> ## Documentation Index > Fetch the complete documentation index at: https://bunnynet-cb9733c2-support-migration.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. # Update your OpenAPI specification ## OpenAPI ````yaml https://api.bunny.net/shield/docs/v1/swagger.json patch /shield/shield-zone/{shieldZoneId}/api-guardian/spec openapi: 3.0.4 info: title: Bunny Shield API description: >- Bunny.net API for Bunny Shield (WAF, DDoS, Rate Limiting, Bot Detection, Access Lists & API Guardian). version: v1 servers: - url: https://api.bunny.net security: [] paths: /shield/shield-zone/{shieldZoneId}/api-guardian/spec: patch: tags: - API Guardian summary: Update your OpenAPI specification operationId: Update OpenAPI Specification parameters: - name: shieldZoneId in: path required: true schema: type: integer format: int32 requestBody: content: application/json: schema: $ref: '#/components/schemas/UpsertOpenApiSpecificationRequest' text/json: schema: $ref: '#/components/schemas/UpsertOpenApiSpecificationRequest' application/*+json: schema: $ref: '#/components/schemas/UpsertOpenApiSpecificationRequest' required: true responses: '200': description: OK content: text/plain: schema: $ref: '#/components/schemas/UpsertOpenApiSpecificationResponse' application/json: schema: $ref: '#/components/schemas/UpsertOpenApiSpecificationResponse' text/json: schema: $ref: '#/components/schemas/UpsertOpenApiSpecificationResponse' '401': description: Unauthorized content: text/plain: schema: $ref: '#/components/schemas/ProblemDetails' application/json: schema: $ref: '#/components/schemas/ProblemDetails' text/json: schema: $ref: '#/components/schemas/ProblemDetails' '403': description: Forbidden content: text/plain: schema: $ref: '#/components/schemas/UpsertOpenApiSpecificationResponse' application/json: schema: $ref: '#/components/schemas/UpsertOpenApiSpecificationResponse' text/json: schema: $ref: '#/components/schemas/UpsertOpenApiSpecificationResponse' '404': description: Not Found content: text/plain: schema: $ref: '#/components/schemas/UpsertOpenApiSpecificationResponse' application/json: schema: $ref: '#/components/schemas/UpsertOpenApiSpecificationResponse' text/json: schema: $ref: '#/components/schemas/UpsertOpenApiSpecificationResponse' '500': description: Internal Server Error components: schemas: UpsertOpenApiSpecificationRequest: type: object properties: content: type: string description: The file contents of the OpenAPI specification. nullable: true enforceAuthorizationValidation: type: boolean description: >- Whether to enforce authentication requirements for endpoints. On upload, defaults to true if not specified. On update, existing endpoint auth settings are preserved if not specified. nullable: true additionalProperties: false description: >- Represents the request for uploading or updating an OpenAPI specification in API Guardian. UpsertOpenApiSpecificationResponse: type: object properties: error: $ref: '#/components/schemas/GenericRequestResponse' data: $ref: '#/components/schemas/ApiGuardianConfigurationResponse' additionalProperties: false description: >- Represents the response for uploading or updating an OpenAPI specification in API Guardian. ProblemDetails: type: object properties: type: type: string nullable: true title: type: string nullable: true status: type: integer format: int32 nullable: true detail: type: string nullable: true instance: type: string nullable: true additionalProperties: {} GenericRequestResponse: type: object properties: statusCode: $ref: '#/components/schemas/HttpStatusCode' success: type: boolean description: Indicates whether the operation was successful. message: type: string description: Human-readable message describing the result of the operation. nullable: true errorKey: type: string description: Unique error key for programmatic error handling, if applicable. nullable: true additionalProperties: false description: >- Generic response object containing status information for API operations. ApiGuardianConfigurationResponse: required: - configuration - endpoints type: object properties: configuration: $ref: '#/components/schemas/ApiGuardianConfigurationDetails' endpoints: type: array items: $ref: '#/components/schemas/ApiGuardianEndpointDetails' description: All endpoints discovered from the uploaded OpenAPI specification. nullable: true additionalProperties: false description: >- The full API Guardian state for a shield zone: global configuration and all endpoints. HttpStatusCode: enum: - 100 - 101 - 102 - 103 - 200 - 201 - 202 - 203 - 204 - 205 - 206 - 207 - 208 - 226 - 300 - 301 - 302 - 303 - 304 - 305 - 306 - 307 - 308 - 400 - 401 - 402 - 403 - 404 - 405 - 406 - 407 - 408 - 409 - 410 - 411 - 412 - 413 - 414 - 