Skip to main content
The Shield API provides a RESTful interface for managing security settings on your pull zones. Configure WAF rules, rate limiting, bot detection, and access controls programmatically.

Base URL

https://api.bunny.net

Authentication

Authenticate using the AccessKey header with your account API key: 
curl --request GET \
  --url https://api.bunny.net/shield/waf/{shieldZoneId} \
  --header 'AccessKey: YOUR_API_KEY'
Find your API key in the account settings under API Keys.

Resources

WAF

Block exploits and OWASP Top 10 vulnerabilities

Rate Limiting

Control request rates per IP, user, or path

Bot Detection

Detect and block malicious bots

Access Lists

Manage IP allowlists and blocklists