Modify Data

System & Health

API

Description

POST /api/sendHealthCheck

Sends a health check request to verify system status and connectivity.

POST /api/deleteModuleInfo

Deletes information or data for a specified system module.

POST /api/rebootModules

Reboots specified system modules.

POST /api/updateModuleEnvAndReboot

Updates environment variables for modules and triggers a reboot.

POST /api/takeUpdate

Applies a system update and restarts affected components.

POST /api/closeLoader

Closes or dismisses the system loader/initialization interface.

POST /api/skipOnboarding

Skips the onboarding process for the current session or user.

POST /api/runTestOnboarding

Runs the onboarding test sequence to validate system configuration.

POST request for endpoint /api/sendHealthCheck

post

Body

instanceIdstringOptionalExample: 879c9527-b664-403e-9b7e-1abe0ac05ab6

Responses

200

Health check sent successfully

No content

post

/api/sendHealthCheck

POST /api/sendHealthCheck HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 53

{
  "instanceId": "879c9527-b664-403e-9b7e-1abe0ac05ab6"
}

200

Health check sent successfully

No content

POST request for endpoint /api/deleteModuleInfo

post

Body

moduleIdstringOptionalExample: TRAFFIC_COLLECTOR

Responses

200

Module info deleted successfully

No content

post

/api/deleteModuleInfo

POST /api/deleteModuleInfo HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 32

{
  "moduleId": "TRAFFIC_COLLECTOR"
}

200

Module info deleted successfully

No content

POST request for endpoint /api/rebootModules

post

Body

moduleIdsstring[]OptionalExample: TRAFFIC_COLLECTOR

Responses

200

Modules reboot initiated successfully

No content

post

/api/rebootModules

POST /api/rebootModules HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 35

{
  "moduleIds": [
    "TRAFFIC_COLLECTOR"
  ]
}

200

Modules reboot initiated successfully

No content

POST request for endpoint /api/updateModuleEnvAndReboot

post

Body

moduleIdstringOptionalExample: TRAFFIC_COLLECTOR

envVariablesobjectOptionalExample: {"DEBUG_MODE":"true","LOG_LEVEL":"INFO"}

Responses

200

Module environment updated and reboot initiated

No content

post

/api/updateModuleEnvAndReboot

POST /api/updateModuleEnvAndReboot HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 88

{
  "moduleId": "TRAFFIC_COLLECTOR",
  "envVariables": {
    "DEBUG_MODE": "true",
    "LOG_LEVEL": "INFO"
  }
}

200

Module environment updated and reboot initiated

No content

POST request for endpoint /api/takeUpdate

post

Body

versionstringOptionalExample: 1.97.0

forcebooleanOptionalExample: false

Responses

200

Update applied successfully

No content

post

/api/takeUpdate

POST /api/takeUpdate HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 34

{
  "version": "1.97.0",
  "force": false
}

200

Update applied successfully

No content

POST request for endpoint /api/closeLoader

post

Body

objectOptional

Responses

200

Loader closed successfully

No content

post

/api/closeLoader

POST /api/closeLoader HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

Loader closed successfully

No content

POST request for endpoint /api/skipOnboarding

post

Body

objectOptional

Responses

200

Onboarding skipped successfully

No content

post

/api/skipOnboarding

POST /api/skipOnboarding HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

Onboarding skipped successfully

No content

POST request for endpoint /api/runTestOnboarding

post

Body

testTypestringOptionalExample: FULL

Responses

200

Onboarding tests completed

No content

post

/api/runTestOnboarding

POST /api/runTestOnboarding HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 19

{
  "testType": "FULL"
}

200

Onboarding tests completed

No content

Settings & Toggles

API

Description

POST /api/modifyAccountSettings

Updates account-level settings and configurations.

POST /api/updateAktoUIMode

Updates the UI mode/theme for the Akto platform (light, dark, etc.).

POST /api/toggleRedactFeature

Toggles the sensitive data redaction feature on or off.

POST /api/toggleCaseSensitiveApis

Toggles case-sensitive API matching and comparison.

POST /api/switchTestingModule

Switches between different security testing modules.

POST /api/enableMergingOnVersionsInApis

Enables API version merging and consolidation.

POST /api/updateMergeAsyncOutside

Updates settings for asynchronous API merging outside the main flow.

POST /api/updateGlobalRateLimit

Updates the global rate limiting configuration for all APIs.

POST /api/updateIgnoreTimeForSummaries

Updates the time window to ignore when generating summary reports.

POST /api/updatePrivateCidrIps

Updates the list of private CIDR IP ranges for the organization.

POST /api/addMatchingPatternForProxy

Adds URL matching patterns for proxy configuration.

POST /api/updatePartnerIps

Updates the list of partner IP addresses for access control.

POST /api/toggleNewMergingEnabled

Toggles the new API merging algorithm or approach.

POST /api/toggleDoBodyMatch

Toggles body-based matching for API requests and responses.

POST /api/toggleTelemetry

Toggles telemetry and usage tracking features.

POST /api/updateUrlSettings

Updates URL-related settings and configurations.

POST /api/toggleDebugLogsFeature

Toggles debug logging for troubleshooting and diagnostics.

POST /api/updateSetupType

Updates the deployment setup type (cloud, self-hosted, etc.).

POST /api/updateTrafficAlertThresholdSeconds

Updates the time threshold for traffic alert triggering.