415 - 416 - 417 - 421 - 422 - 423 - 424 - 426 - 428 - 429 - 431 - 451 - 500 - 501 - 502 - 503 - 504 - 505 - 506 - 507 - 508 - 510 - 511 type: integer description: |- 100 = Continue 101 = SwitchingProtocols 102 = Processing 103 = EarlyHints 200 = OK 201 = Created 202 = Accepted 203 = NonAuthoritativeInformation 204 = NoContent 205 = ResetContent 206 = PartialContent 207 = MultiStatus 208 = AlreadyReported 226 = IMUsed 300 = MultipleChoices 300 = Ambiguous 301 = MovedPermanently 301 = Moved 302 = Found 302 = Redirect 303 = SeeOther 303 = RedirectMethod 304 = NotModified 305 = UseProxy 306 = Unused 307 = TemporaryRedirect 307 = RedirectKeepVerb 308 = PermanentRedirect 400 = BadRequest 401 = Unauthorized 402 = PaymentRequired 403 = Forbidden 404 = NotFound 405 = MethodNotAllowed 406 = NotAcceptable 407 = ProxyAuthenticationRequired 408 = RequestTimeout 409 = Conflict 410 = Gone 411 = LengthRequired 412 = PreconditionFailed 413 = RequestEntityTooLarge 414 = RequestUriTooLong 415 = UnsupportedMediaType 416 = RequestedRangeNotSatisfiable 417 = ExpectationFailed 421 = MisdirectedRequest 422 = UnprocessableEntity 422 = UnprocessableContent 423 = Locked 424 = FailedDependency 426 = UpgradeRequired 428 = PreconditionRequired 429 = TooManyRequests 431 = RequestHeaderFieldsTooLarge 451 = UnavailableForLegalReasons 500 = InternalServerError 501 = NotImplemented 502 = BadGateway 503 = ServiceUnavailable 504 = GatewayTimeout 505 = HttpVersionNotSupported 506 = VariantAlsoNegotiates 507 = InsufficientStorage 508 = LoopDetected 510 = NotExtended 511 = NetworkAuthenticationRequired format: int32 x-enum-varnames: - Continue - SwitchingProtocols - Processing - EarlyHints - OK - Created - Accepted - NonAuthoritativeInformation - NoContent - ResetContent - PartialContent - MultiStatus - AlreadyReported - IMUsed - MultipleChoices - Ambiguous - MovedPermanently - Moved - Found - Redirect - SeeOther - RedirectMethod - NotModified - UseProxy - Unused - TemporaryRedirect - RedirectKeepVerb - PermanentRedirect - BadRequest - Unauthorized - PaymentRequired - Forbidden - NotFound - MethodNotAllowed - NotAcceptable - ProxyAuthenticationRequired - RequestTimeout - Conflict - Gone - LengthRequired - PreconditionFailed - RequestEntityTooLarge - RequestUriTooLong - UnsupportedMediaType - RequestedRangeNotSatisfiable - ExpectationFailed - MisdirectedRequest - UnprocessableEntity - UnprocessableContent - Locked - FailedDependency - UpgradeRequired - PreconditionRequired - TooManyRequests - RequestHeaderFieldsTooLarge - UnavailableForLegalReasons - InternalServerError - NotImplemented - BadGateway - ServiceUnavailable - GatewayTimeout - HttpVersionNotSupported - VariantAlsoNegotiates - InsufficientStorage - LoopDetected - NotExtended - NetworkAuthenticationRequired ApiGuardianConfigurationDetails: type: object properties: shieldZoneId: type: integer format: int32 isEnabled: type: boolean description: >- Whether API Guardian is enabled for this shield zone. When disabled, no requests are inspected. executionMode: $ref: '#/components/schemas/WAFExecutionMode' bodyLimitAction: $ref: '#/components/schemas/WAFPayloadLimitAction' unmatchedPathAction: $ref: '#/components/schemas/UnmatchedPathAction' title: type: string description: The `info.title` field from the uploaded OpenAPI specification. nullable: true version: type: string description: The `info.version` field from the uploaded OpenAPI specification. nullable: true maxEndpoints: type: integer description: >- Plan limit: maximum number of endpoints that can be defined in the specification. format: int32 maxFieldsPerType: type: integer description: >- Plan limit: maximum number of properties a single schema object may declare. format: int32 maxNestingDepth: type: integer description: >- Plan limit: maximum depth of nested `$ref`, `items`, and `properties` chains. format: int32 maxTotalSchemaNodes: type: integer description: >- Plan limit: combined node count across all `components/schemas` entries. format: int32 maxTotalRegexLength: type: integer description: >- Plan limit: combined character length of all `pattern` regex strings in the specification. format: int32 createdAt: type: string format: date-time updatedAt: type: string format: date-time nullable: true additionalProperties: false description: Global API Guardian configuration for a shield zone. ApiGuardianEndpointDetails: type: object properties: apiGuardianEndpointId: type: integer format: int64 shieldZoneId: type: integer format: int32 requestMethod: type: string description: The HTTP method (e.g. "GET", "POST"). nullable: true requestPath: type: string description: The OAS path template (e.g. "/pets/{petId}"). nullable: true validateRequestBodySchema: type: boolean