Publishing

• Activate service versions
• Manage service configurations

Purging

• Purge content by URL, surrogate key, etc.
• Manage purge requests

Real-time Logging

• Configure logging endpoints (e.g. S3, BigQuery)
• Manage log formats and filters

Services

• Create, clone, and manage services
• Configure domains, backends, and caching rules

TLS

• Manage TLS certificates and configurations
• Configure TLS termination settings

VCL Objects

• Upload and manage custom VCL
• Configure VCL snippets

WAF

• Configure WAF rules and policies
• Manage WAF exclusions and logging

This covers the main data models exposed by the Fastly API. For each, you can typically perform CRUD operations (create, read, update, delete) as well as more specialized actions related to that particular resource type.