POST /api/toggleArchivalEnabled

Toggles data archival functionality for historical data management.

POST /api/updateRetrospectiveFilterSettings

Updates retrospective filter configurations and rules.

POST /api/updateCompulsoryDescription

Updates requirements for API descriptions and documentation.

POST /api/updateBlockLogs

Updates logging configuration for blocked or rejected requests.

POST /api/updateFilterLogPolicy

Updates the policy for filtering and managing logs.

POST request for endpoint /api/modifyAccountSettings

post

Body

settingKeystringOptionalExample: SETTING_NAME

settingValuestringOptionalExample: new_value

Responses

200

Settings updated successfully

No content

post

/api/modifyAccountSettings

POST /api/modifyAccountSettings HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 56

{
  "settingKey": "SETTING_NAME",
  "settingValue": "new_value"
}

200

Settings updated successfully

No content

POST request for endpoint /api/updateAktoUIMode

post

Body

uiModestringOptionalExample: DARK

Responses

200

UI mode updated successfully

No content

post

/api/updateAktoUIMode

POST /api/updateAktoUIMode HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 17

{
  "uiMode": "DARK"
}

200

UI mode updated successfully

No content

POST request for endpoint /api/toggleRedactFeature

post

Body

enabledbooleanOptionalExample: true

Responses

200

Redaction feature toggled successfully

No content

post

/api/toggleRedactFeature

POST /api/toggleRedactFeature HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 16

{
  "enabled": true
}

200

Redaction feature toggled successfully

No content

POST request for endpoint /api/toggleCaseSensitiveApis

post

Body

caseSensitivebooleanOptionalExample: true

Responses

200

Case sensitivity setting updated

No content

post

/api/toggleCaseSensitiveApis

POST /api/toggleCaseSensitiveApis HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 22

{
  "caseSensitive": true
}

200

Case sensitivity setting updated

No content

POST request for endpoint /api/switchTestingModule

post

Body

enabledbooleanOptionalExample: true

Responses

200

Testing module switched successfully

No content

post

/api/switchTestingModule

POST /api/switchTestingModule HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 16

{
  "enabled": true
}

200

Testing module switched successfully

No content

POST request for endpoint /api/enableMergingOnVersionsInApis

post

Body

enabledbooleanOptionalExample: true

Responses

200

Version merging setting updated

No content

post

/api/enableMergingOnVersionsInApis

POST /api/enableMergingOnVersionsInApis HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 16

{
  "enabled": true
}

200

Version merging setting updated

No content

POST request for endpoint /api/updateMergeAsyncOutside

post

Body

enabledbooleanOptionalExample: true

Responses

200

Async merge setting updated

No content

post

/api/updateMergeAsyncOutside

POST /api/updateMergeAsyncOutside HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 16

{
  "enabled": true
}

200

Async merge setting updated

No content

POST request for endpoint /api/updateGlobalRateLimit

post

Body

globalRateLimitintegerOptionalExample: 1000

Responses

200

Rate limit updated successfully

No content

post

/api/updateGlobalRateLimit

POST /api/updateGlobalRateLimit HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 24

{
  "globalRateLimit": 1000
}

200

Rate limit updated successfully

No content

POST request for endpoint /api/updateIgnoreTimeForSummaries

post

Body

ignoreTimebooleanOptionalExample: true

Responses

200

Summary time setting updated

No content

post

/api/updateIgnoreTimeForSummaries

POST /api/updateIgnoreTimeForSummaries HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 19

{
  "ignoreTime": true
}

200

Summary time setting updated

No content

POST request for endpoint /api/updatePrivateCidrIps

post

Body

privateCidrListstring[]OptionalExample: 192.0.2.0/24

Responses

200

Private CIDR IPs updated

No content

post

/api/updatePrivateCidrIps

POST /api/updatePrivateCidrIps HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 36

{
  "privateCidrList": [
    "192.0.2.0/24"
  ]
}

200

Private CIDR IPs updated

No content

POST request for endpoint /api/addMatchingPatternForProxy

post

Body

patternstringOptionalExample: .*\.example\.com.*

Responses

200

Proxy pattern added successfully

No content

post

/api/addMatchingPatternForProxy

POST /api/addMatchingPatternForProxy HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 34

{
  "pattern": ".*\\.example\\.com.*"
}

200

Proxy pattern added successfully

No content

POST request for endpoint /api/updatePartnerIps

post

Body

partnerIpListstring[]OptionalExample: 192.0.2.100

Responses

200

Partner IPs updated

No content

post

/api/updatePartnerIps

POST /api/updatePartnerIps HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 33

{
  "partnerIpList": [
    "192.0.2.100"
  ]
}

200

Partner IPs updated

No content

POST request for endpoint /api/toggleNewMergingEnabled

post

Body

newMergingEnabledbooleanOptionalExample: true

Responses

200

New merging setting toggled

No content

post

/api/toggleNewMergingEnabled

POST /api/toggleNewMergingEnabled HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 26

{
  "newMergingEnabled": true
}

200

New merging setting toggled

No content

POST request for endpoint /api/toggleDoBodyMatch

post

Body

doBodyMatchbooleanOptionalExample: true

Responses

200

Body matching setting toggled

No content

post

/api/toggleDoBodyMatch

POST /api/toggleDoBodyMatch HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 20

