Skip to main content
GET
Get filtered traffic data

Authorizations

Authorization
string
header
required

API key for authentication. Make sure to include the word apikey, followed by a single space and then your token. Example: apikey 1234$abcdef

Query Parameters

domains
integer[]

List of domain IDs. Empty list means all domains belonging to the current account.

Domain ID

Example:
resolution
enum<string>
required

Specifies the granularity of the result data.

Available options:
daily,
hourly,
minutely
bucket_size
enum<integer> | null

Optional explicit aggregation bucket width in seconds. When supplied, bucket_size supersedes resolution for aggregation granularity.

Available options:
60,
300,
600,
900,
1800,
3600,
7200,
10800,
21600,
43200,
86400
start
string
required

Filter data items starting from a specified date in ISO 8601 format

Example:

"2024-04-13T00:00:00+01:00"

end
string | null

Filter data items up to a specified end date in ISO 8601 format. If not provided, defaults to the current date and time.

Example:

"2024-04-14T12:00:00Z"

ips
string<ipvanyaddress>[]

Filter traffic data by client IP.

Example:
path
string[]

Filter by URL path. '*' is wildcard.

Example:
countries
string[]

Filter data by a country code of the originating IP address in ISO 3166-1 alpha-2 format.

Pattern: ^\w{2}$
Example:
status_codes
integer[]

Filter data by HTTP response status code.

Required range: 100 <= x <= 599
Example:
http_methods
enum<string>[]

Filter by HTTP methods

An HTTP method of a request.

Available options:
DELETE,
GET,
HEAD,
OPTIONS,
PATCH,
POST,
PUT,
TRACE
Example:
reference_ids
string[]

Filter data by reference IDs.

Pattern: ^[a-f0-9]{32}$
request_ids
string[]

Filter data by request IDs.

Pattern: ^[a-f0-9]{32}-[0-9]{6}$
Example:
exclude_request_ids
string[]

Exclude data by request IDs.

Pattern: ^[a-f0-9]{32}-[0-9]{6}$
Example:
session_ids
string[]

Filter data by session IDs.

Pattern: ^[a-f0-9]{32}$
security_rule_names
string[]

Filter data by name of a security rule matched the request.

Maximum string length: 100
Pattern: ^[a-zA-Z0-9_ ~!@#$%^&*()+\[\]{}|.,;:<>?/-]*$
Example:
decision
enum<string>[]

Filter data by decision.

Filter data by the event decision.

Available options:
blocked,
monitored,
allowed,
passed
Example:
optional_action
enum<string>[]

Filter data by optional action.

An optional action that may be applied in addition to the primary decision.

Available options:
captcha,
challenge
Example:
exclude_ips
string<ipvanyaddress>[]

Exclude traffic data by client IP.

Example:
exclude_countries
string[]

Exclude data by a country code of the originating IP address in ISO 3166-1 alpha-2 format.

Pattern: ^\w{2}$
Example:
exclude_session_ids
string[]

Exclude data by session IDs.

Pattern: ^[a-f0-9]{32}$
exclude_reference_ids
string[]

Exclude data by reference IDs.

Pattern: ^[a-f0-9]{32}$
exclude_security_rule_names
string[]

Exclude data by name of a security rule matched the request.

Maximum string length: 100
Pattern: ^[a-zA-Z0-9_ ~!@#$%^&*()+\[\]{}|.,;:<>?/-]*$
Example:
exclude_domains
integer[]

Exclude data by domain ID.

ja3
string[]

Filter by JA3 TLS client fingerprint. Each value must be exactly 32 hexadecimal characters (mixed case allowed) and is case-folded to lowercase when the backend filter is built. Supply multiple values to match any of them. Omit the parameter to apply no JA3 filter.

Maximum array length: 10
Pattern: ^[0-9a-fA-F]{32}$
Example:
ja4
string[]

Filter by JA4 TLS client fingerprint. When present, the value must match the JA4 form <ja4_a>_<ja4_b>_<ja4_c> (a 10-character prefix and two 12-character hexadecimal hashes, mixed case allowed) and is case-folded to lowercase when the backend filter is built. Supply multiple values to match any of them. Omit the parameter entirely to apply no JA4 filter.

