Skip to content

Wallarm API request examples

The following are some examples of Wallarm API use. You can also generate code examples via the API Reference UI for the US cloud or EU cloud. Experienced users can also use the browser’s Developer console (“Network” tab) to quickly learn which API endpoints and requests are used by the UI of your Wallarm account to fetch data from the public API. To find information about how to open the Developer console, you can use the official browser documentation (Safari, Chrome, Firefox, Vivaldi).

Get the first 50 attacks detected in the last 24 hours

Please replace TIMESTAMP with the date 24 hours ago converted to the Unix Timestamp format.

curl -v -X POST "https://us1.api.wallarm.com/v1/objects/attack" -H "X-WallarmApi-Token: <YOUR_TOKEN>" -H "accept: application/json"  -H "Content-Type: application/json" -d "{ \"filter\": { \"clientid\": [YOUR_CLIENT_ID], \"time\": [[TIMESTAMP, null]] }, \"offset\": 0, \"limit\": 50, \"order_by\": \"last_time\", \"order_desc\": true}"
curl -v -X POST "https://api.wallarm.com/v1/objects/attack" -H "X-WallarmApi-Token: <YOUR_TOKEN>" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"filter\": { \"clientid\": [YOUR_CLIENT_ID], \"time\": [[TIMESTAMP, null]] }, \"offset\": 0, \"limit\": 50, \"order_by\": \"last_time\", \"order_desc\": true}"

Get a large number of attacks (100 and more)

For attack and hit sets containing 100 or more records, it is best to retrieve them in smaller pieces rather than fetching large datasets all at once, in order to optimize performance. The corresponding Wallarm API endpoints support cursor-based pagination with 100 records per page.

This technique involves returning a pointer to a specific item in the dataset and then on subsequent requests, the server returns results after the given pointer. To enable cursor pagination, include "paging": true in the request parameters.

The following are examples of API calls for retrieving all attacks detected since <TIMESTAMP> using the cursor pagination:

curl -k 'https://api.wallarm.com/v2/objects/attack' \
  -X POST \
  -H 'X-WallarmApi-Token: <YOUR_TOKEN>' \
  -H 'Content-Type: application/json' \
  -d '{"paging": true, "filter": {"clientid": [<YOUR_CLIENT_ID>], "vulnid": null, "time": [[<TIMESTAMP>, null]], "!state": "falsepositive"}}'
curl -k 'https://us1.api.wallarm.com/v2/objects/attack' \
  -X POST \
  -H 'X-WallarmApi-Token: <YOUR_TOKEN>' \
  -H 'Content-Type: application/json' \
  -d '{"paging": true, "filter": {"clientid": [<YOUR_CLIENT_ID>], "vulnid": null, "time": [[<TIMESTAMP>, null]], "!state": "falsepositive"}}'

This request returns information on the latest 100 attacks detected, arranged from the most recent to the earliest. In addition, the response includes a cursor parameter that contains a pointer to the next set of 100 attacks.

To retrieve the next 100 attacks, use the same request as before but include the cursor parameter with the pointer value copied from the response of the previous request. This allows the API to know where to start returning the next set of 100 attacks from, e.g.:

curl -k 'https://api.wallarm.com/v2/objects/attack' \
  -X POST \
  -H 'X-WallarmApi-Token: <YOUR_TOKEN>' \
  -H 'Content-Type: application/json' \
  -d '{"cursor":"<POINTER_FROM_PREVIOUS_RESPONSE>", "paging": true, "filter": {"clientid": [<YOUR_CLIENT_ID>], "vulnid": null, "time": [[<TIMESTAMP>, null]], "!state": "falsepositive"}}'
curl -k 'https://us1.api.wallarm.com/v2/objects/attack' \
  -X POST \
  -H 'X-WallarmApi-Token: <YOUR_TOKEN>' \
  -H 'Content-Type: application/json' \
  -d '{"cursor":"<POINTER_FROM_PREVIOUS_RESPONSE>", "paging": true, "filter": {"clientid": [<YOUR_CLIENT_ID>], "vulnid": null, "time": [[<TIMESTAMP>, null]], "!state": "falsepositive"}}'

To retrieve further pages of results, execute requests including the cursor parameter with the value copied from the previous response.