{
  "doBodyMatch": true
}

200

Body matching setting toggled

No content

POST request for endpoint /api/toggleTelemetry

post

Body

enableTelemetrybooleanOptionalExample: false

Responses

200

Telemetry setting toggled

No content

post

/api/toggleTelemetry

POST /api/toggleTelemetry HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 25

{
  "enableTelemetry": false
}

200

Telemetry setting toggled

No content

POST request for endpoint /api/updateUrlSettings

post

Body

urlRegexMatchingEnabledbooleanOptionalExample: true

Responses

200

URL settings updated

No content

post

/api/updateUrlSettings

POST /api/updateUrlSettings HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 32

{
  "urlRegexMatchingEnabled": true
}

200

URL settings updated

No content

POST request for endpoint /api/toggleDebugLogsFeature

post

Body

enabledbooleanOptionalExample: true

Responses

200

Debug logs feature toggled

No content

post

/api/toggleDebugLogsFeature

POST /api/toggleDebugLogsFeature HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 16

{
  "enabled": true
}

200

Debug logs feature toggled

No content

POST request for endpoint /api/updateSetupType

post

Body

setupTypestringOptionalExample: SAAS

Responses

200

Setup type updated

No content

post

/api/updateSetupType

POST /api/updateSetupType HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 20

{
  "setupType": "SAAS"
}

200

Setup type updated

No content

POST request for endpoint /api/updateTrafficAlertThresholdSeconds

post

Body

thresholdSecondsintegerOptionalExample: 300

Responses

200

Traffic alert threshold updated

No content

post

/api/updateTrafficAlertThresholdSeconds

POST /api/updateTrafficAlertThresholdSeconds HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 24

{
  "thresholdSeconds": 300
}

200

Traffic alert threshold updated

No content

POST request for endpoint /api/toggleArchivalEnabled

post

Body

enabledbooleanOptionalExample: true

Responses

200

Archival feature toggled

No content

post

/api/toggleArchivalEnabled

POST /api/toggleArchivalEnabled HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 16

{
  "enabled": true
}

200

Archival feature toggled

No content

POST request for endpoint /api/updateRetrospectiveFilterSettings

post

Body

allowRetrospectiveMergingbooleanOptionalExample: true

Responses

200

Retrospective filter settings updated

No content

post

/api/updateRetrospectiveFilterSettings

POST /api/updateRetrospectiveFilterSettings HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 34

{
  "allowRetrospectiveMerging": true
}

200

Retrospective filter settings updated

No content

POST request for endpoint /api/updateCompulsoryDescription

post

Body

compulsoryDescriptionobjectOptional

Responses

200

Compulsory description settings updated

No content

post

/api/updateCompulsoryDescription

POST /api/updateCompulsoryDescription HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 28

{
  "compulsoryDescription": {}
}

200

Compulsory description settings updated

No content

POST request for endpoint /api/updateBlockLogs

post

Body

blockLogsbooleanOptionalExample: false

Responses

200

Block logs setting updated

No content

post

/api/updateBlockLogs

POST /api/updateBlockLogs HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 19

{
  "blockLogs": false
}

200

Block logs setting updated

No content

POST request for endpoint /api/updateFilterLogPolicy

post

Body

filterLogPolicyarrayOptional

Responses

200

Filter log policy updated

No content

post

/api/updateFilterLogPolicy

POST /api/updateFilterLogPolicy HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 22

{
  "filterLogPolicy": []
}

200

Filter log policy updated

No content

SSO & Authentication

API

Description

POST /api/googleConfig

Configures Google OAuth/SSO settings for the organization.

POST /api/addGithubSso

Adds or updates GitHub SSO configuration for the organization.

POST /api/deleteGithubSso

Deletes the existing GitHub SSO configuration.

POST /api/addGithubAppSecretKey

Adds a GitHub App secret key for SSO authentication.

POST /api/deleteGithubAppSecretKey

Deletes the GitHub App secret key used for SSO.

POST /api/addOktaSso

Adds or updates Okta SSO configuration for the organization.

POST /api/deleteOktaSso

Deletes the existing Okta SSO configuration.

POST /api/saveOktaGroupRoleMapping

Saves the mapping between Okta groups and Akto roles.

POST /api/addSAMLSso

Adds or updates SAML SSO configuration for the organization.

POST /api/deleteSamlSso

Deletes the existing SAML SSO configuration.

POST request for endpoint /api/googleConfig

post

Body

objectOptional

Responses

200

Google OAuth configuration retrieved successfully

application/json

client_idstringOptional

Google OAuth client ID registered for this Akto instance

Example: 812345678901-abcdef1234567890abcdef1234567890.apps.googleusercontent.com

401

Unauthorized — no Google OAuth configuration found for this account

403

Forbidden — caller lacks INTEGRATIONS / READ_WRITE permission

post

/api/googleConfig

POST /api/googleConfig HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

{
  "client_id": "812345678901-abcdef1234567890abcdef1234567890.apps.googleusercontent.com"
}

POST request for endpoint /api/addGithubSso

post

Body

githubClientIdstringRequired

GitHub OAuth App client ID

Example: Iv1.a1b2c3d4e5f6g7h8

githubClientSecretstringRequired

GitHub OAuth App client secret

Example: [REDACTED_GITHUB_CLIENT_SECRET]

githubUrlstringOptional

Base URL for GitHub Enterprise instances (leave empty for github.com)

