X
Skip to main content
App & API Protector

App & API Protector

One-stop, zero-compromise security for websites, applications, and APIs.

Free Trial
Watch video (2:00)

Broad app and API protections in one solution

Akamai App & API Protector brings together web application firewall, bot mitigation, API security, and Layer 7 DDoS protection into a single solution. It quickly identifies vulnerabilities and mitigates threats across your entire web and API estates — even for the most complex distributed architectures. Recognized as the leading attack detection solution on the market, App & API Protector is easy to implement and use. It delivers automatic updates for security protections and provides holistic visibility into traffic and attacks.

See product brief
See reference architecture

How App & API Protector works

Route

Route

App & API Protector stops threats at the edge by routing your traffic through Akamai’s massively distributed platform.

Defend

Defend

Every request is inspected in real time to defend against DDoS, web app and API attacks, and malicious bots.

Adapt

Adapt

At the core is our Adaptive Security Engine technology, which learns attack patterns and adapts to future threats.

Simplify

Simplify

Hands-off updates, self-tuning adjustments, and API discovery prevent new vulnerabilities and simplify the effort.

A Forrester New Wave Microsegmentation report image showing a green and white wave graphic chart

Forrester Names Akamai a WAF Leader

Among 12 vendors, Akamai was recognized for its innovation, roadmap, and strategy.

Download report

Stronger security with less effort

Tailor defenses to the latest applications and threats

Dynamically adapt protections to evolving attacks — including those targeting the OWASP Top 10.

Simplify security with automated updates and self-tuning

Minimize effort with Akamai-managed updates and machine learning–powered self-tuning.

Empower developers and security teams

Operationalize security with a choice of popular tools and deploy within a CI/CD pipeline.

Features

  • Adaptive protections that automatically push the latest protections for your apps and APIs
  • Proactive self-tuning eliminates time-consuming manual maintenance
  • Developer and technical resources  keep you innovating with speed
  • Advanced API discovery so you can manage risk from new or previously unknown APIs
  • DevOps integration with a simple GUI or with our Terraform provider, APIs, or the Akamai CLI

  • Included bot detections improve security and performance
  • Fast onboarding, in-portal guides, configuration workflow, and wizard setups get you started
  • Custom dashboards, real-time alerts, and SIEM integration to investigate security vulnerabilities and triage attacks
  • Optional advanced AppSec management controls, managed services, and professional services
  • DDoS protection that responds to application-layer attacks within seconds

Malware protection module now available with App & API Protector

Malware protection scans files at the edge to prevent attackers from uploading malware to your systems.

Download brochure

Frequently Asked Questions (FAQ)

An open API is available for automating App & API Protector configuration changes in a CI/CD pipeline. A CLI and Terraform provider are also available for making API calls, or you can call the API directly. Documentation for the open APIs, CLI, and Terraform provider are publicly available; there is also a public Postman collection available for testing the API.

API Discovery runs every 24 hours and automatically finds any new APIs, and pushes alerts to the App & API Protector portal. You can add the discovered APIs to your protections in just a few clicks. App & API Protector can also proactively suggest new or updated rulesets as part of the adaptive self-tuning feature, so no manual tuning is required.

App & API Protector offers connectors for Splunk and other providers, as well as a SIEM integration module for better attack identification, detection, and forensic analysis with correlation in your SIEM.

Akamai offers three options for you to choose from to suit your business needs: 1) Fully managed, 2) Co-managed where Akamai assists you, and 3) Self-service.

Akamai’s update release process consists of a rigorous set of testing stages relying on our extensive intelligence database, machine learning, and human threat expertise. Automated and manual reviews at each stage of testing are purposefully designed to ensure accuracy and minimize false positives. After the update has passed all stages of internal testing on synthetic traffic and real traffic through our “evaluation mode,” the update is released in batches, monitored closely, and refined if necessary.

Akamai architects its products with the understanding that our customers cannot have any latency — their business depends on it. App & API Protector — like all of Akamai’s products — is highly efficient, and the impact to your app/site performance should not be perceptible to users.

Capital Group Customer

Fintech leader Finastra protects open finance apps and APIs with Akamai

Application Security Use Cases

Learn how application security provides critical DoS/DDoS protection, bot visibility, and malware protection, and works closely with our other security offerings.

DoS/DDoS protection

DoS/DDoS protection

Recognized as a market-leading DDoS solution, App & API Protector instantly drops network-layer DDoS attacks at the edge. You are not only protected from DDoS attacks but also the traffic spikes of an attack — Akamai DDoS Fee Protection provides credit for any overage fees incurred due to a DDoS attack.

Bot visibility

Bot visibility

Gain real-time visibility into your bot traffic with access to Akamai’s expansive directory of more than 1,700 known bots. Investigate skewed web analytics, prevent origin overload, and create your own bot definitions to permit access to third-party and partner bots without obstruction. Increase your bot security controls with Akamai’s bot solution to protect against credential stuffing, web scraping, mass account creation, inventory manipulation, and card cracking.

Malware protection

Malware protection

This add-on module can scan files before they’re uploaded once at the edge to detect and block malware from entering your corporate systems as malicious file uploads. With no additional app or API configuration required, you free up the time you’d spend setting up protection in each system individually.

Site Shield

Site Shield

Prevent attackers from bypassing cloud-based protections and targeting your origin infrastructure with this customer-favorite product that is now included in App & API Protector. Also in Akamai’s security portfolio, Page Integrity Manager, Account Protector, and Audience Hijacking Protector can extend your in-browser security capabilities.

Products that work well with App & API Protector

API Security

Gain full visibility into your entire API estate with continuous detection and monitoring.

Learn more

Client-Side Protection & Compliance

Defend your site from client-side threats. Spot and block malicious activity.

Learn more

Bot Manager

Stop the most dangerous, evasive bots before they erode customer trust.

Learn more

Resources

White Paper

Simplify Your Web Application Security

Today’s complex applications give cybercriminals countless ways to attack. Here’s why the best defense is simplicity.

Read white paper View all white papers
ebook

The 5 Myths of Web Application Firewalls Dispelled

Learn why addressing the most common WAF myths can help improve your security posture.

Read ebook View all ebooks

Free Trial: App & API Protector

What difference can the world’s largest edge platform make for you? Take App & API Protector for a 30-day test run and find out.

Thank you for requesting an App & API Protector trial! You’ll receive an email containing a request for you to verify your email address. Once verified, you’ll receive your login credentials via email to begin your trial configuration.