description: >- Whether inbound request bodies are validated against the OAS request body schema. validateResponseBodySchema: type: boolean description: >- Whether outbound response bodies are validated against the OAS response schema. validateAuthorization: type: boolean description: Whether authentication credentials are enforced. isEnabled: type: boolean description: >- Whether this endpoint is active. Disabled endpoints are not enforced. authSchemes: type: array items: $ref: '#/components/schemas/AuthSchemeDetails' description: >- Authentication schemes required by this endpoint, derived from the OAS security requirements. Null when the endpoint has no security requirements. nullable: true requestBodySchemaYaml: type: string description: >- The request body schema rendered as YAML for display purposes. Null if no request body is defined. nullable: true responseBodySchemasYaml: type: object additionalProperties: type: string description: >- Response body schemas keyed by HTTP status code, rendered as YAML. Null if no response schemas are defined. nullable: true availableParameters: type: object properties: Path: type: array items: type: string Query: type: array items: type: string Header: type: array items: type: string Cookie: type: array items: type: string additionalProperties: false description: >- All parameters defined in the OAS operation, grouped by location (path, query, header, cookie). nullable: true injectionDetectionParameters: type: object properties: Path: type: array items: type: string Query: type: array items: type: string Header: type: array items: type: string Cookie: type: array items: type: string additionalProperties: false description: >- Parameters selected for XSS/SQLi injection detection, grouped by location. Null if not configured. Subset of BunnyNet.Shield.Api.Services.Shield.ApiGuardian.Models.ApiGuardianEndpointDetails.AvailableParameters. nullable: true detectParameterXss: type: boolean description: Whether XSS detection is enabled for the selected parameters. detectParameterSqli: type: boolean description: >- Whether SQL injection detection is enabled for the selected parameters. rateLimitingEnabled: type: boolean description: Whether per-endpoint rate limiting is active. rateLimitingType: $ref: '#/components/schemas/ApiGuardianRateLimitType' rateLimitingRequestCount: type: integer description: >- Maximum number of requests allowed within the rate limiting timeframe before blocking. format: int32 rateLimitingTimeframe: $ref: '#/components/schemas/RateLimitTimeframe' createdAt: type: string format: date-time updatedAt: type: string format: date-time nullable: true additionalProperties: false description: >- Detailed view of a single API Guardian endpoint, including its validation settings, authentication requirements, and rate limiting configuration. WAFExecutionMode: enum: - 0 - 1 type: integer description: |- 0 = Log 1 = Block format: int32 x-enum-varnames: - Log - Block WAFPayloadLimitAction: enum: - 0 - 1 - 2 type: integer description: |- 0 = Block 1 = Log 2 = Ignore format: int32 x-enum-varnames: - Block - Log - Ignore UnmatchedPathAction: enum: - 0 - 1 - 2 type: integer description: |- 0 = Block 1 = Log 2 = Ignore format: int32 x-enum-varnames: - Block - Log - Ignore AuthSchemeDetails: type: object properties: schemeName: type: string description: >- The OpenAPI security scheme reference name (e.g. "bearerAuth", "apiKey"). nullable: true schemeType: $ref: '#/components/schemas/AuthSchemeType' location: $ref: '#/components/schemas/AuthLocation' credentialName: type: string description: >- The name of the header, query parameter, or cookie that carries the credential (e.g. "Authorization", "X-API-Key"). nullable: true httpScheme: type: string description: >- For HTTP auth schemes, the scheme name (e.g. "bearer", "basic"). Null for non-HTTP schemes. nullable: true additionalProperties: false description: |- Describes a single authentication scheme required by an endpoint, as extracted from the OpenAPI specification's securitySchemes. ApiGuardianRateLimitType: enum: - Global - IP type: string RateLimitTimeframe: enum: - 1 - 10 - 60 - 300 - 900 - 3600 type: integer description: |- 1 = PerSecond 10 = PerTenSeconds 60 = PerOneMinute 300 = PerFiveMinutes 900 = PerFifteenMinutes 3600 = PerOneHour format: int32 x-enum-varnames: - PerSecond - PerTenSeconds - PerOneMinute - PerFiveMinutes - PerFifteenMinutes - PerOneHour AuthSchemeType: enum: - ApiKey - Http - OAuth2 - OpenIdConnect type: string description: The type of security scheme as defined in the OpenAPI specification. AuthLocation: enum: - Header - Query - Cookie type: string description: Where an authentication credential is transmitted in the HTTP request. ````