Example: https://github.example-corp.com

githubApiUrlstringOptional

GitHub API base URL for Enterprise instances (leave empty for github.com)

Example: https://github.example-corp.com/api/v3

Responses

200

GitHub SSO integration added successfully

application/json

objectOptional

403

Forbidden — caller lacks ADMIN_ACTIONS / READ_WRITE permission

422

Unprocessable — another SSO integration already exists, or deployment is not on-prem

application/json

post

/api/addGithubSso

POST /api/addGithubSso HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 198

{
  "githubClientId": "Iv1.a1b2c3d4e5f6g7h8",
  "githubClientSecret": "[REDACTED_GITHUB_CLIENT_SECRET]",
  "githubUrl": "https://github.example-corp.com",
  "githubApiUrl": "https://github.example-corp.com/api/v3"
}

{}

POST request for endpoint /api/deleteGithubSso

post

Body

objectOptional

Responses

200

GitHub SSO integration deleted successfully

application/json

objectOptional

403

Forbidden — caller lacks ADMIN_ACTIONS permission

422

Unprocessable — deployment is not on-prem

application/json

post

/api/deleteGithubSso

POST /api/deleteGithubSso HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

{}

POST request for endpoint /api/addGithubAppSecretKey

post

Body

githubAppIdstringRequired

GitHub App ID (numeric identifier shown on the App settings page)

Example: 987654

githubAppSecretKeystringRequired

RSA private key PEM content (with or without header/footer lines; newlines are stripped automatically)

Example: [REDACTED_RSA_PRIVATE_KEY_PEM]

Responses

200

GitHub App credentials validated and saved successfully

application/json

objectOptional

403

Forbidden — caller lacks ADMIN_ACTIONS / READ_WRITE permission

422

Unprocessable — invalid credentials or not on-prem

application/json

post

/api/addGithubAppSecretKey

POST /api/addGithubAppSecretKey HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 78

{
  "githubAppId": "987654",
  "githubAppSecretKey": "[REDACTED_RSA_PRIVATE_KEY_PEM]"
}

{}

POST request for endpoint /api/deleteGithubAppSecretKey

post

Body

objectOptional

Responses

200

GitHub App credentials deleted successfully

application/json

actionMessagesstring[]OptionalExample: Deleted github app ID and secret key

403

Forbidden — caller lacks ADMIN_ACTIONS / READ_WRITE permission

422

Unprocessable — deployment is not on-prem

application/json

post

/api/deleteGithubAppSecretKey

POST /api/deleteGithubAppSecretKey HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

{
  "actionMessages": [
    "Deleted github app ID and secret key"
  ]
}

POST request for endpoint /api/addOktaSso

post

Body

clientIdstringRequired

Okta OIDC application client ID

Example: 0oa1b2c3d4e5F6G7H890

clientSecretstringRequired

Okta OIDC application client secret

Example: [REDACTED_OKTA_CLIENT_SECRET]

authorisationServerIdstringRequired

Okta Authorization Server ID (use 'default' for the org-level server)

Example: aus1b2c3d4e5F6G7H890

oktaDomainstringRequired

Okta organization domain URL

Example: https://example-corp.okta.com

redirectUristringRequired

Redirect URI registered in the Okta application

Example: https://app.akto.example-corp.com/login/oauth2/code/okta

managementApiTokenstringOptional

Okta Management API token — required for fetchOktaGroups and role mapping. Stored server-side; returned masked as '*' on subsequent reads.

Example: [REDACTED_OKTA_MANAGEMENT_API_TOKEN]

Responses

200

Okta SSO integration added successfully

application/json

managementApiTokenstringOptional

Returns '*' if a management API token was saved, null otherwise

Example: *

403

Forbidden — caller lacks ADMIN_ACTIONS / READ_WRITE permission

422

Unprocessable — another SSO integration already exists

application/json

post

/api/addOktaSso

POST /api/addOktaSso HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 307

{
  "clientId": "0oa1b2c3d4e5F6G7H890",
  "clientSecret": "[REDACTED_OKTA_CLIENT_SECRET]",
  "authorisationServerId": "aus1b2c3d4e5F6G7H890",
  "oktaDomain": "https://example-corp.okta.com",
  "redirectUri": "https://app.akto.example-corp.com/login/oauth2/code/okta",
  "managementApiToken": "[REDACTED_OKTA_MANAGEMENT_API_TOKEN]"
}

{
  "managementApiToken": "*"
}

POST request for endpoint /api/deleteOktaSso

post

Body

objectOptional

Responses

200

Okta SSO integration deleted successfully

application/json

objectOptional

403

Forbidden — caller lacks ADMIN_ACTIONS permission

post

/api/deleteOktaSso

POST /api/deleteOktaSso HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

{}

POST request for endpoint /api/saveOktaGroupRoleMapping

post

Body

managementApiTokenstringOptional

Optional — update the stored Okta Management API token. Pass empty string to remove it. Pass '' or a value containing '**' to leave the existing token unchanged.

