API Reference

The Fastly API is a RESTful API that provides access to all the features available through the Fastly web interface. The API is organized into collections of endpoints that allow manipulation of objects related to Fastly services and accounts.

IMPORTANT: The API requires TLS 1.2. Because of the PCI Security Standards Council mandate, TLS versions 1.0 and 1.1 are no longer supported.

Domain

Almost all API endpoints are served on the api.fastly.com domain. For example, to get a list of Fastly services available to your account, you could use a cURL command such as:

$ curl -H "Fastly-Key: YOUR_FASTLY_TOKEN" "https://api.fastly.com/service"

Purge requests are a special case and can be sent to the URL that you want to purge.

The real time stats API uses the domain rt.fastly.com.

Authentication

Most (but not all) API endpoints require authentication with an appropriately scoped API token, which may be created via the API or in the Fastly web interface. Requirements for individual endpoints are shown on each endpoint page. To authenticate a request, generate an API token, and then include it in your request as a Fastly-Key HTTP header:

Fastly-Key: YOUR_FASTLY_TOKEN

If you are using curl to make requests, you can append a header with -H 'Fastly-Key: YOUR_FASTLY_TOKEN'.

WARNING: If you created a Fastly account before May 15th, 2017, you may have used legacy "API keys" to authenticate API requests. This account-level credential was migrated to a personal API token with a global scope and access to all of your services. Because all tokens need to be owned by a user, this credential was assigned to a newly created, synthetic user with the name Global API Token. All endpoints that support the legacy keys also support API tokens.

Postman collection

You can use Postman to explore the Fastly API:

Download the latest Fastly API Postman collection
Import the collection into your Postman client

Clients

Client libraries are available in a number of languages. The following clients are built and maintained by Fastly:

Go
perl (available from CPAN)
python
Ruby (available from Rubygems)
PHP (available from Packagist)

We also offer a Terraform provider. If you use Terraform to orchestrate Fastly services, see our guidance on best practices.

Rate limiting

API requests are subject to a default limit of 1,000 requests per hour. This applies to each user on an account and is counted per user, regardless of the number of API tokens attached to that user. This excludes the following, which are not limited:

All read operations, such as GET and HEAD requests
Single-URL and surrogate key purges
Anonymous (unauthenticated) requests

If you go over the rate limit, you will receive a 429 Too Many Requests HTTP response. Overlapping write requests to the API may result in lost updates. We strongly recommend avoiding concurrent requests that modify configuration within the same service.

Rate limit information is provided in response headers, as shown below. The Fastly-RateLimit-Remaining header provides the number of API requests remaining in the current rate limit window. The Fastly-RateLimit-Reset provides the time at which the current rate limit window resets, as a Unix timestamp.

Fastly-RateLimit-Remaining: 999
Fastly-RateLimit-Reset: 1452032384