API Reference
Manage your NOC CDN, WAF, and DNS programmatically via a simple REST API.
All API calls use https://my.noc.org/api with your API key. Access your key in the NOC Dashboard → Account → API.
Authentication
All API requests require your API key, passed as a query parameter on every call:
https://my.noc.org/api?apikey=YOUR_API_KEY&action=ACTION&...Your API key is available in the NOC dashboard under Account → API. Keep it private — anyone with your key can manage your account.
Request Format
All API calls follow the same pattern:
https://my.noc.org/api?apikey=YOUR_API_KEY&action=ACTION_NAME¶m1=value1¶m2=value2Parameters are passed as URL query strings. For endpoints that accept file uploads (e.g., SSL certificates), use curl -F for multipart form data.
Response Format
All responses are JSON. Successful calls return:
{"status": "success", ...}Failed calls return:
{"status": "failed", "reason": "Description of what went wrong"}CDN / WAF API
cdn/activate
Activates the WAF/CDN for a website when the domain DNS is hosted at NOC. Automatically switches DNS A records and activates the WAF/CDN.
| Parameter | Required | Description |
|---|---|---|
domain | Yes | Valid domain name |
subdomain | Yes | Subdomain or @ for apex domain |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/activate&domain=example.com&subdomain=@"cdn/add
Adds a website to the WAF/CDN. Use for domains with DNS not hosted at NOC. You will need to create a CNAME, A, or ALIAS record pointing to the NOC CDN address.
| Parameter | Required | Description |
|---|---|---|
website | Yes | Valid website/domain |
hosting_ip | Yes | Origin/hosting IP address for the CDN to proxy |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/add&website=example.com&hosting_ip=203.0.113.10"cdn/deactivate
Disables the WAF/CDN for a website with DNS hosted at NOC.
| Parameter | Required | Description |
|---|---|---|
website | Yes | Valid website/domain |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/deactivate&website=example.com"cdn/delete
Deletes the WAF/CDN for a website (DNS not at NOC). Warning: Switch DNS back to your origin IP first to prevent downtime.
| Parameter | Required | Description |
|---|---|---|
website | Yes | Valid website/domain |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/delete&website=example.com"cdn/list
List all websites with WAF/CDN activated in your account.
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/list"Response:
{"status":"success","domains":["example.com","example.org"]}cdn/get
Get the CDN & WAF configuration for a website.
| Parameter | Required | Description |
|---|---|---|
website | Yes | Valid website/domain |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/get&website=example.com"Response:
{"status":"success","config":{
"ip":["203.0.113.10"],
"proxyto":"80",
"https_redirect":true,
"upgrade_insecure":true,
"caching_time_static":"30d",
"caching_time_pages":"720m",
"gzip":true,
"http2":true,
"optmize_images":false,
"secure_cookie_flags":false,
"floc_out":false,
"waf":true,
"waf_virtual_hardening":true,
"waf_admin_lockdown":false
}}cdn/stats
Get CDN & WAF traffic statistics for a specific day, broken down by hour.
| Parameter | Required | Description |
|---|---|---|
website | Yes | Valid website/domain |
date | Yes | Date in yyyy-mm-dd format |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/stats&website=example.com&date=2026-03-05"Response:
{"requests":{"2026-03-05 00:00":{"received":128,"blocked":12,"bytes":873477,"bytes_cached":655017}, ...}}cdn/logs
Download CDN & WAF logs for a specific day.
| Parameter | Required | Description |
|---|---|---|
website | Yes | Valid website/domain |
date | Yes | Date in yyyy-mm-dd format |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/logs&website=example.com&date=2026-03-05"Response: Plain-text log lines with timestamp, domain, edge node, IP, status, bytes, cache status, WAF action, method, path, and user agent.
cdn/logs/last
Get the most recent CDN & WAF logs (reverse chronological order).
| Parameter | Required | Description |
|---|---|---|
website | Yes | Valid website/domain |
limit | No | Number of log entries (default: 200) |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/logs/last&website=example.com&limit=10"cdn/logs/query
Get CDN & WAF logs since a specified timestamp.