Example: [REDACTED_OKTA_MANAGEMENT_API_TOKEN]

Responses

200

Group role mapping saved successfully

application/json

managementApiTokenstringOptional

Returns '*' if a management API token is now stored, null otherwise

Example: *

403

Forbidden — caller lacks ADMIN_ACTIONS permission

422

Unprocessable — invalid role value or duplicate role assignment

application/json

post

/api/saveOktaGroupRoleMapping

POST /api/saveOktaGroupRoleMapping HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 165

{
  "oktaGroupToAktoUserRoleMap": {
    "Security-Admins": "ADMIN",
    "Dev-Engineers": "DEVELOPER",
    "Auditors": "GUEST"
  },
  "managementApiToken": "[REDACTED_OKTA_MANAGEMENT_API_TOKEN]"
}

{
  "managementApiToken": "*"
}

POST request for endpoint /api/addSAMLSso

post

Body

configTypestring · enumRequired

SAML provider type. Use AZURE for Azure AD / Microsoft Entra ID, or GOOGLE_SAML for Google Workspace SAML.

Example: AZUREPossible values:

x509CertificatestringRequired

Base64-encoded X.509 public certificate from the identity provider's SAML metadata

Example: [REDACTED_X509_CERTIFICATE_BASE64]

ssoEntityIdstringRequired

SAML Entity ID / Issuer URI of the identity provider

Example: https://sts.windows.net/a1b2c3d4-e5f6-7890-abcd-ef1234567890/

loginUrlstringRequired

SAML SSO login URL provided by the identity provider

Example: https://login.microsoftonline.com/a1b2c3d4-e5f6-7890-abcd-ef1234567890/saml2

acsUrlstringRequired

Assertion Consumer Service URL — the Akto callback endpoint that receives the SAML response

Example: https://app.akto.example-corp.com/api/saml/callback

applicationIdentifierstringRequired

Application / Audience URI registered in the identity provider for this Akto instance

Example: https://app.akto.example-corp.com

Responses

200

SAML SSO integration added successfully

application/json

objectOptional

403

Forbidden — caller lacks ADMIN_ACTIONS permission

422

Unprocessable — another SSO integration already exists

application/json

post

/api/addSAMLSso

POST /api/addSAMLSso HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 368

{
  "configType": "AZURE",
  "x509Certificate": "[REDACTED_X509_CERTIFICATE_BASE64]",
  "ssoEntityId": "https://sts.windows.net/a1b2c3d4-e5f6-7890-abcd-ef1234567890/",
  "loginUrl": "https://login.microsoftonline.com/a1b2c3d4-e5f6-7890-abcd-ef1234567890/saml2",
  "acsUrl": "https://app.akto.example-corp.com/api/saml/callback",
  "applicationIdentifier": "https://app.akto.example-corp.com"
}

{}

POST request for endpoint /api/deleteSamlSso

post

Body

configTypestring · enumRequired

SAML provider type to delete

Example: AZUREPossible values:

Responses

200

SAML SSO integration deleted successfully

application/json

objectOptional

403

Forbidden — caller lacks ADMIN_ACTIONS permission

post

/api/deleteSamlSso

POST /api/deleteSamlSso HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 22

{
  "configType": "AZURE"
}

{}

Runtime & Infrastructure

API

Description

GET /api/checkStackCreationProgress

Checks the progress of runtime stack creation or deployment.

POST /api/createRuntimeStack

Initiates creation of a new runtime stack for deployment.

POST /api/addAwsAccountIdsForApiGatewayLogging

Adds AWS account IDs to enable API Gateway logging for traffic analysis.

POST /api/saveLoadBalancers

Saves and updates load balancer configurations.

GET request for endpoint /api/checkStackCreationProgress

get

Query parameters

stackIdstringOptionalExample: stack-abc123

Responses

200

Stack creation progress retrieved

No content

get

/api/checkStackCreationProgress

GET /api/checkStackCreationProgress HTTP/1.1
Accept: */*

200

Stack creation progress retrieved

No content

POST request for endpoint /api/createRuntimeStack

post

Body

stackNamestringOptionalExample: akto-prod-stack

cloudProviderstringOptionalExample: AWS

regionstringOptionalExample: us-east-1

Responses

200

Stack creation initiated

No content

post

/api/createRuntimeStack

POST /api/createRuntimeStack HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 74

{
  "stackName": "akto-prod-stack",
  "cloudProvider": "AWS",
  "region": "us-east-1"
}

200

Stack creation initiated

No content

POST request for endpoint /api/addAwsAccountIdsForApiGatewayLogging

post

Body

accountIdsstring[]OptionalExample: [REDACTED-AWS-ACCOUNT]

Responses

200

AWS account IDs added successfully

No content

post

/api/addAwsAccountIdsForApiGatewayLogging

POST /api/addAwsAccountIdsForApiGatewayLogging HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 41

{
  "accountIds": [
    "[REDACTED-AWS-ACCOUNT]"
  ]
}

200

AWS account IDs added successfully

No content

POST request for endpoint /api/saveLoadBalancers

post

Body

objectOptional

Responses

200

Load balancer configuration saved

No content

post

/api/saveLoadBalancers

POST /api/saveLoadBalancers HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

Load balancer configuration saved

No content

Logs, Audit & Traffic

API

Description

POST /api/updateAuditData

Updates audit logs and tracking records for compliance and forensics.

POST request for endpoint /api/updateAuditData

post

Body

auditIdstringOptional

statusstringOptionalExample: ARCHIVED

Responses

200

Audit data updated

No content

post

/api/updateAuditData

POST /api/updateAuditData HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 38

{
  "auditId": "text",
  "status": "ARCHIVED"
}

200

Audit data updated

No content

Dashboard, Filters & Misc

API

Description

POST /api/saveDashboardLayout

Saves the user's custom dashboard layout configuration.

