security

Reference

Security

Create System Bypass Rule

post/v1/security/firewall/bypass

Create new system bypass rules

Optional params

fetch-request

1await fetch("https://api.vercel.com/v1/security/firewall/bypass?projectId=SOME_STRING_VALUE&slug=SOME_STRING_VALUE&teamId=SOME_STRING_VALUE", {
2  "body": {
3    "allSources": true,
4    "domain": "SOME_STRING_VALUE",
5    "note": "SOME_STRING_VALUE",
6    "projectScope": true,
7    "sourceIp": "SOME_STRING_VALUE"
8  },
9  "headers": {
10    "Authorization": "Bearer <TOKEN>"
11  },
12  "method": "post"
13})

Parameters

Query Parameter	Description
projectId	string required
slug	string The Team slug to perform the request on behalf of.
teamId	string The Team identifier to perform the request on behalf of.

Response

One of the following objects
One of

Response Codes

Code	Description
`200`
`400`	One of the provided values in the request body is invalid. One of the provided values in the request query is invalid.
`401`
`403`	You do not have permission to access this resource.
`404`
`500`

Optional params

fetch-request

1await fetch("https://api.vercel.com/v1/security/firewall/bypass?projectId=SOME_STRING_VALUE&slug=SOME_STRING_VALUE&teamId=SOME_STRING_VALUE", {
2  "body": {
3    "allSources": true,
4    "domain": "SOME_STRING_VALUE",
5    "note": "SOME_STRING_VALUE",
6    "projectScope": true,
7    "sourceIp": "SOME_STRING_VALUE"
8  },
9  "headers": {
10    "Authorization": "Bearer <TOKEN>"
11  },
12  "method": "post"
13})

Read System Bypass

get/v1/security/firewall/bypass

Retrieve the system bypass rules configured for the specified project

Optional params

fetch-request

1await fetch("https://api.vercel.com/v1/security/firewall/bypass?projectId=SOME_STRING_VALUE&domain=SOME_STRING_VALUE&limit=10&offset=SOME_STRING_VALUE&projectScope=true&slug=SOME_STRING_VALUE&sourceIp=SOME_STRING_VALUE&teamId=SOME_STRING_VALUE", {
2  "headers": {
3    "Authorization": "Bearer <TOKEN>"
4  },
5  "method": "get"
6})

Parameters

Query Parameter	Description
projectId	string required
domain	string Filter by domain `<= 2544 characters`
limit	number `<=128` Example:`10`
offset	string Used for pagination. Retrieves results after the provided id `<= 2560 characters`
projectScope	boolean Filter by project scoped rules
slug	string The Team slug to perform the request on behalf of.
sourceIp	string Filter by source IP `<= 49 characters`
teamId	string The Team identifier to perform the request on behalf of.

Response

One of the following objects
One of

Response Codes

Code	Description
`200`
`400`	One of the provided values in the request query is invalid.
`401`
`403`	You do not have permission to access this resource.
`404`
`500`

Optional params

fetch-request

1await fetch("https://api.vercel.com/v1/security/firewall/bypass?projectId=SOME_STRING_VALUE&domain=SOME_STRING_VALUE&limit=10&offset=SOME_STRING_VALUE&projectScope=true&slug=SOME_STRING_VALUE&sourceIp=SOME_STRING_VALUE&teamId=SOME_STRING_VALUE", {
2  "headers": {
3    "Authorization": "Bearer <TOKEN>"
4  },
5  "method": "get"
6})

Read Firewall Configuration

get/v1/security/firewall/config/{configVersion}

Retrieve the specified firewall configuration for a project. The deployed configVersion will be active

Optional params

fetch-request

1await fetch("https://api.vercel.com/v1/security/firewall/config/configVersion?projectId=SOME_STRING_VALUE&slug=SOME_STRING_VALUE&teamId=SOME_STRING_VALUE", {
2  "headers": {
3    "Authorization": "Bearer <TOKEN>"
4  },
5  "method": "get"
6})

Parameters

Query Parameter	Description
projectId	string required
slug	string The Team slug to perform the request on behalf of.
teamId	string The Team identifier to perform the request on behalf of.

Response

changesarrayRequired

crsobjectRequired

Properties
firewallEnabledbooleanRequired

idstringRequired

ipsarrayRequired
Properties
managedRulesobject

Properties
ownerIdstringRequired

projectKeystringRequired

rulesarrayRequired
Properties
updatedAtstringRequired

versionnumberRequired

Response Codes

Code	Description
`200`	If the firewall configuration includes a custom managed ruleset, it will include a `crs` item that has the following values: sd: Scanner Detection ma: Multipart Attack lfi: Local File Inclusion Attack rfi: Remote File Inclusion Attack rce: Remote Execution Attack php: PHP Attack gen: Generic Attack xss: XSS Attack sqli: SQL Injection Attack sf: Session Fixation Attack java: Java Attack
`400`	One of the provided values in the request query is invalid.
`401`
`403`	You do not have permission to access this resource.
`404`

Optional params

fetch-request

1await fetch("https://api.vercel.com/v1/security/firewall/config/configVersion?projectId=SOME_STRING_VALUE&slug=SOME_STRING_VALUE&teamId=SOME_STRING_VALUE", {
2  "headers": {
3    "Authorization": "Bearer <TOKEN>"
4  },
5  "method": "get"
6})

Put Firewall Configuration

put/v1/security/firewall/config

Set the firewall configuration to provided rules and settings. Creates or overwrite the existing firewall configuration.