| Parameter | Required | Description |
|---|---|---|
website | Yes | Valid website/domain |
since | Yes | Timestamp: yyyy-mm-dd HH:MM:SS |
limit | No | Number of log entries (default: 200) |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/logs/query&website=example.com&limit=10&since=2026-03-05%2013:00:00"cdn/uploadssl
Upload an SSL certificate and private key to prevent downtime during migration (before NOC's auto-issued certificates are ready). The certificate should be the full chain.
| Parameter | Required | Description |
|---|---|---|
website | Yes | Valid website/domain |
public_key | Yes | Full-chain SSL certificate file |
private_key | Yes | Private key file |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/uploadssl&website=example.com" \
-F 'public_key=@./fullchain.pem' \
-F 'private_key=@./privkey.pem'cdn/alias_domain/add
Add an alias domain to the WAF/CDN. The alias will 301 redirect to the main domain (or serve directly with alias_type=direct).
| Parameter | Required | Description |
|---|---|---|
website | Yes | Primary domain |
alias_domain | Yes | Alias domain to add |
alias_type | No | 301 (default, recommended) or direct |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/alias_domain/add&website=example.com&alias_domain=example.net"cdn/cache/purge
Purge the entire CDN cache for a website.
| Parameter | Required | Description |
|---|---|---|
website | Yes | Valid website/domain |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/cache/purge&website=example.com"CDN Settings
cdn/set/protectedurls
Set URLs that require additional access protection (e.g., admin panels, internal APIs).
| Parameter | Required | Description |
|---|---|---|
website | Yes | Valid website/domain |
value | Yes | Space-separated URL paths (e.g., /admin /api) |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/set/protectedurls&website=example.com&value=/admin%20/wp-admin"cdn/set/botprotectedurls
Set URLs with bot verification enabled. Bots will be challenged before accessing these paths.
| Parameter | Required | Description |
|---|---|---|
website | Yes | Valid website/domain |
value | Yes | Space-separated URL paths |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/set/botprotectedurls&website=example.com&value=/api/v1%20/login"cdn/set/readonlyurls
Set URLs as read-only (POST and write methods will be blocked).
| Parameter | Required | Description |
|---|---|---|
website | Yes | Valid website/domain |
value | Yes | Space-separated URL paths |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/set/readonlyurls&website=example.com&value=/public-data"cdn/set/whitelistedurls
Set URLs that bypass WAF inspection (whitelisted).
| Parameter | Required | Description |
|---|---|---|
website | Yes | Valid website/domain |
value | Yes | Space-separated URL paths |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/set/whitelistedurls&website=example.com&value=/webhook-endpoint"cdn/set/whitelistedips
Set IP addresses that are always allowed. Partial regexes supported (e.g., ^1.1. to allow 1.1.0.0/16).
| Parameter | Required | Description |
|---|---|---|
website | Yes | Valid website/domain |
value | Yes | Space-separated IPs or patterns |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/set/whitelistedips&website=example.com&value=203.0.113.10%20^10.0."cdn/set/blacklistedips
Set IP addresses that are always blocked. Partial regexes supported (e.g., ^1.1. to block 1.1.0.0/16).
| Parameter | Required | Description |
|---|---|---|
website | Yes | Valid website/domain |
value | Yes | Space-separated IPs or patterns |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/set/blacklistedips&website=example.com&value=198.51.100.0%20^192.168."cdn/set/websocketsurls
Set URLs that support WebSocket connections through the CDN.
| Parameter | Required | Description |
|---|---|---|
website | Yes | Valid website/domain |
value | Yes | Space-separated URL paths |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/set/websocketsurls&website=example.com&value=/ws%20/socket.io"cdn/set/noncacheurls
Set URLs that should never be cached by the CDN.