POST /api/saveTagConfig

Saves tag configurations and taxonomy settings.

GET /api/reviewTagConfig

Submits tag configuration for review and approval.

POST /api/toggleActiveTagConfig

Toggles a tag configuration between active and inactive states.

POST /api/saveFilterYamlTemplate

Saves a custom YAML filter template for reuse.

POST /api/deleteFilterYamlTemplate

Deletes a saved YAML filter template.

POST /api/addFilterHeaderValueMap

Adds header value mappings to filter configurations.

POST /api/saveBrowserExtensionConfig

Saves browser extension settings and configurations.

POST /api/deleteBrowserExtensionConfigs

Deletes browser extension configurations.

POST /api/handleRefreshTableCount

Handles refresh of table data and record counts.

POST /api/send_event

Sends custom events for analytics and tracking.

POST /api/markAlertAsDismissed

Marks security alerts as dismissed or acknowledged.

GET /api/getAllTrafficAlerts

Retrieves and processes all active traffic alerts.

POST /api/wrapped

Generates or processes wrapped/summarized reports.

POST request for endpoint /api/saveDashboardLayout

post

Body

objectOptional

Responses

200

Dashboard layout saved successfully

No content

post

/api/saveDashboardLayout

POST /api/saveDashboardLayout HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

Dashboard layout saved successfully

No content

POST request for endpoint /api/saveTagConfig

post

Body

objectOptional

Responses

200

Tag configuration saved

No content

post

/api/saveTagConfig

POST /api/saveTagConfig HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

Tag configuration saved

No content

GET request for endpoint /api/reviewTagConfig

get

Responses

200

Tag configurations retrieved

No content

get

/api/reviewTagConfig

GET /api/reviewTagConfig HTTP/1.1
Accept: */*

200

Tag configurations retrieved

No content

POST request for endpoint /api/toggleActiveTagConfig

post

Body

objectOptional

Responses

200

Tag configuration toggled

No content

post

/api/toggleActiveTagConfig

POST /api/toggleActiveTagConfig HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

Tag configuration toggled

No content

POST request for endpoint /api/saveFilterYamlTemplate

post

Body

objectOptional

Responses

200

Filter template saved successfully

No content

post

/api/saveFilterYamlTemplate

POST /api/saveFilterYamlTemplate HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

Filter template saved successfully

No content

POST request for endpoint /api/deleteFilterYamlTemplate

post

Body

objectOptional

Responses

200

Filter template deleted

No content

post

/api/deleteFilterYamlTemplate

POST /api/deleteFilterYamlTemplate HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

Filter template deleted

No content

POST request for endpoint /api/addFilterHeaderValueMap

post

Body

objectOptional

Responses

200

Header value map added

No content

post

/api/addFilterHeaderValueMap

POST /api/addFilterHeaderValueMap HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

Header value map added

No content

POST request for endpoint /api/saveBrowserExtensionConfig

post

Body

objectOptional

Responses

200

Browser extension config saved

No content

post

/api/saveBrowserExtensionConfig

POST /api/saveBrowserExtensionConfig HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

Browser extension config saved

No content

POST request for endpoint /api/deleteBrowserExtensionConfigs

post

Body

objectOptional

Responses

200

Browser extension config deleted

No content

post

/api/deleteBrowserExtensionConfigs

POST /api/deleteBrowserExtensionConfigs HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

Browser extension config deleted

No content

POST request for endpoint /api/handleRefreshTableCount

post

Body

objectOptional

Responses

200

Table count refreshed

No content

post

/api/handleRefreshTableCount

POST /api/handleRefreshTableCount HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

Table count refreshed

No content

POST request for endpoint /api/send_event

post

Body

objectOptional

Responses

200

Event sent successfully

No content

post

/api/send_event

POST /api/send_event HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

Event sent successfully

No content

POST request for endpoint /api/markAlertAsDismissed

post

Body

objectOptional

Responses

200

Alert dismissed successfully

No content

post

/api/markAlertAsDismissed

POST /api/markAlertAsDismissed HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

Alert dismissed successfully

No content

GET request for endpoint /api/getAllTrafficAlerts

get

Query parameters

statusstringOptionalExample: ACTIVE

Responses

200

Traffic alerts retrieved

No content

get

/api/getAllTrafficAlerts

GET /api/getAllTrafficAlerts HTTP/1.1
Accept: */*

200

Traffic alerts retrieved

No content

POST request for endpoint /api/wrapped

post

Body

objectOptional

Responses

200

Wrapped statistics retrieved

No content

post

/api/wrapped

POST /api/wrapped HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

Wrapped statistics retrieved

No content

Maintenance

API

Description

POST /api/cleanNonHostApiInfos

Cleans up API information for non-host endpoints, removing stale data.

POST /api/deleteOptionAndSlashApis

Deletes OPTIONS and SLASH method API endpoints from the catalog.

POST /api/deleteExtraApiInfo

Removes extra or redundant API information entries.

POST /api/deleteDuplicateEntries

Removes duplicate API entries to maintain catalog integrity.

POST /api/deleteNonHostSTIs

Deletes Sensitive Technology Indicators (STIs) for non-host APIs.

POST /api/unsetTemp

Clears temporary flags and settings used during operations.

