Edit

Share via

Create webApplicationFirewallProvider

Namespace: microsoft.graph

Create a new webApplicationFirewallProvider object. You can create one of the following subtypes that are derived from webApplicationFirewallProvider.

This API is available in the following national cloud deployments.

Global service US Government L4 US Government L5 (DOD) China operated by 21Vianet

Permissions

Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.

Permission type Least privileged permissions Higher privileged permissions
Delegated (work or school account) RiskPreventionProviders.ReadWrite.All Not available.
Delegated (personal Microsoft account) Not supported. Not supported.
Application RiskPreventionProviders.ReadWrite.All Not available.

Important

In delegated scenarios with work or school accounts, the admin must be assigned a supported Microsoft Entra role or a custom role with a supported role permission. The following least privileged roles are supported for this operation:

  • External ID User Flow Administrator
  • Application Administrator
  • Security Administrator

HTTP request

POST /identity/riskPrevention/webApplicationFirewallProviders

Request headers

Name Description
Authorization Bearer {token}. Required. Learn more about authentication and authorization.
Content-Type application/json. Required.

Request body

In the request body, supply a JSON representation of the webApplicationFirewallProvider object.

You can specify the following properties when creating a webApplicationFirewallProvider. You must specify the @odata.type property to specify the type of webApplicationFirewallProvider to create; for example, @odata.type": "microsoft.graph.AkamaiWebApplicationFirewallProvider".

Property Type Description
displayName String The display name of this WAF provider configuration. Supported for all providers. Required. Inherited from webApplicationFirewallProvider.
accessToken String Akamai API access token used to authenticate to the Akamai account. Contact your Akamai Customer Success Manager for assistance with your accessToken. Supported for Akamai only. Required.
clientSecret String Akamai API client secret used in conjunction with the client token and access token for authentication. Contact your Akamai Customer Success Manager for assistance with this information. Supported for Akamai only. Required.
clientToken String Akamai API client token used for authentication to the Akamai account. Contact your Akamai Customer Success Manager for assistance with this information. Supported for Akamai only. Required.
hostPrefix String Prefix used to identify the host or domain in Akamai configuration operations. This value may be required for certain API calls or configuration scenarios. Supported for Akamai only. Required.
apiToken String Cloudflare API token or credential used by Microsoft services to authenticate to the Cloudflare account. Contact your Cloudflare Customer Success Manager for assistance with your apitoken. Supported for Cloudflare only. Required.
zoneId String Default Cloudflare Zone ID associated with this provider configuration. This ID identifies the DNS zone in Cloudflare that is commonly used for verification and configuration operations for the provider. Supported for Cloudflare only. Required.

Response

If successful, this method returns a 201 Created response code and a webApplicationFirewallProvider object in the response body.

Examples

Example 1: Create a new AkamaiWebApplicationFirewallProvider object

Request

The following example shows a request.

POST https://graph.microsoft.com/v1.0/identity/riskPrevention/webApplicationFirewallProviders
Content-Type: application/json

{
    "@odata.type": "#microsoft.graph.akamaiWebApplicationFirewallProvider",
    "displayName": "Akamai Provider Example",
    "hostPrefix": "akab-exampleprefix",
    "clientSecret": "akamai_example_secret_123",
    "clientToken": "akamai_example_token_456",
    "accessToken": "akamai_example_token_789"
}

Response

The following example shows the response.

Note: The response object shown here might be shortened for readability.

HTTP/1.1 201 Created
Content-Type: application/json

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#identity/riskPrevention/webApplicationFirewallProviders/$entity",
    "@odata.type": "#microsoft.graph.akamaiWebApplicationFirewallProvider",
    "id": "00000000-0000-0000-0000-000000000002",
    "displayName": "Akamai Provider Example",
    "hostPrefix": "akab-exampleprefix"
}

Example 2: Create a new cloudFlareWebApplicationFirewallProvider object

Request

The following example shows a request to create a new Cloudflare WAF object.

POST https://graph.microsoft.com/v1.0/identity/riskPrevention/webApplicationFirewallProviders
Content-Type: application/json

{
    "@odata.type": "#microsoft.graph.cloudFlareWebApplicationFirewallProvider",
    "displayName": "Cloudflare Provider Example",
    "zoneId": "11111111111111111111111111111111",
    "apiToken": "cf_example_token_123"
}

Response

The following example shows the response with Cloudflare WAF object.

Note: The response object shown here might be shortened for readability.

HTTP/1.1 201 Created
Content-Type: application/json

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#identity/riskPrevention/webApplicationFirewallProviders/$entity",
    "@odata.type": "#microsoft.graph.cloudFlareWebApplicationFirewallProvider",
    "id": "00000000-0000-0000-0000-000000000001",
    "displayName": "Cloudflare Provider Example",
    "zoneId": "11111111111111111111111111111111"
}
  • Last updated on