Accessing the Amazon WAF client application integration APIs - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Accessing the Amazon WAF client application integration APIs

This section explains where to find the application integration APIs in the Amazon WAF console.

The JavaScript integration APIs are generally available, and you can use them for your browsers and other devices that execute JavaScript.

Amazon WAF offers custom intelligent threat integration SDKs for Android and iOS mobile apps.

  • For Android mobile and TV apps, the SDKs work for Android API version 23 (Android version 6) and later. For information about Android versions, see SDK Platform release notes.

  • For iOS mobile apps, the SDKs work for iOS version 13 and later. For information about iOS versions, see iOS & iPadOS Release Notes.

  • For Apple TV apps, the SDKs work for tvOS version 14 or later. For information about tvOS versions, see tvOS Release Notes.

To access the integration APIs through the console
  1. Sign in to the Amazon Web Services Management Console and open the Amazon WAF console at https://console.amazonaws.cn/wafv2/.

  2. Choose Application integration in the navigation pane, and then choose the tab you're interested in.

    • Intelligent threat integration is available for JavaScript and mobile applications.

      The tab contains the following:

      • A list of the web ACLs that are enabled for intelligent threat application integration. The list includes each web ACL that uses the AWSManagedRulesACFPRuleSet managed rule group, the AWSManagedRulesATPRuleSet managed rule group, or the targeted protection level of the AWSManagedRulesBotControlRuleSet managed rule group. When you implement the intelligent threat APIs, you use the integration URL for the web ACL that you want to integrate with.

      • The APIs that you have access to. The JavaScript APIs are always available. For access to the mobile SDKs, contact support at Contact Amazon.

    • CAPTCHA integration is available for JavaScript applications.

      The tab contains the following:

      • The integration URL for use in your integration.

      • The API keys that you've created for your client application domains. Your use of the CAPTCHA API requires an encrypted API key that gives clients the right to access Amazon WAF CAPTCHA from their domains. For each client that you integrate with, use an API key that contains the client's domain. For more information these requirements and about managing these keys, see Managing API keys for the JS CAPTCHA API.