Through API Security policies, you can specify different actions for Invalid API requests.

Before using API Security, you need to ensure that there are already defined APIs under the current hostname. If there is no defined API, you need to go to the API Inventory menu and directly add APIs under API Definition or create APIs based on the API asset automatically recognized by API Discovery.

Go to API Security：

1. Log in to the CDNetworks Console, find the security product in use under Subscribed Products.
2. Go to Security Part, Configurations > Policies.
3. Find the hostname for which you want to configure security policies, click .
4. Go to API Security tab. If this policy is off, turn it on.

Set API Security Policies

On the API security page, the APIs displayed in the list are the APIs you created in the API Definition, and the default action is Not Used.
You can adjust the actions of relevant APIs according to application requirements, and the actions support Not Used, Log, and Block. You can also batch modify the actions of multiple APIs through the “Edit Action” button in the upper left corner of the list. The cloud security platform will detect the defined API specifications (including Request Methods, Authentication Method, Request Body and Parameter Constraints) and perform corresponding actions on APIs that do not meet the definition. The meaning of actions can be found in Basic Concept.
After setting API security policies, you need to click the Publish button at the bottom of the page to make the configuration effective.