Maximum array length: 10
Pattern: ^[0-9a-zA-Z]{10}_[0-9a-fA-F]{12}_[0-9a-fA-F]{12}$
Example:
user_agent
string[]

Include entries whose user agent contains any of the supplied texts, case-insensitive partial match. Omit or provide an empty list to apply no user agent text filter.

Maximum array length: 10
Maximum string length: 300
Example:
user_agent_clients
string[]

Include entries whose parsed user agent client exactly equals any supplied value. Omit or provide an empty list to apply no user agent client filter.

Maximum array length: 10
Maximum string length: 50
Example:
user_agent_devices
string[]

Include entries whose parsed user agent device exactly equals any supplied value. Omit or provide an empty list to apply no user agent device filter.

Maximum array length: 10
Maximum string length: 50
Example:
tags
string[]

Include entries whose tag exactly equals any supplied value. Omit or provide an empty list to apply no tag filter.

Maximum array length: 5
Maximum string length: 50
Example:
organizations
string[]

Include entries whose organization exactly equals any supplied value. Omit or provide an empty list to apply no organization filter.

Maximum array length: 10
Maximum string length: 100
Example:
exclude_user_agent
string[]

Exclude entries whose user agent contains any of the supplied texts, case-insensitive partial match. Omit or provide an empty list to apply no user agent text exclusion.

Maximum array length: 10
Maximum string length: 300
Example:
exclude_user_agent_clients
string[]

Exclude entries whose parsed user agent client exactly equals any supplied value. Omit or provide an empty list to apply no user agent client exclusion.

Maximum array length: 10
Maximum string length: 50
Example:
exclude_user_agent_devices
string[]

Exclude entries whose parsed user agent device exactly equals any supplied value. Omit or provide an empty list to apply no user agent device exclusion.

Maximum array length: 10
Maximum string length: 50
Example:
exclude_ja3
string[]

Exclude entries whose JA3 TLS client fingerprint matches any of the supplied values. Each value must be exactly 32 hexadecimal characters (mixed case allowed) and is case-folded to lowercase when the backend filter is built. Supply multiple values to exclude any of them. Omit the parameter to apply no JA3 exclusion.

Maximum array length: 10
Pattern: ^[0-9a-fA-F]{32}$
Example:
exclude_ja4
string[]

Exclude entries whose JA4 TLS client fingerprint equals any of the supplied values. An item must match the JA4 form <ja4_a>_<ja4_b>_<ja4_c> (a 10-character prefix and two 12-character hexadecimal hashes, mixed case allowed) and is case-folded to lowercase when the backend filter is built. Omit the parameter to apply no JA4 exclusion.

Maximum array length: 10
Pattern: ^[0-9a-zA-Z]{10}_[0-9a-fA-F]{12}_[0-9a-fA-F]{12}$
Example:
exclude_tags
string[]

Exclude entries whose tag exactly equals any supplied value. Omit or provide an empty list to apply no tag exclusion.

Maximum array length: 5
Maximum string length: 50
Example:
exclude_organizations
string[]

Exclude entries whose organization exactly equals any supplied value. Omit or provide an empty list to apply no organization exclusion.

Maximum array length: 10
Maximum string length: 100
Example:
exclude_status_codes
integer[]

Exclude entries with any of the given HTTP response status codes.

Required range: 100 <= x <= 599
Example:
exclude_http_methods
enum<string>[]

Exclude entries with any of the given HTTP methods.

An HTTP method of a request.

Available options:
DELETE,
GET,
HEAD,
OPTIONS,
PATCH,
POST,
PUT,
TRACE
Example:
exclude_optional_action
enum<string>[]

Exclude entries that match any of the given optional action values.

An optional action that may be applied in addition to the primary decision.

Available options:
captcha,
challenge
Example:
exclude_decision
enum<string>[]

Exclude entries that match any of the given decisions.

Decision applied to a request.

Available options:
blocked,
monitored,
allowed,
passed
Example:
exclude_path
string[]

Exclude entries that match the given URL path pattern; '*' is wildcard.

Example:

Response

Successful Response

timestamp
integer
required

UNIX timestamp indicating when the traffic data was recorded

passed
integer
default:0

Traffic (number of requests) that was passed to the origin and didn't trigger any rules

blocked
integer
default:0

Traffic blocked by a security policy, custom rule, or DDoS protection

monitored
integer
default:0

Traffic that was identified as malicious by security policies (for monitored domains)

allowed
integer
default:0

Traffic passed due to a permissive security rule