Below is the Python code example for retrieving attacks using cursor paging:

import json
from pprint import pprint as pp

import requests


client_id = <YOUR_CLIENT_ID>
ts = <TIMESTAMP>  # UNIX time

url = "https://api.wallarm.com/v2/objects/attack"
headers = {
    "X-WallarmApi-Token": "<YOUR_TOKEN>",
    "Content-Type": "application/json",
}
payload = {
    "paging": True,
    "filter": {
        "clientid": [client_id],
        "vulnid": None,
        "time": [[ts, None]],
        "!state": "falsepositive",
    },
}


while True:
    response = requests.post(url, headers=headers, json=payload)
    data = response.json()

    cursor = data.get("cursor")
    if not cursor:
        break

    pp(data)
    payload["cursor"] = cursor
import json
from pprint import pprint as pp

import requests


client_id = <YOUR_CLIENT_ID>
ts = <TIMESTAMP>  # UNIX time

url = "https://us1.api.wallarm.com/v2/objects/attack"
headers = {
    "X-WallarmApi-Token": "<YOUR_TOKEN>",
    "X-WallarmAPI-Secret": "<YOUR_SECRET_KEY>",
    "Content-Type": "application/json",
}
payload = {
    "paging": True,
    "filter": {
        "clientid": [client_id],
        "vulnid": None,
        "time": [[ts, None]],
        "!state": "falsepositive",
    },
}


while True:
    response = requests.post(url, headers=headers, json=payload)
    data = response.json()

    cursor = data.get("cursor")
    if not cursor:
        break

    pp(data)
    payload["cursor"] = cursor

Get the first 50 incidents confirmed in the last 24 hours

The request is very similar to the previous example for a list of attacks; the "!vulnid": null term is added to this request. This term instructs the API to ignore all attacks without specified vulnerability ID, and this is how the system distinguishes between attacks and incidents.

Please replace TIMESTAMP with the date 24 hours ago converted to the Unix Timestamp format.

curl -v -X POST "https://us1.api.wallarm.com/v1/objects/attack" -H "X-WallarmApi-Token: <YOUR_TOKEN>" -H "accept: application/json"  -H "Content-Type: application/json" -d "{ \"filter\": { \"clientid\": [YOUR_CLIENT_ID], \"\!vulnid\": null, \"time\": [[TIMESTAMP, null]] }, \"offset\": 0, \"limit\": 50, \"order_by\": \"last_time\", \"order_desc\": true}"
curl -v -X POST "https://api.wallarm.com/v1/objects/attack" -H "X-WallarmApi-Token: <YOUR_TOKEN>" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"filter\": { \"clientid\": [YOUR_CLIENT_ID], \"\!vulnid\": null, \"time\": [[TIMESTAMP, null]] }, \"offset\": 0, \"limit\": 50, \"order_by\": \"last_time\", \"order_desc\": true}"

Get the first 50 vulnerabilities in the status "active" within the last 24 hours

Please replace TIMESTAMP with the date 24 hours ago converted to the Unix Timestamp format.

curl -v -X POST "https://us1.api.wallarm.com/v1/objects/vuln" -H "X-WallarmApi-Token: <YOUR_TOKEN>" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"limit\":50, \"offset\":0, \"filter\":{\"clientid\":[YOUR_CLIENT_ID], \"testrun_id\":null, \"validated\":true, \"time\":[[TIMESTAMP, null]]}}"
curl -v -X POST "https://api.wallarm.com/v1/objects/vuln" -H "X-WallarmApi-Token: <YOUR_TOKEN>" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"limit\":50, \"offset\":0, \"filter\":{\"clientid\":[YOUR_CLIENT_ID], \"testrun_id\":null, \"validated\":true, \"time\":[[TIMESTAMP, null]]}}"

Get all configured rules

curl -v -X POST "https://us1.api.wallarm.com/v1/objects/hint" -H "X-WallarmApi-Token: <YOUR_TOKEN>" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"filter\":{\"clientid\": [YOUR_CLIENT_ID]},\"order_by\": \"updated_at\",\"order_desc\": true,\"limit\": 1000,\"offset\": 0}"
curl -v -X POST "https://api.wallarm.com/v1/objects/hint" -H "X-WallarmApi-Token: <YOUR_TOKEN>" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"filter\":{\"clientid\": [YOUR_CLIENT_ID]},\"order_by\": \"updated_at\",\"order_desc\": true,\"limit\": 1000,\"offset\": 0}"

