Skip to main content
PATCH
/
shield
/
shield-zone
/
{shieldZoneId}
/
api-guardian
/
endpoint
/
{endpointId}
Update your API Guardian Endpoint configuration
curl --request PATCH \
  --url https://api.bunny.net/shield/shield-zone/{shieldZoneId}/api-guardian/endpoint/{endpointId} \
  --header 'Content-Type: application/json' \
  --data '
{
  "isEnabled": true,
  "validateRequestBodySchema": true,
  "validateResponseBodySchema": true,
  "validateAuthorization": true,
  "injectionDetectionParameters": {
    "Path": [
      "<string>"
    ],
    "Query": [
      "<string>"
    ],
    "Header": [
      "<string>"
    ],
    "Cookie": [
      "<string>"
    ]
  },
  "detectParameterXss": true,
  "detectParameterSqli": true,
  "rateLimitingEnabled": true,
  "rateLimitingRequestCount": 123
}
'
import requests

url = "https://api.bunny.net/shield/shield-zone/{shieldZoneId}/api-guardian/endpoint/{endpointId}"

payload = {
"isEnabled": True,
"validateRequestBodySchema": True,
"validateResponseBodySchema": True,
"validateAuthorization": True,
"injectionDetectionParameters": {
"Path": ["<string>"],
"Query": ["<string>"],
"Header": ["<string>"],
"Cookie": ["<string>"]
},
"detectParameterXss": True,
"detectParameterSqli": True,
"rateLimitingEnabled": True,
"rateLimitingRequestCount": 123
}
headers = {"Content-Type": "application/json"}

response = requests.patch(url, json=payload, headers=headers)

print(response.text)
const options = {
method: 'PATCH',
headers: {'Content-Type': 'application/json'},
body: JSON.stringify({
isEnabled: true,
validateRequestBodySchema: true,
validateResponseBodySchema: true,
validateAuthorization: true,
injectionDetectionParameters: {
Path: ['<string>'],
Query: ['<string>'],
Header: ['<string>'],
Cookie: ['<string>']
},
detectParameterXss: true,
detectParameterSqli: true,
rateLimitingEnabled: true,
rateLimitingRequestCount: 123
})
};

fetch('https://api.bunny.net/shield/shield-zone/{shieldZoneId}/api-guardian/endpoint/{endpointId}', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_URL => "https://api.bunny.net/shield/shield-zone/{shieldZoneId}/api-guardian/endpoint/{endpointId}",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "PATCH",
CURLOPT_POSTFIELDS => json_encode([
'isEnabled' => true,
'validateRequestBodySchema' => true,
'validateResponseBodySchema' => true,
'validateAuthorization' => true,
'injectionDetectionParameters' => [
'Path' => [
'<string>'
],
'Query' => [
'<string>'
],
'Header' => [
'<string>'
],
'Cookie' => [
'<string>'
]
],
'detectParameterXss' => true,
'detectParameterSqli' => true,
'rateLimitingEnabled' => true,
'rateLimitingRequestCount' => 123
]),
CURLOPT_HTTPHEADER => [
"Content-Type: application/json"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
package main

import (
"fmt"
"strings"
"net/http"
"io"
)

func main() {

url := "https://api.bunny.net/shield/shield-zone/{shieldZoneId}/api-guardian/endpoint/{endpointId}"

payload := strings.NewReader("{\n \"isEnabled\": true,\n \"validateRequestBodySchema\": true,\n \"validateResponseBodySchema\": true,\n \"validateAuthorization\": true,\n \"injectionDetectionParameters\": {\n \"Path\": [\n \"<string>\"\n ],\n \"Query\": [\n \"<string>\"\n ],\n \"Header\": [\n \"<string>\"\n ],\n \"Cookie\": [\n \"<string>\"\n ]\n },\n \"detectParameterXss\": true,\n \"detectParameterSqli\": true,\n \"rateLimitingEnabled\": true,\n \"rateLimitingRequestCount\": 123\n}")

req, _ := http.NewRequest("PATCH", url, payload)

req.Header.Add("Content-Type", "application/json")

