Fastly API reference
The Fastly API is a RESTful API that provides access to all the features available through the Fastly web interface. The API is organized into collections of endpoints that allow manipulation of objects related to Fastly services and accounts.
IMPORTANT: The API requires TLS 1.2. Because of the PCI Security Standards Council mandate, TLS versions 1.0 and 1.1 are no longer supported.
Domain
Almost all API endpoints are served on the api.fastly.com domain. For example, to get a list of Fastly services available to your account, you could use a curl command such as:
$ curl -H "Fastly-Key: YOUR_FASTLY_TOKEN" "https://api.fastly.com/service"Purge requests are a special case and can be sent to the URL that you want to purge.
The real time stats API uses the domain rt.fastly.com.
Authentication
Most (but not all) API endpoints require authentication with an appropriately scoped API token, which may be created via the API or in the Fastly web interface. Requirements for individual endpoints are shown on each endpoint page. To authenticate a request, generate an API token, and then include it in your request as a Fastly-Key HTTP header:
Fastly-Key: YOUR_FASTLY_TOKENIf you are using curl to make requests, you can append a header with -H 'Fastly-Key: YOUR_FASTLY_TOKEN'.
API Endpoints
The API endpoints are divided into collections. You can view an index of all endpoints on a single page or select a collection from the list below to explore that collection in detail:
- Access control lists
- Account
- Authentication tokens
- Edge dictionaries
- Legacy WAF
- Load balancing
- Metrics and stats
- Observability
- Products
- Publishing
- Purging
- Real-time logging
- Security
- Services
- TLS
- Utilities
- VCL objects
- WAF 2020
Postman collection
If you use Postman, you can explore the Fastly API workspace or download our Postman collection.
Clients
Client libraries are available in a number of languages. The following clients are built and maintained by Fastly:
- Go (available from pkg.go.dev)
- JavaScript (available from npm)
- PHP (available from Packagist)
- Perl (available from CPAN)
- Python (available from PyPi)
- Ruby (available from RubyGems)
- Rust (available from crates.io)
We also offer a Terraform provider. If you use Terraform to orchestrate Fastly services, see our guidance on best practices.
Rate limiting
API write operations are subject to a default limit of 1,000 requests per hour. This applies to each user account or automation token. For user tokens, the limit applies to the user, regardless of the number of tokens attached to that user.
The following types of requests are not covered by the general rate limit policy:
- All read operations, such as
GETandHEADrequests: 6,000 requests per minute. - Single-URL and surrogate key purges: limited to an average of 100,000 purges per customer per hour.
- Anonymous (unauthenticated) requests: 6,000 requests per minute.
Fastly reserves the right to lower these limits to ensure system stability.
IMPORTANT: Overlapping write requests to the API may result in lost updates. We strongly recommend avoiding concurrent requests that modify configuration within the same service.
If you go over the rate limit, you will receive a 429 Too Many Requests HTTP response.
Rate limit information is provided in response headers, as shown below. The Fastly-RateLimit-Remaining header provides the number of API requests remaining in the current rate limit window. The Fastly-RateLimit-Reset provides the time at which the current rate limit window resets, as a Unix timestamp.
Fastly-RateLimit-Remaining: 999Fastly-RateLimit-Reset: 1452032384If you have purchased a Fastly service package that includes specific rate limits for API operations, those will apply instead of the limits shown on this page.