Optional params

fetch-request

1await fetch("https://api.vercel.com/v1/security/firewall/config?projectId=SOME_STRING_VALUE&slug=SOME_STRING_VALUE&teamId=SOME_STRING_VALUE", {
2  "body": {
3    "firewallEnabled": true,
4    "crs": {
5      "sd": {
6        "active": true,
7        "action": "deny"
8      },
9      "ma": {
10        "active": true,
11        "action": "deny"
12      },
13      "lfi": {
14        "active": true,
15        "action": "deny"
16      },
17      "rfi": {
18        "active": true,
19        "action": "deny"
20      },
21      "rce": {
22        "active": true,
23        "action": "deny"
24      },
25      "php": {
26        "active": true,
27        "action": "deny"
28      },
29      "gen": {
30        "active": true,
31        "action": "deny"
32      },
33      "xss": {
34        "active": true,
35        "action": "deny"
36      },
37      "sqli": {
38        "active": true,
39        "action": "deny"
40      },
41      "sf": {
42        "active": true,
43        "action": "deny"
44      },
45      "java": {
46        "active": true,
47        "action": "deny"
48      }
49    },
50    "ips": [
51      {
52        "id": "SOME_STRING_VALUE",
53        "hostname": "SOME_STRING_VALUE",
54        "ip": "SOME_STRING_VALUE",
55        "notes": "SOME_STRING_VALUE",
56        "action": "deny"
57      }
58    ],
59    "managedRules": {
60      "owasp": {
61        "active": true
62      }
63    },
64    "rules": [
65      {
66        "id": "SOME_STRING_VALUE",
67        "name": "SOME_STRING_VALUE",
68        "description": "SOME_STRING_VALUE",
69        "active": true,
70        "conditionGroup": [
71          {
72            "conditions": "SOME_ARRAY_VALUE"
73          }
74        ],
75        "action": {
76          "mitigate": {
77            "action": "log",
78            "rateLimit": "ANY_TYPE_VALUE",
79            "redirect": "ANY_TYPE_VALUE",
80            "actionDuration": "SOME_STRING_VALUE"
81          }
82        }
83      }
84    ]
85  },
86  "headers": {
87    "Authorization": "Bearer <TOKEN>"
88  },
89  "method": "put"
90})

Parameters

Query Parameter	Description
projectId	string required
slug	string The Team slug to perform the request on behalf of.
teamId	string The Team identifier to perform the request on behalf of.

Response

activeobjectRequired

Properties

Response Codes

Code	Description
`200`
`400`	One of the provided values in the request body is invalid. One of the provided values in the request query is invalid.
`401`
`402`
`403`	You do not have permission to access this resource.
`404`
`500`

Optional params

fetch-request

1await fetch("https://api.vercel.com/v1/security/firewall/config?projectId=SOME_STRING_VALUE&slug=SOME_STRING_VALUE&teamId=SOME_STRING_VALUE", {
2  "body": {
3    "firewallEnabled": true,
4    "crs": {
5      "sd": {
6        "active": true,
7        "action": "deny"
8      },
9      "ma": {
10        "active": true,
11        "action": "deny"
12      },
13      "lfi": {
14        "active": true,
15        "action": "deny"
16      },
17      "rfi": {
18        "active": true,
19        "action": "deny"
20      },
21      "rce": {
22        "active": true,
23        "action": "deny"
24      },
25      "php": {
26        "active": true,
27        "action": "deny"
28      },
29      "gen": {
30        "active": true,
31        "action": "deny"
32      },
33      "xss": {
34        "active": true,
35        "action": "deny"
36      },
37      "sqli": {
38        "active": true,
39        "action": "deny"
40      },
41      "sf": {
42        "active": true,
43        "action": "deny"
44      },
45      "java": {
46        "active": true,
47        "action": "deny"
48      }
49    },
50    "ips": [
51      {
52        "id": "SOME_STRING_VALUE",
53        "hostname": "SOME_STRING_VALUE",
54        "ip": "SOME_STRING_VALUE",
55        "notes": "SOME_STRING_VALUE",
56        "action": "deny"
57      }
58    ],
59    "managedRules": {
60      "owasp": {
61        "active": true
62      }
63    },
64    "rules": [
65      {
66        "id": "SOME_STRING_VALUE",
67        "name": "SOME_STRING_VALUE",
68        "description": "SOME_STRING_VALUE",
69        "active": true,
70        "conditionGroup": [
71          {
72            "conditions": "SOME_ARRAY_VALUE"
73          }
74        ],
75        "action": {
76          "mitigate": {
77            "action": "log",
78            "rateLimit": "ANY_TYPE_VALUE",
79            "redirect": "ANY_TYPE_VALUE",
80            "actionDuration": "SOME_STRING_VALUE"
81          }
82        }
83      }
84    ]
85  },
86  "headers": {
87    "Authorization": "Bearer <TOKEN>"
88  },
89  "method": "put"
90})