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := io.ReadAll(res.Body)

fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.patch("https://api.bunny.net/shield/shield-zone/{shieldZoneId}/api-guardian/endpoint/{endpointId}")
.header("Content-Type", "application/json")
.body("{\n \"isEnabled\": true,\n \"validateRequestBodySchema\": true,\n \"validateResponseBodySchema\": true,\n \"validateAuthorization\": true,\n \"injectionDetectionParameters\": {\n \"Path\": [\n \"<string>\"\n ],\n \"Query\": [\n \"<string>\"\n ],\n \"Header\": [\n \"<string>\"\n ],\n \"Cookie\": [\n \"<string>\"\n ]\n },\n \"detectParameterXss\": true,\n \"detectParameterSqli\": true,\n \"rateLimitingEnabled\": true,\n \"rateLimitingRequestCount\": 123\n}")
.asString();
require 'uri'
require 'net/http'

url = URI("https://api.bunny.net/shield/shield-zone/{shieldZoneId}/api-guardian/endpoint/{endpointId}")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Patch.new(url)
request["Content-Type"] = 'application/json'
request.body = "{\n \"isEnabled\": true,\n \"validateRequestBodySchema\": true,\n \"validateResponseBodySchema\": true,\n \"validateAuthorization\": true,\n \"injectionDetectionParameters\": {\n \"Path\": [\n \"<string>\"\n ],\n \"Query\": [\n \"<string>\"\n ],\n \"Header\": [\n \"<string>\"\n ],\n \"Cookie\": [\n \"<string>\"\n ]\n },\n \"detectParameterXss\": true,\n \"detectParameterSqli\": true,\n \"rateLimitingEnabled\": true,\n \"rateLimitingRequestCount\": 123\n}"