Get only conditions of all rules

curl -v -X POST "https://us1.api.wallarm.com/v1/objects/action" -H "X-WallarmApi-Token: <YOUR_TOKEN>" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"filter\": { \"clientid\": [YOUR_CLIENT_ID] }, \"offset\": 0, \"limit\": 1000}"
curl -v -X POST "https://api.wallarm.com/v1/objects/action" -H "X-WallarmApi-Token: <YOUR_TOKEN>" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"filter\": { \"clientid\": [YOUR_CLIENT_ID] }, \"offset\": 0, \"limit\": 1000}"

Get rules attached to a specific condition

To point to a specific condition, use its ID - you can get it when requesting conditions of all rules (see above).

curl -v -X POST "https://us1.api.wallarm.com/v1/objects/hint" -H "X-WallarmApi-Token: <YOUR_TOKEN>" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"filter\":{\"clientid\": [YOUR_CLIENT_ID],\"actionid\": YOUR_CONDITION_ID},\"limit\": 1000,\"offset\": 0}"
curl -v -X POST "https://api.wallarm.com/v1/objects/hint" -H "X-WallarmApi-Token: <YOUR_TOKEN>" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"filter\":{\"clientid\": [YOUR_CLIENT_ID],\"actionid\": YOUR_CONDITION_ID},\"limit\": 1000,\"offset\": 0}"

Create the virtual patch to block all requests sent to /my/api/*

curl -v -X POST "https://us1.api.wallarm.com/v1/objects/hint/create" -H "X-WallarmApi-Token: <YOUR_TOKEN>" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"clientid\": YOUR_CLIENT_ID, \"type\": \"vpatch\", \"action\": [ {\"type\":\"equal\",\"value\":\"my\",\"point\":[\"path\",0]}, {\"type\":\"equal\",\"value\":\"api\",\"point\":[\"path\",1]}], \"validated\": false, \"point\": [ [ \"header\", \"HOST\" ] ], \"attack_type\": \"any\"}"
curl -v -X POST "https://api.wallarm.com/v1/objects/hint/create" -H "X-WallarmApi-Token: <YOUR_TOKEN>" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"clientid\": YOUR_CLIENT_ID, \"type\": \"vpatch\", \"action\": [ {\"type\":\"equal\",\"value\":\"my\",\"point\":[\"path\",0]}, {\"type\":\"equal\",\"value\":\"api\",\"point\":[\"path\",1]}], \"validated\": false, \"point\": [ [ \"header\", \"HOST\" ] ], \"attack_type\": \"any\"}"

Create the virtual patch for a specific application instance ID to block all requests sent to /my/api/*

An application should be configured before sending this request. Specify an ID of an existing application in action.point[instance].value.

curl -v -X POST "https://us1.api.wallarm.com/v1/objects/hint/create" -H "X-WallarmApi-Token: <YOUR_TOKEN>" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"type\":\"vpatch\",\"action\":[{\"point\":[\"instance\"],\"type\":\"equal\",\"value\":\"-1\"},{\"point\":[\"path\",0],\"type\":\"equal\",\"value\":\"my\"},{\"point\":[\"path\",1],\"type\":\"equal\",\"value\":\"api\"}],\"clientid\":YOUR_CLIENT_ID,\"validated\":false,\"point\":[[\"header\",\"HOST\"]],\"attack_type\":\"any\"}"
curl -v -X POST "https://api.wallarm.com/v1/objects/hint/create" -H "X-WallarmApi-Token: <YOUR_TOKEN>" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"type\":\"vpatch\",\"action\":[{\"point\":[\"instance\"],\"type\":\"equal\",\"value\":\"-1\"},{\"point\":[\"path\",0],\"type\":\"equal\",\"value\":\"my\"},{\"point\":[\"path\",1],\"type\":\"equal\",\"value\":\"api\"}],\"clientid\":YOUR_CLIENT_ID,\"validated\":false,\"point\":[[\"header\",\"HOST\"]],\"attack_type\":\"any\"}"

Create a rule to consider the requests with specific value of the X-FORWARDED-FOR header as attacks

The following request will create the custom attack indicator based on the regexp ^(~(44[.]33[.]22[.]11))$.

