Get filtered traffic data
Retrieves a traffic time series data over a set of domains. The response is suitable for plotting a time series chart. This method allows filtering the traffic data by various criteria.
Authorizations
API key for authentication. Make sure to include the word apikey, followed by a single space and then your token.
Example: apikey 1234$abcdef
Query Parameters
List of domain IDs. Empty list means all domains belonging to the current account.
Domain ID
Specifies the granularity of the result data.
daily, hourly, minutely Optional explicit aggregation bucket width in seconds. When supplied, bucket_size supersedes resolution for aggregation granularity.
60, 300, 600, 900, 1800, 3600, 7200, 10800, 21600, 43200, 86400 Filter data items starting from a specified date in ISO 8601 format
"2024-04-13T00:00:00+01:00"
Filter data items up to a specified end date in ISO 8601 format. If not provided, defaults to the current date and time.
"2024-04-14T12:00:00Z"
Filter traffic data by client IP.
Filter by URL path. '*' is wildcard.
Filter data by a country code of the originating IP address in ISO 3166-1 alpha-2 format.
^\w{2}$Filter data by HTTP response status code.
100 <= x <= 599Filter by HTTP methods
An HTTP method of a request.
DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT, TRACE Filter data by reference IDs.
^[a-f0-9]{32}$Filter data by request IDs.
^[a-f0-9]{32}-[0-9]{6}$Exclude data by request IDs.
^[a-f0-9]{32}-[0-9]{6}$Filter data by session IDs.
^[a-f0-9]{32}$Filter data by name of a security rule matched the request.
100^[a-zA-Z0-9_ ~!@#$%^&*()+\[\]{}|.,;:<>?/-]*$Filter data by decision.
Filter data by the event decision.
blocked, monitored, allowed, passed Filter data by optional action.
An optional action that may be applied in addition to the primary decision.
captcha, challenge Exclude traffic data by client IP.
Exclude data by a country code of the originating IP address in ISO 3166-1 alpha-2 format.
^\w{2}$Exclude data by session IDs.
^[a-f0-9]{32}$Exclude data by reference IDs.
^[a-f0-9]{32}$Exclude data by name of a security rule matched the request.
100^[a-zA-Z0-9_ ~!@#$%^&*()+\[\]{}|.,;:<>?/-]*$Exclude data by domain ID.
Filter by JA3 TLS client fingerprint. Each value must be exactly 32 hexadecimal characters (mixed case allowed) and is case-folded to lowercase when the backend filter is built. Supply multiple values to match any of them. Omit the parameter to apply no JA3 filter.
10^[0-9a-fA-F]{32}$Filter by JA4 TLS client fingerprint. When present, the value must match the JA4 form <ja4_a>_<ja4_b>_<ja4_c> (a 10-character prefix and two 12-character hexadecimal hashes, mixed case allowed) and is case-folded to lowercase when the backend filter is built. Supply multiple values to match any of them. Omit the parameter entirely to apply no JA4 filter.
10^[0-9a-zA-Z]{10}_[0-9a-fA-F]{12}_[0-9a-fA-F]{12}$Include entries whose user agent contains any of the supplied texts, case-insensitive partial match. Omit or provide an empty list to apply no user agent text filter.
10300Include entries whose parsed user agent client exactly equals any supplied value. Omit or provide an empty list to apply no user agent client filter.
1050Include entries whose parsed user agent device exactly equals any supplied value. Omit or provide an empty list to apply no user agent device filter.
1050Include entries whose tag exactly equals any supplied value. Omit or provide an empty list to apply no tag filter.
550Include entries whose organization exactly equals any supplied value. Omit or provide an empty list to apply no organization filter.
10100Exclude entries whose user agent contains any of the supplied texts, case-insensitive partial match. Omit or provide an empty list to apply no user agent text exclusion.
10300Exclude entries whose parsed user agent client exactly equals any supplied value. Omit or provide an empty list to apply no user agent client exclusion.
1050Exclude entries whose parsed user agent device exactly equals any supplied value. Omit or provide an empty list to apply no user agent device exclusion.
1050Exclude entries whose JA3 TLS client fingerprint matches any of the supplied values. Each value must be exactly 32 hexadecimal characters (mixed case allowed) and is case-folded to lowercase when the backend filter is built. Supply multiple values to exclude any of them. Omit the parameter to apply no JA3 exclusion.
10^[0-9a-fA-F]{32}$Exclude entries whose JA4 TLS client fingerprint equals any of the supplied values. An item must match the JA4 form <ja4_a>_<ja4_b>_<ja4_c> (a 10-character prefix and two 12-character hexadecimal hashes, mixed case allowed) and is case-folded to lowercase when the backend filter is built. Omit the parameter to apply no JA4 exclusion.
10^[0-9a-zA-Z]{10}_[0-9a-fA-F]{12}_[0-9a-fA-F]{12}$Exclude entries whose tag exactly equals any supplied value. Omit or provide an empty list to apply no tag exclusion.
550Exclude entries whose organization exactly equals any supplied value. Omit or provide an empty list to apply no organization exclusion.
10100Exclude entries with any of the given HTTP response status codes.
100 <= x <= 599Exclude entries with any of the given HTTP methods.
An HTTP method of a request.
DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT, TRACE Exclude entries that match any of the given optional action values.
An optional action that may be applied in addition to the primary decision.
captcha, challenge Exclude entries that match any of the given decisions.
Decision applied to a request.
blocked, monitored, allowed, passed Exclude entries that match the given URL path pattern; '*' is wildcard.
Response
Successful Response
UNIX timestamp indicating when the traffic data was recorded
Traffic (number of requests) that was passed to the origin and didn't trigger any rules
Traffic blocked by a security policy, custom rule, or DDoS protection
Traffic that was identified as malicious by security policies (for monitored domains)
Traffic passed due to a permissive security rule