response = http.request(request)
puts response.read_body
{
  "error": {
    "success": true,
    "message": "<string>",
    "errorKey": "<string>"
  },
  "data": {
    "apiGuardianEndpointId": 123,
    "shieldZoneId": 123,
    "requestMethod": "<string>",
    "requestPath": "<string>",
    "validateRequestBodySchema": true,
    "validateResponseBodySchema": true,
    "validateAuthorization": true,
    "isEnabled": true,
    "authSchemes": [
      {
        "schemeName": "<string>",
        "credentialName": "<string>",
        "httpScheme": "<string>"
      }
    ],
    "requestBodySchemaYaml": "<string>",
    "responseBodySchemasYaml": {},
    "availableParameters": {
      "Path": [
        "<string>"
      ],
      "Query": [
        "<string>"
      ],
      "Header": [
        "<string>"
      ],
      "Cookie": [
        "<string>"
      ]
    },
    "injectionDetectionParameters": {
      "Path": [
        "<string>"
      ],
      "Query": [
        "<string>"
      ],
      "Header": [
        "<string>"
      ],
      "Cookie": [
        "<string>"
      ]
    },
    "detectParameterXss": true,
    "detectParameterSqli": true,
    "rateLimitingEnabled": true,
    "rateLimitingRequestCount": 123,
    "createdAt": "2023-11-07T05:31:56Z",
    "updatedAt": "2023-11-07T05:31:56Z"
  }
}
{
"type": "<string>",
"title": "<string>",
"status": 123,
"detail": "<string>",
"instance": "<string>"
}
{
"error": {
"success": true,
"message": "<string>",
"errorKey": "<string>"
},
"data": {
"apiGuardianEndpointId": 123,
"shieldZoneId": 123,
"requestMethod": "<string>",
"requestPath": "<string>",
"validateRequestBodySchema": true,
"validateResponseBodySchema": true,
"validateAuthorization": true,
"isEnabled": true,
"authSchemes": [
{
"schemeName": "<string>",
"credentialName": "<string>",
"httpScheme": "<string>"
}
],
"requestBodySchemaYaml": "<string>",
"responseBodySchemasYaml": {},
"availableParameters": {
"Path": [
"<string>"
],
"Query": [
"<string>"
],
"Header": [
"<string>"
],
"Cookie": [
"<string>"
]
},
"injectionDetectionParameters": {
"Path": [
"<string>"
],
"Query": [
"<string>"
],
"Header": [
"<string>"
],
"Cookie": [
"<string>"
]
},
"detectParameterXss": true,
"detectParameterSqli": true,
"rateLimitingEnabled": true,
"rateLimitingRequestCount": 123,
"createdAt": "2023-11-07T05:31:56Z",
"updatedAt": "2023-11-07T05:31:56Z"
}
}
{
"error": {
"success": true,
"message": "<string>",
"errorKey": "<string>"
},
"data": {
"apiGuardianEndpointId": 123,
"shieldZoneId": 123,
"requestMethod": "<string>",
"requestPath": "<string>",
"validateRequestBodySchema": true,
"validateResponseBodySchema": true,
"validateAuthorization": true,
"isEnabled": true,
"authSchemes": [
{
"schemeName": "<string>",
"credentialName": "<string>",
"httpScheme": "<string>"
}
],
"requestBodySchemaYaml": "<string>",
"responseBodySchemasYaml": {},
"availableParameters": {
"Path": [
"<string>"
],
"Query": [
"<string>"
],
"Header": [
"<string>"
],
"Cookie": [
"<string>"
]
},
"injectionDetectionParameters": {
"Path": [
"<string>"
],
"Query": [
"<string>"
],
"Header": [
"<string>"
],
"Cookie": [
"<string>"
]
},
"detectParameterXss": true,
"detectParameterSqli": true,
"rateLimitingEnabled": true,
"rateLimitingRequestCount": 123,
"createdAt": "2023-11-07T05:31:56Z",
"updatedAt": "2023-11-07T05:31:56Z"
}
}

Path Parameters

shieldZoneId
integer<int32>
required
endpointId
integer<int64>
required

Body

Patch request for updating an individual API Guardian endpoint. All fields are optional — only provided fields are applied.

isEnabled
boolean | null

Enable or disable this endpoint. Disabled endpoints are not enforced.

validateRequestBodySchema
boolean | null

Enable or disable request body schema validation. Only effective if the endpoint's OAS operation defines a request body schema.

validateResponseBodySchema
boolean | null

Enable or disable response body schema validation. Only effective if the endpoint's OAS operation defines response schemas.

validateAuthorization
boolean | null

Enable or disable enforcement of authentication requirements as defined in the OAS security schemes.

injectionDetectionParameters
object | null

Parameters to run injection detection on, grouped by location (path, query, header, cookie). Must be a subset of the endpoint's available parameters.

detectParameterXss
boolean | null

Enable XSS detection on the selected injection detection parameters.

detectParameterSqli
boolean | null

Enable SQL injection detection on the selected injection detection parameters.

rateLimitingEnabled
boolean | null

Enable or disable per-endpoint rate limiting.

rateLimitingType
enum<string>
Available options:
Global,
IP
rateLimitingRequestCount
integer<int32> | null

Maximum number of requests allowed within the timeframe before blocking. Must be greater than zero.

rateLimitingTimeframe
enum<integer>

1 = PerSecond 10 = PerTenSeconds 60 = PerOneMinute 300 = PerFiveMinutes 900 = PerFifteenMinutes 3600 = PerOneHour

Available options:
1,
10,
60,
300,
900,
3600

Response

OK

Response for the PATCH /endpoint/{endpointId} endpoint.

error
object

Generic response object containing status information for API operations.

data
object

Detailed view of a single API Guardian endpoint, including its validation settings, authentication requirements, and rate limiting configuration.

Last modified on July 7, 2026