| Parameter | Required | Description |
|---|---|---|
website | Yes | Valid website/domain |
value | Yes | Space-separated URL paths |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/set/noncacheurls&website=example.com&value=/api%20/checkout"cdn/set/hosting_read_timeout
Set the timeout when reading responses from the hosting/origin server (default: 45s).
| Parameter | Required | Description |
|---|---|---|
website | Yes | Valid website/domain |
value | Yes | 10s, 30s, 45s, 60s, 120s, 180s, or 300s |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/set/hosting_read_timeout&website=example.com&value=60s"cdn/set/caching
Set the CDN caching level. Default caches static files and pages, respecting site headers. Aggressive (full) tries to cache as much as possible, including some dynamic pages.
| Parameter | Required | Description |
|---|---|---|
website | Yes | Valid website/domain |
value | Yes | default or aggressive |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/set/caching&website=example.com&value=default"cdn/set/caching_time_static
Set the CDN caching period for static assets (images, JS, CSS).
| Parameter | Required | Description |
|---|---|---|
website | Yes | Valid website/domain |
value | Yes | 10m, 30m, 60m, 120m, 240m, 360m, 720m, 1d, 2d, 3d, 7d, 14d, or 30d |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/set/caching_time_static&website=example.com&value=7d"cdn/set/caching_time_pages
Set the CDN caching period for pages/HTML content.
| Parameter | Required | Description |
|---|---|---|
website | Yes | Valid website/domain |
value | Yes | 10m, 30m, 60m, 120m, 240m, 360m, 720m, 1d, 2d, 3d, 7d, 14d, or 30d |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/set/caching_time_pages&website=example.com&value=720m"CDN / WAF Options (Toggle On/Off)
Enable or disable various WAF/CDN features. Set value=true to enable, value=false to disable.
| Action | Description |
|---|---|
cdn/set/https_redirect | Force HTTP to HTTPS redirect |
cdn/set/upgrade_insecure | Upgrade HTTP resources to HTTPS |
cdn/set/gzip | Enable gzip compression |
cdn/set/floc_out | Block Google FLoC tracking |
cdn/set/optmize_images | Enable image optimization |
cdn/set/secure_cookie_flags | Add Secure flag to cookies |
cdn/set/waf | Enable/disable the WAF |
cdn/set/waf_virtual_hardening | Enable virtual patching/hardening |
cdn/set/waf_admin_lockdown | Lock down admin panels (wp-admin, etc.) |
# Enable gzip compression
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/set/gzip&website=example.com&value=true"
# Enable WAF admin lockdown
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/set/waf_admin_lockdown&website=example.com&value=true"Custom Rules
cdn/customrules/add
Create a new custom rule for your website. Custom rules let you set honeypots, rate limits, redirects, browser verification, traffic queuing, country blocks, user-agent blocks, and API protection.
| Parameter | Required | Description |
|---|---|---|
website | Yes | Valid website/domain |
rule_type | Yes | Rule type (see below) |
url | Yes | URL paths to apply this rule (use / for site-wide). Multiple paths separated by spaces. |
rule_name | No | Name for the rule ([a-z0-9-]). Random if omitted. |
value | Varies | Configuration value (depends on rule_type) |
region | No | all (default), north_america, south_america, europe, asia, oceania |
block_response | No | default, stealthy_404, stealthy_503, stealthy_403, html, empty_200, redirect_to:URL |
Rule Types
| rule_type | Description | value |
|---|---|---|
honeypot | Trap URLs that should never be visited. Visiting IPs are blocked. | Block duration in seconds (default: 600) |
max_requests | Max requests per IP per minute | Request threshold (default: 50) |
redirect_to | 301 redirect to another URL | Destination URL path |
browser_verify | Verify the request comes from a real browser | — |
queue | Queue visitors over a threshold into a waiting room | Max concurrent visitors |
country_block | Block traffic from specific countries | Space-separated 2-letter country codes |
useragent_block | Block specific user agents | Space-separated user agent strings |
api_protect | Enable API protection (bot detection, anomaly scoring) | — |
ip_block | Block specific IPs | Space-separated IPs |
Examples
# Rate limit: max 150 requests/min to /api
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/customrules/add&website=example.com&rule_type=max_requests&url=/api&value=150"
# Country block: block Russia, Iran, and North Korea site-wide
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/customrules/add&website=example.com&rule_type=country_block&url=/&value=RU%20KP%20IR"
# Redirect: /old-page to /new-page
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/customrules/add&website=example.com&rule_type=redirect_to&url=/old-page&value=/new-page"
# Honeypot: trap /admin.bak (block visitors for 10 minutes)
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/customrules/add&website=example.com&rule_type=honeypot&url=/admin.bak&value=600"
# API protection on /api/v2/
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/customrules/add&website=example.com&rule_type=api_protect&url=/api/v2/"cdn/customrules/delete
Delete a custom rule by name. To update a rule, delete it and re-add with new settings.
