The NOC REST API allows you to manage CDN caching, WAF policies, DNS records, and monitoring configurations programmatically. Use the API to integrate NOC into your deployment pipelines, build custom dashboards, automate security responses, or manage multiple sites at scale.
API Base URL
All API requests are made to the following base URL:
https://api.noc.org/v1/All endpoints require HTTPS. HTTP requests are rejected.
Authentication
The NOC API uses API key authentication. Include your API key in the Authorization header of every request:
Authorization: Bearer YOUR_API_KEYYou can generate and manage API keys from the NOC dashboard under Account Settings > API Keys. Each API key can be scoped to specific permissions (read-only, read-write, or full access) and restricted to specific sites.
Best practices for API key security:
- Use separate API keys for different applications or environments (production, staging, CI/CD).
- Scope API keys to the minimum required permissions.
- Rotate keys periodically and revoke unused keys.
- Never expose API keys in client-side code or public repositories.
Common API Operations
Cache Purge
Purge cached content from the CDN when you deploy updates. You can purge by URL, by path pattern, or flush the entire cache:
POST /v1/sites/{site_id}/cache/purge
Content-Type: application/json
{
"type": "url",
"values": [
"https://example.com/page-1",
"https://example.com/page-2"
]
}For a full cache flush:
POST /v1/sites/{site_id}/cache/purge
Content-Type: application/json
{
"type": "all"
}WAF Rule Management
List, create, update, and delete custom WAF rules:
GET /v1/sites/{site_id}/waf/rulesCreate a custom block rule:
POST /v1/sites/{site_id}/waf/rules
Content-Type: application/json
{
"action": "block",
"match": {
"field": "ip",
"operator": "equals",
"value": "203.0.113.50"
},
"description": "Block suspicious IP"
}IP Whitelist and Blacklist
Manage IP access lists for your WAF:
GET /v1/sites/{site_id}/waf/ip-lists
POST /v1/sites/{site_id}/waf/ip-lists
DELETE /v1/sites/{site_id}/waf/ip-lists/{entry_id}DNS Records
Manage DNS records for your domain:
GET /v1/domains/{domain_id}/dns/records
POST /v1/domains/{domain_id}/dns/records
PUT /v1/domains/{domain_id}/dns/records/{record_id}
DELETE /v1/domains/{domain_id}/dns/records/{record_id}Monitoring
Retrieve monitoring status and uptime history:
GET /v1/sites/{site_id}/monitoring/status
GET /v1/sites/{site_id}/monitoring/history?period=30dResponse Format
All API responses are returned in JSON format. Successful responses include a data object:
{
"status": "success",
"data": { ... }
}
Error responses include an error object with a message and error code:
{
"status": "error",
"error": {
"code": "RATE_LIMIT_EXCEEDED",
"message": "Too many requests. Retry after 60 seconds."
}
}Rate Limits
API requests are rate-limited to prevent abuse. Default limits are:
- Read operations (GET): 1,000 requests per minute.
- Write operations (POST, PUT, DELETE): 100 requests per minute.
- Cache purge: 30 requests per minute.
Rate limit headers are included in every response: X-RateLimit-Remaining and X-RateLimit-Reset. If you exceed the limit, the API returns a 429 Too Many Requests response.
Integration Examples
- CI/CD cache purge: Add an API call to your deployment script to purge the CDN cache after every deployment, ensuring visitors see updated content immediately.
- Automated IP blocking: Integrate with your security information and event management (SIEM) system to automatically block IPs that trigger security alerts.
- Custom monitoring dashboard: Pull uptime and response time data from the monitoring API to display on an internal status dashboard.
- Infrastructure as code: Manage DNS records and WAF rules through your configuration management tools (Terraform, Ansible) using the API.
Get
Started