If requests to domain MY.DOMAIN.COM have the X-FORWARDED-FOR: 44.33.22.11 HTTP header, the Wallarm node will consider them to be scanner attacks and block attacks if the corresponding filtration mode has been set.

curl -v -X POST "https://us1.api.wallarm.com/v1/objects/hint/create" -H "X-WallarmApi-Token: <YOUR_TOKEN>" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"type\":\"regex\",\"action\":[{\"point\":[\"header\",\"HOST\"],\"type\":\"equal\",\"value\":\"MY.DOMAIN.NAME\"}],\"clientid\":YOUR_CLIENT_ID,\"validated\":false,\"comment\":\"comment\",\"point\":[[\"header\",\"X-FORWARDED-FOR\"]],\"attack_type\":\"scanner\",\"regex\":\"^\(~\(44[.]33[.]22[.]11\)\)$\"}"
curl -v -X POST "https://api.wallarm.com/v1/objects/hint/create" -H "X-WallarmApi-Token: <YOUR_TOKEN>" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"type\":\"regex\",\"action\":[{\"point\":[\"header\",\"HOST\"],\"type\":\"equal\",\"value\":\"MY.DOMAIN.NAME\"}],\"clientid\":YOUR_CLIENT_ID,\"validated\":false,\"comment\":\"comment\",\"point\":[[\"header\",\"X-FORWARDED-FOR\"]],\"attack_type\":\"scanner\",\"regex\":\"^\(~\(44[.]33[.]22[.]11\)\)$\"}"

Create the rule setting filtration mode to monitoring for the specific application

The following request will create the rule setting the node to filter traffic going to the application with ID 3 in the monitoring mode.

curl 'https://us1.api.wallarm.com/v1/objects/hint/create' -H 'X-WallarmApi-Token: <YOUR_TOKEN>' -H "accept: application/json" -H "Content-Type: application/json" --data-raw '{"clientid":<YOUR_CLIENT_ID>,"type":"wallarm_mode","mode":"monitoring","validated":false,"action":[{"point":["instance"],"type":"equal","value":"3"}]}'
curl 'https://api.wallarm.com/v1/objects/hint/create' -H 'X-WallarmApi-Token: <YOUR_TOKEN>' -H "accept: application/json" -H "Content-Type: application/json" --data-raw '{"clientid":<YOUR_CLIENT_ID>,"type":"wallarm_mode","mode":"monitoring","validated":false,"action":[{"point":["instance"],"type":"equal","value":"3"}]}'

Delete rule by its ID

You can copy the rule ID to be deleted when getting all configured rules. Also, a rule ID has been returned in response to the rule creation request, in the id response parameter.

curl -v -X POST "https://us1.api.wallarm.com/v1/objects/hint/delete" -H "X-WallarmApi-Token: <YOUR_TOKEN>" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"filter\":{\"clientid\":[YOUR_CLIENT_ID],\"id\": YOUR_RULE_ID}}"
curl -v -X POST "https://api.wallarm.com/v1/objects/hint/delete" -H "X-WallarmApi-Token: <YOUR_TOKEN>" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"filter\":{\"clientid\":[YOUR_CLIENT_ID],\"id\": YOUR_RULE_ID}}"

API calls to get, populate and delete IP list objects

Below are some examples of the API calls to get, populate and delete IP list objects.

API request parameters

Parameters to be passed in the API requests to read and change IP lists:

Parameter Description
X-WallarmApi-Token Token to access Wallarm API, copy it from Wallarm Console → SettingsAPI tokens.
clientid ID of an account in Wallarm Cloud to populate/read IP list.
ip_rule.list The IP list type to add objects, can be: black (for denylist), white (for allowlist), gray (for graylist).
ip_rule.rule_type The type of objects to add to the list:
  • ip_range if adding particular IPs or subnets
  • country if adding countries or regions
  • proxy_type if adding proxy services (VPN, SES, PUB, WEB, TOR)
  • datacenter for other source types (rackspace, tencent, plusserver, ovh, oracle, linode, ibm, huawei, hetzner, gce, azure, aws, alibaba)
ip_rule.subnet
(rule_type:"ip_range")
IP or subnet to add to the list, e.g. "1.1.1.1".
ip_rule.source_values
(for other rule_type values)
One of the options:
  • If rule_type:"country" - array of countries in the ISO-3166 format, e.g. ["AX","AL"].
  • If rule_type:"proxy_type" - array of proxy services, e.g. ["VPN","PUB"].
  • If rule_type:"datacenter" - array of other source types, e.g. ["rackspace","huawei"].
ip_rule.pools Array of application IDs to allow or restrict access for IPs, e.g. [3,4] for applications IDs 3 and 4 or [0] for all applications.
ip_rule.expired_at Unix Timestamp date for IPs to be removed from the list. The maximum value is forever (33223139044).
reason Reason to allow or restrict access for IPs.
force If true and some objects specified in the request are already in the IP list, the script will overwrite them.