| Parameter | Required | Description |
|---|---|---|
website | Yes | Valid website/domain |
rule_name | Yes | Name of the rule to delete |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/customrules/delete&website=example.com&rule_name=my-rule-name"cdn/customrules/list
List all custom rules for a website.
| Parameter | Required | Description |
|---|---|---|
website | Yes | Valid website/domain |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=cdn/customrules/list&website=example.com"DNS API
domain/add
Add a new domain to your NOC DNS account.
| Parameter | Required | Description |
|---|---|---|
domain_name | Yes | Valid domain name |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=domain/add&domain_name=example.com"domain/remove
Delete a domain from your account. All DNS records must be removed first.
| Parameter | Required | Description |
|---|---|---|
domain_name | Yes | Valid domain name |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=domain/remove&domain_name=example.com"domains/list
List all domains in your DNS account.
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=domains/list"Response:
{"status":"success","domains":["example.com","example.org"]}domain/set_tag
Set a customer tag for a domain name (useful for organizing domains by client or project).
| Parameter | Required | Description |
|---|---|---|
domain_name | Yes | Valid domain name |
tag | Yes | Tag string ([a-zA-Z0-9_]) |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=domain/set_tag&domain_name=example.com&tag=client_acme"record/add
Add a new DNS record to a domain.
| Parameter | Required | Description |
|---|---|---|
domain_name | Yes | Valid domain name |
sub_domain | Yes | Subdomain (e.g., www, @ for apex) |
record_type | Yes | DNS record type: A, AAAA, MX, CNAME, TXT, etc. |
address | Yes | Record value (IP address, hostname, or text) |
ttl | No | TTL in seconds (default: 3600) |
# Add an A record for www.example.com
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=record/add&domain_name=example.com&sub_domain=www&record_type=A&address=203.0.113.10&ttl=120"record/delete
Delete a DNS record from a domain.
| Parameter | Required | Description |
|---|---|---|
domain_name | Yes | Valid domain name |
sub_domain | Yes | Subdomain of the record |
recordid | Yes | Record ID (from records/list) |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=record/delete&domain_name=example.com&sub_domain=www&recordid=12345"records/list
List all DNS records for a domain (or all to list records across all domains).
| Parameter | Required | Description |
|---|---|---|
domain_name | Yes | Valid domain name or all |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=records/list&domain_name=example.com"sub_domain/set/routing
Configure the routing type for a subdomain with multiple DNS records. Useful for high availability and performance optimization.
| Parameter | Required | Description |
|---|---|---|
domain_name | Yes | Valid domain name |
sub_domain | Yes | Subdomain to configure |
routing_type | Yes | disabled (all records always on), distance_routing (closest/best IP), or simple_failover (remove failed records) |
routing_monitoring | No | ping, http, or https |
curl "https://my.noc.org/api?apikey=YOUR_API_KEY&action=sub_domain/set/routing&domain_name=example.com&sub_domain=www&routing_type=distance_routing&routing_monitoring=https"Need Help?
If you have questions about the API or need help integrating, contact our support team at support@noc.org.
For getting started guides and tutorials, see:
Get
Started