POST /api/dryRunAdvancedFilters

Performs a test run of advanced filter configurations without applying changes.

POST request for endpoint /api/cleanNonHostApiInfos

post

Body

objectOptional

Responses

200

Non-host API infos cleaned

No content

post

/api/cleanNonHostApiInfos

POST /api/cleanNonHostApiInfos HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

Non-host API infos cleaned

No content

POST request for endpoint /api/deleteOptionAndSlashApis

post

Body

objectOptional

Responses

200

OPTIONS and slash APIs deleted

No content

post

/api/deleteOptionAndSlashApis

POST /api/deleteOptionAndSlashApis HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

OPTIONS and slash APIs deleted

No content

POST request for endpoint /api/deleteExtraApiInfo

post

Body

objectOptional

Responses

200

Extra API info deleted

No content

post

/api/deleteExtraApiInfo

POST /api/deleteExtraApiInfo HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

Extra API info deleted

No content

POST request for endpoint /api/deleteDuplicateEntries

post

Body

objectOptional

Responses

200

Duplicate entries deleted

No content

post

/api/deleteDuplicateEntries

POST /api/deleteDuplicateEntries HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

Duplicate entries deleted

No content

POST request for endpoint /api/deleteNonHostSTIs

post

Body

objectOptional

Responses

200

Non-host STIs deleted

No content

post

/api/deleteNonHostSTIs

POST /api/deleteNonHostSTIs HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

Non-host STIs deleted

No content

POST request for endpoint /api/unsetTemp

post

Body

objectOptional

Responses

200

Temporary values cleared

No content

post

/api/unsetTemp

POST /api/unsetTemp HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

Temporary values cleared

No content

POST request for endpoint /api/dryRunAdvancedFilters

post

Body

objectOptional

Responses

200

Dry run completed

No content

post

/api/dryRunAdvancedFilters

POST /api/dryRunAdvancedFilters HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