Remove System Bypass Rule

delete/v1/security/firewall/bypass

Remove system bypass rules

Optional params

fetch-request

1await fetch("https://api.vercel.com/v1/security/firewall/bypass?projectId=SOME_STRING_VALUE&slug=SOME_STRING_VALUE&teamId=SOME_STRING_VALUE", {
2  "body": {
3    "allSources": true,
4    "domain": "SOME_STRING_VALUE",
5    "note": "SOME_STRING_VALUE",
6    "projectScope": true,
7    "sourceIp": "SOME_STRING_VALUE"
8  },
9  "headers": {
10    "Authorization": "Bearer <TOKEN>"
11  },
12  "method": "delete"
13})

Parameters

Query Parameter	Description
projectId	string required
slug	string The Team slug to perform the request on behalf of.
teamId	string The Team identifier to perform the request on behalf of.

Response

okbooleanRequired

Response Codes

Code	Description
`200`
`400`	One of the provided values in the request body is invalid. One of the provided values in the request query is invalid.
`401`
`403`	You do not have permission to access this resource.
`404`
`500`

Optional params

fetch-request

1await fetch("https://api.vercel.com/v1/security/firewall/bypass?projectId=SOME_STRING_VALUE&slug=SOME_STRING_VALUE&teamId=SOME_STRING_VALUE", {
2  "body": {
3    "allSources": true,
4    "domain": "SOME_STRING_VALUE",
5    "note": "SOME_STRING_VALUE",
6    "projectScope": true,
7    "sourceIp": "SOME_STRING_VALUE"
8  },
9  "headers": {
10    "Authorization": "Bearer <TOKEN>"
11  },
12  "method": "delete"
13})

Update Attack Challenge mode

post/v1/security/attack-mode

Update the setting for determining if the project has Attack Challenge mode enabled.

Optional params

fetch-request

1await fetch("https://api.vercel.com/v1/security/attack-mode?slug=SOME_STRING_VALUE&teamId=SOME_STRING_VALUE", {
2  "body": {
3    "attackModeEnabled": true,
4    "projectId": "SOME_STRING_VALUE",
5    "attackModeActiveUntil": "SOME_NUMBER_VALUE"
6  },
7  "headers": {
8    "Authorization": "Bearer <TOKEN>"
9  },
10  "method": "post"
11})

Parameters

Query Parameter	Description
slug	string The Team slug to perform the request on behalf of.
teamId	string The Team identifier to perform the request on behalf of.

Response

attackModeEnabledbooleanRequired

attackModeUpdatedAtnumberRequired

Response Codes

Code	Description
`200`
`400`	One of the provided values in the request body is invalid.
`401`
`403`	You do not have permission to access this resource.
`404`

Optional params

fetch-request

1await fetch("https://api.vercel.com/v1/security/attack-mode?slug=SOME_STRING_VALUE&teamId=SOME_STRING_VALUE", {
2  "body": {
3    "attackModeEnabled": true,
4    "projectId": "SOME_STRING_VALUE",
5    "attackModeActiveUntil": "SOME_NUMBER_VALUE"
6  },
7  "headers": {
8    "Authorization": "Bearer <TOKEN>"
9  },
10  "method": "post"
11})

Update Firewall Configuration

patch/v1/security/firewall/config

Process updates to modify the existing firewall config for a project

Optional params

fetch-request

1await fetch("https://api.vercel.com/v1/security/firewall/config?projectId=SOME_STRING_VALUE&slug=SOME_STRING_VALUE&teamId=SOME_STRING_VALUE", {
2  "body": {
3    "action": "SOME_STRING_VALUE",
4    "id": "SOME_NULL_VALUE",
5    "value": true
6  },
7  "headers": {
8    "Authorization": "Bearer <TOKEN>"
9  },
10  "method": "patch"
11})

Parameters

Query Parameter	Description
projectId	string required
slug	string The Team slug to perform the request on behalf of.
teamId	string The Team identifier to perform the request on behalf of.

Response

object

Response Codes

Code	Description
`200`
`400`	One of the provided values in the request body is invalid. One of the provided values in the request query is invalid.
`401`
`402`
`403`	You do not have permission to access this resource.
`404`
`500`

Optional params

fetch-request

1await fetch("https://api.vercel.com/v1/security/firewall/config?projectId=SOME_STRING_VALUE&slug=SOME_STRING_VALUE&teamId=SOME_STRING_VALUE", {
2  "body": {
3    "action": "SOME_STRING_VALUE",
4    "id": "SOME_NULL_VALUE",
5    "value": true
6  },
7  "headers": {
8    "Authorization": "Bearer <TOKEN>"
9  },
10  "method": "patch"
11})

Last updated on January 15, 2025

Change secret name

Create System Bypass Rule

Was this helpful?