Add to the list the entries from the .csv file

To add to the list the IPs or subnets from the .csv file, use the following bash script:

#!/bin/bash

UUID="<YOUR_UUID>"
SECRET="<YOUR_SECRET_KEY>"
CLIENT="<YOUR_CLIENT_ID>"
LIST="<TYPE_OF_IP_LIST>"
PATH_TO_CSV_FILE="<PATH_TO_CSV_FILE>" # path to the CSV file with IPs or subnets
APPLICATIONS="<APP_IDS_THROUGH_COMMA>"
REMOVE_DATE="TIMESTAMP_REMOVE_DATE"
REASON='<REASON>'
API="us1.api.wallarm.com"


index=0
while read line; do
    subnets[$index]="$line"
    index=$(($index+1))
done < "$PATH_TO_CSV_FILE"


for i in ${subnets[@]}; do
    currentDate=`date -u +%s`
    time=$REMOVE_DATE
    remove_date=$(($currentDate+$time))

curl -X POST \
https://$API/v4/ip_rules \
-H "Content-Type: application/json" \
-H "X-WallarmApi-Token: <YOUR_TOKEN>"  \
-d '{
"clientid": '$CLIENT',
"ip_rule": {
    "list": "'$LIST'",
    "rule_type": "ip_range",
    "subnet": "'$i'",
    "expired_at": '$remove_date',
    "pools": [
        '$APPLICATIONS'
    ],
    "reason": "'"$REASON"'"
},
"force": false
}'

done
#!/bin/bash

UUID="<YOUR_UUID>"
SECRET="<YOUR_SECRET_KEY>"
CLIENT="<YOUR_CLIENT_ID>"
LIST="<TYPE_OF_IP_LIST>"
PATH_TO_CSV_FILE="<PATH_TO_CSV_FILE>" # path to the CSV file with IPs or subnets
APPLICATIONS="<APP_IDS_THROUGH_COMMA>"
REMOVE_DATE="TIMESTAMP_REMOVE_DATE"
REASON='<REASON>'
API="api.wallarm.com"


index=0
while read line; do
    subnets[$index]="$line"
    index=$(($index+1))
done < "$PATH_TO_CSV_FILE"


for i in ${subnets[@]}; do
    currentDate=`date -u +%s`
    time=$REMOVE_DATE
    remove_date=$(($currentDate+$time))

curl -X POST \
https://$API/v4/ip_rules \
-H "Content-Type: application/json" \
-H "X-WallarmApi-Token: <YOUR_TOKEN>"  \
-d '{
"clientid": '$CLIENT',
"ip_rule": {
    "list": "'$LIST'",
    "rule_type": "ip_range",
    "subnet": "'$i'",
    "expired_at": '$remove_date',
    "pools": [
        '$APPLICATIONS'
    ],
    "reason": "'"$REASON"'"
},
"force": false
}'

done

Add to the list a single IP or subnet

To add particular IPs or subnets to the IP list, send the following request for each IP/subnet:

curl 'https://us1.api.wallarm.com/v4/ip_rules' \
  -H 'X-WallarmApi-Token: <YOUR_TOKEN>' \
  -H "accept: application/json" \
  -H "Content-Type: application/json" \
  --data-raw '{"clientid":<YOUR_CLIENT_ID>,"force":false,"ip_rule":{"list":"<TYPE_OF_IP_LIST>","reason":"<REASON_TO_ADD_ENTRIES_TO_LIST>","pools":[<ARRAY_OF_APP_IDS>],"expired_at":<TIMESTAMP_REMOVE_DATE>,"rule_type":"ip_range","subnet":"<IP_OR_SUBNET>"}}'
curl 'https://api.wallarm.com/v4/ip_rules' \
  -H 'X-WallarmApi-Token: <YOUR_TOKEN>' \
  -H "accept: application/json" \
  -H "Content-Type: application/json" \
  --data-raw '{"clientid":<YOUR_CLIENT_ID>,"force":false,"ip_rule":{"list":"<TYPE_OF_IP_LIST>","reason":"<REASON_TO_ADD_ENTRIES_TO_LIST>","pools":[<ARRAY_OF_APP_IDS>],"expired_at":<TIMESTAMP_REMOVE_DATE>,"rule_type":"ip_range","subnet":"<IP_OR_SUBNET>"}}'