Dry run completed

No content

PreviousFetch Data NextIntegration

Last updated 24 days ago

hashtagTable of Contents

hashtagSystem & Health

hashtagPOST request for endpoint /api/sendHealthCheck

hashtagPOST request for endpoint /api/deleteModuleInfo

hashtagPOST request for endpoint /api/rebootModules

hashtagPOST request for endpoint /api/updateModuleEnvAndReboot

hashtagPOST request for endpoint /api/takeUpdate

hashtagPOST request for endpoint /api/closeLoader

hashtagPOST request for endpoint /api/skipOnboarding

hashtagPOST request for endpoint /api/runTestOnboarding

hashtagSettings & Toggles

hashtagPOST request for endpoint /api/modifyAccountSettings

hashtagPOST request for endpoint /api/updateAktoUIMode

hashtagPOST request for endpoint /api/toggleRedactFeature

hashtagPOST request for endpoint /api/toggleCaseSensitiveApis

hashtagPOST request for endpoint /api/switchTestingModule

hashtagPOST request for endpoint /api/enableMergingOnVersionsInApis

hashtagPOST request for endpoint /api/updateMergeAsyncOutside

hashtagPOST request for endpoint /api/updateGlobalRateLimit

hashtagPOST request for endpoint /api/updateIgnoreTimeForSummaries

hashtagPOST request for endpoint /api/updatePrivateCidrIps

hashtagPOST request for endpoint /api/addMatchingPatternForProxy

hashtagPOST request for endpoint /api/updatePartnerIps

hashtagPOST request for endpoint /api/toggleNewMergingEnabled

hashtagPOST request for endpoint /api/toggleDoBodyMatch

hashtagPOST request for endpoint /api/toggleTelemetry

hashtagPOST request for endpoint /api/updateUrlSettings

hashtagPOST request for endpoint /api/toggleDebugLogsFeature

hashtagPOST request for endpoint /api/updateSetupType

hashtagPOST request for endpoint /api/updateTrafficAlertThresholdSeconds

hashtagPOST request for endpoint /api/toggleArchivalEnabled

hashtagPOST request for endpoint /api/updateRetrospectiveFilterSettings

hashtagPOST request for endpoint /api/updateCompulsoryDescription

hashtagPOST request for endpoint /api/updateBlockLogs

hashtagPOST request for endpoint /api/updateFilterLogPolicy

hashtagSSO & Authentication

hashtagPOST request for endpoint /api/googleConfig

hashtagPOST request for endpoint /api/addGithubSso

hashtagPOST request for endpoint /api/deleteGithubSso

hashtagPOST request for endpoint /api/addGithubAppSecretKey

hashtagPOST request for endpoint /api/deleteGithubAppSecretKey

hashtagPOST request for endpoint /api/addOktaSso

hashtagPOST request for endpoint /api/deleteOktaSso

hashtagPOST request for endpoint /api/saveOktaGroupRoleMapping

hashtagPOST request for endpoint /api/addSAMLSso

hashtagPOST request for endpoint /api/deleteSamlSso

hashtagRuntime & Infrastructure

hashtagGET request for endpoint /api/checkStackCreationProgress

hashtagPOST request for endpoint /api/createRuntimeStack

hashtagPOST request for endpoint /api/addAwsAccountIdsForApiGatewayLogging

hashtagPOST request for endpoint /api/saveLoadBalancers

hashtagLogs, Audit & Traffic

hashtagPOST request for endpoint /api/updateAuditData

hashtagDashboard, Filters & Misc

hashtagPOST request for endpoint /api/saveDashboardLayout

hashtagPOST request for endpoint /api/saveTagConfig

hashtagGET request for endpoint /api/reviewTagConfig

hashtagPOST request for endpoint /api/toggleActiveTagConfig

hashtagPOST request for endpoint /api/saveFilterYamlTemplate

hashtagPOST request for endpoint /api/deleteFilterYamlTemplate

hashtagPOST request for endpoint /api/addFilterHeaderValueMap

hashtagPOST request for endpoint /api/saveBrowserExtensionConfig

hashtagPOST request for endpoint /api/deleteBrowserExtensionConfigs

hashtagPOST request for endpoint /api/handleRefreshTableCount

hashtagPOST request for endpoint /api/send_event

hashtagPOST request for endpoint /api/markAlertAsDismissed

hashtagGET request for endpoint /api/getAllTrafficAlerts

hashtagPOST request for endpoint /api/wrapped

hashtagMaintenance

hashtagPOST request for endpoint /api/cleanNonHostApiInfos

hashtagPOST request for endpoint /api/deleteOptionAndSlashApis

hashtagPOST request for endpoint /api/deleteExtraApiInfo

hashtagPOST request for endpoint /api/deleteDuplicateEntries

hashtagPOST request for endpoint /api/deleteNonHostSTIs

hashtagPOST request for endpoint /api/unsetTemp

hashtagPOST request for endpoint /api/dryRunAdvancedFilters

Table of Contents

System & Health

POST request for endpoint /api/sendHealthCheck

POST request for endpoint /api/deleteModuleInfo

POST request for endpoint /api/rebootModules

POST request for endpoint /api/updateModuleEnvAndReboot

POST request for endpoint /api/takeUpdate

POST request for endpoint /api/closeLoader

POST request for endpoint /api/skipOnboarding

POST request for endpoint /api/runTestOnboarding

Settings & Toggles

POST request for endpoint /api/modifyAccountSettings

POST request for endpoint /api/updateAktoUIMode

POST request for endpoint /api/toggleRedactFeature

POST request for endpoint /api/toggleCaseSensitiveApis

POST request for endpoint /api/switchTestingModule

POST request for endpoint /api/enableMergingOnVersionsInApis

POST request for endpoint /api/updateMergeAsyncOutside

POST request for endpoint /api/updateGlobalRateLimit

POST request for endpoint /api/updateIgnoreTimeForSummaries

POST request for endpoint /api/updatePrivateCidrIps

POST request for endpoint /api/addMatchingPatternForProxy

POST request for endpoint /api/updatePartnerIps

POST request for endpoint /api/toggleNewMergingEnabled

POST request for endpoint /api/toggleDoBodyMatch

POST request for endpoint /api/toggleTelemetry

POST request for endpoint /api/updateUrlSettings

POST request for endpoint /api/toggleDebugLogsFeature

POST request for endpoint /api/updateSetupType

POST request for endpoint /api/updateTrafficAlertThresholdSeconds

POST request for endpoint /api/toggleArchivalEnabled

POST request for endpoint /api/updateRetrospectiveFilterSettings

POST request for endpoint /api/updateCompulsoryDescription

POST request for endpoint /api/updateBlockLogs

POST request for endpoint /api/updateFilterLogPolicy

SSO & Authentication

POST request for endpoint /api/googleConfig

POST request for endpoint /api/addGithubSso

POST request for endpoint /api/deleteGithubSso

POST request for endpoint /api/addGithubAppSecretKey

POST request for endpoint /api/deleteGithubAppSecretKey

POST request for endpoint /api/addOktaSso

POST request for endpoint /api/deleteOktaSso

POST request for endpoint /api/saveOktaGroupRoleMapping

POST request for endpoint /api/addSAMLSso

POST request for endpoint /api/deleteSamlSso

Runtime & Infrastructure

GET request for endpoint /api/checkStackCreationProgress

POST request for endpoint /api/createRuntimeStack

POST request for endpoint /api/addAwsAccountIdsForApiGatewayLogging

POST request for endpoint /api/saveLoadBalancers

Logs, Audit & Traffic

POST request for endpoint /api/updateAuditData

Dashboard, Filters & Misc

POST request for endpoint /api/saveDashboardLayout

POST request for endpoint /api/saveTagConfig

GET request for endpoint /api/reviewTagConfig

POST request for endpoint /api/toggleActiveTagConfig

POST request for endpoint /api/saveFilterYamlTemplate

POST request for endpoint /api/deleteFilterYamlTemplate

POST request for endpoint /api/addFilterHeaderValueMap

POST request for endpoint /api/saveBrowserExtensionConfig

POST request for endpoint /api/deleteBrowserExtensionConfigs

POST request for endpoint /api/handleRefreshTableCount

POST request for endpoint /api/send_event

POST request for endpoint /api/markAlertAsDismissed

GET request for endpoint /api/getAllTrafficAlerts

POST request for endpoint /api/wrapped

Maintenance

POST request for endpoint /api/cleanNonHostApiInfos

POST request for endpoint /api/deleteOptionAndSlashApis

POST request for endpoint /api/deleteExtraApiInfo

POST request for endpoint /api/deleteDuplicateEntries

POST request for endpoint /api/deleteNonHostSTIs

POST request for endpoint /api/unsetTemp

POST request for endpoint /api/dryRunAdvancedFilters