Add to the list multiple countries

curl 'https://us1.api.wallarm.com/v4/ip_rules' \
  -H 'X-WallarmApi-Token: <YOUR_TOKEN>' \
  -H "accept: application/json" \
  -H "Content-Type: application/json" \
  --data-raw '{"clientid":<YOUR_CLIENT_ID>,"ip_rule":{"list":"<TYPE_OF_IP_LIST>","rule_type":"country","source_values":[<ARRAY_OF_COUNTRIES_REGIONS>],"pools":[<ARRAY_OF_APP_IDS>],"expired_at":"<TIMESTAMP_REMOVE_DATE>","reason":"<REASON_TO_ADD_ENTRIES_TO_LIST>"},"force":false}'
curl 'https://api.wallarm.com/v4/ip_rules' \
  -H 'X-WallarmApi-Token: <YOUR_TOKEN>' \
  -H "accept: application/json" \
  -H "Content-Type: application/json" \
  --data-raw '{"clientid":<YOUR_CLIENT_ID>,"ip_rule":{"list":"<TYPE_OF_IP_LIST>","rule_type":"country","source_values":[<ARRAY_OF_COUNTRIES_REGIONS>],"pools":[<ARRAY_OF_APP_IDS>],"expired_at":"<TIMESTAMP_REMOVE_DATE>","reason":"<REASON_TO_ADD_ENTRIES_TO_LIST>"},"force":false}'

Add to the list multiple proxy services

curl 'https://us1.api.wallarm.com/v4/ip_rules' \
  -H 'X-WallarmApi-Token: <YOUR_TOKEN>' \
  -H "accept: application/json" \
  -H "Content-Type: application/json" \
  --data-raw '{"clientid":<YOUR_CLIENT_ID>,"ip_rule":{"list":"<TYPE_OF_IP_LIST>","rule_type":"proxy_type","source_values":[<ARRAY_OF_PROXY_SERVICES>],"pools":[<ARRAY_OF_APP_IDS>],"expired_at":"<TIMESTAMP_REMOVE_DATE>","reason":"<REASON_TO_ADD_ENTRIES_TO_LIST>"},"force":false}'
curl 'https://api.wallarm.com/v4/ip_rules' \
  -H 'X-WallarmApi-Token: <YOUR_TOKEN>' \
  -H "accept: application/json" \
  -H "Content-Type: application/json" \
  --data-raw '{"clientid":<YOUR_CLIENT_ID>,"ip_rule":{"list":"<TYPE_OF_IP_LIST>","rule_type":"proxy_type","source_values":[<ARRAY_OF_PROXY_SERVICES>],"pools":[<ARRAY_OF_APP_IDS>],"expired_at":"<TIMESTAMP_REMOVE_DATE>","reason":"<REASON_TO_ADD_ENTRIES_TO_LIST>"},"force":false}'

Delete an object from the IP list

Objects are deleted from IP lists by their IDs.

To get an object ID, request the IP list contents and copy objects.id of the required object from a response:

curl 'https://us1.api.wallarm.com/v4/ip_rules?filter%5Bclientid%5D=<YOUR_CLIENT_ID>&filter%5Blist%5D=<TYPE_OF_IP_LIST>&offset=0&limit=50' \
      -H 'X-WallarmApi-Token: <YOUR_TOKEN>'
curl 'https://api.wallarm.com/v4/ip_rules?filter%5Bclientid%5D=<YOUR_CLIENT_ID>&filter%5Blist%5D=<TYPE_OF_IP_LIST>&offset=0&limit=50' \
      -H 'X-WallarmApi-Token: <YOUR_TOKEN>'

Having the object ID, send the following request to delete it from the list:

curl 'https://us1.api.wallarm.com/v4/ip_rules' \
  -X 'DELETE' \
  -H 'X-WallarmApi-Token: <YOUR_TOKEN>' \
  -H 'accept: application/json' \
  -H 'content-type: application/json' \
  --data-raw '{"filter":{"clientid":<YOUR_CLIENT_ID>,"id":[<OBJECT_ID_TO_DELETE>]}}'
curl 'https://api.wallarm.com/v4/ip_rules' \
  -X 'DELETE' \
  -H 'X-WallarmApi-Token: <YOUR_TOKEN>' \
  -H 'accept: application/json' \
  -H 'content-type: application/json' \
  --data-raw '{"filter":{"clientid":<YOUR_CLIENT_ID>,"id":[<OBJECT_ID_TO_DELETE>]}}'

You can delete multiple objects at once passing their IDs as an array in the deletion request.