The security rules management endpoints allow you to manage your list of security rules. Security rules define conditions to allow or block content based on specific criteria.
You have two options to use security rules:
- Use the dashboard to manage your rules visually
- Use the API to programmatically manage your rules
Authentication
Include your API key in the request header or as a query parameter:
x-api-key: your-api-key-here
or
https://veille.io/api/v1/rule?x_api_key=your-api-key-here
Endpoints
List security rules
Retrieve your list of security rules with pagination support.
GET https://veille.io/api/v1/rule
Query parameters
| Parameter | Type | Details |
|---|---|---|
| page | number | Page number (default: 1) |
| limit | number | Items per page (default: 10, max: 100) |
| rule_id | string | Filter by rule ID (optional): will search for partial matches |
| name | string | Filter by rule name (optional): will search for partial matches |
| action | string | Filter by action (optional): "allow" or "block" |
| active | string | Filter by active status (optional): "true" or "false" |
| rule_type | string | Filter by rule type (optional): "builder" or "custom" |
Response format
{
"data": [
{
"id": "123e4567-e89b-12d3-a456-426614174000",
"rule_id": "suspicious-content-12345",
"name": "Suspicious Content Detection",
"description": "Detects and blocks suspicious content",
"rule_type": "builder",
"conditions": {
"action": "block",
"enabled": true,
"conditions": [
{
"field": "ip_source_address",
"operator": "contains",
"value": "192.168.1",
"order": 1,
"enabled": true
}
]
},
"action": "block",
"active": true,
"created_at": "2024-03-26T12:00:00Z",
"rule_order": 1
}
],
"pagination": {
"currentPage": 1,
"pageSize": 10,
"totalItems": 25,
"totalPages": 3,
"hasNextPage": true,
"hasPreviousPage": false
}
}
Get a specific rule
Retrieve a specific security rule by its ID.
GET https://veille.io/api/v1/rule/:id
Response format
{
"id": "123e4567-e89b-12d3-a456-426614174000",
"rule_id": "suspicious-content-12345",
"name": "Suspicious Content Detection",
"description": "Detects and blocks suspicious content",
"rule_type": "builder",
"conditions": {
"action": "block",
"enabled": true,
"conditions": [
{
"field": "ip_source_address",
"operator": "contains",
"value": "192.168.1",
"order": 1,
"enabled": true
}
]
},
"action": "block",
"active": true,
"created_at": "2024-03-26T12:00:00Z",
"rule_order": 1
}
Create a new rule
Add a new security rule to your account.
POST https://veille.io/api/v1/rule
Request Body
{
"rule_id": "suspicious-content-12345", // Optional, will be auto-generated if not provided
"name": "Suspicious Content Detection",
"description": "Detects and blocks suspicious content", // Optional
"rule_type": "builder", // "builder" or "custom", defaults to "builder"
"conditions": {
"action": "block",
"enabled": true,
"conditions": [
{
"field": "ip_source_address", // Must be a valid field name
"operator": "contains", // Must be a valid operator for the field type
"value": "192.168.1",
"order": 1,
"enabled": true
}
]
},
"action": "block", // "allow" or "block", defaults to "block"
"active": true, // defaults to true
"rule_order": 1 // Optional, determines the order in which rules are evaluated
}
Response format
{
"id": "123e4567-e89b-12d3-a456-426614174000",
"rule_id": "suspicious-content-12345",
"name": "Suspicious Content Detection",
"description": "Detects and blocks suspicious content",
"rule_type": "builder",
"conditions": {
"action": "block",
"enabled": true,
"conditions": [
{
"field": "ip_source_address",
"operator": "contains",
"value": "192.168.1",
"order": 1,
"enabled": true
}
]
},
"action": "block",
"active": true,
"created_at": "2024-03-26T12:00:00Z",
"rule_order": 1
}
Update a rule
Update a security rule by its ID.
PUT https://veille.io/api/v1/rule/:id
Request Body
{
"rule_id": "updated-rule-id", // Optional
"name": "Updated Rule Name", // Optional
"description": "Updated description", // Optional, can be set to null
"rule_type": "builder", // Optional
"conditions": { // Optional
"action": "block",
"enabled": true,
"conditions": [
{
"field": "is_vpn",
"operator": "equals",
"value": true,
"order": 1,
"enabled": true
}
]
},
"action": "allow", // Optional
"active": false, // Optional
"rule_order": 2 // Optional, determines the order in which rules are evaluated
}
Response format
{
"id": "123e4567-e89b-12d3-a456-426614174000",
"rule_id": "updated-rule-id",
"name": "Updated Rule Name",
"description": "Updated description",
"rule_type": "builder",
"conditions": {
"action": "block",
"enabled": true,
"conditions": [
{
"field": "is_vpn",
"operator": "equals",
"value": true,
"order": 1,
"enabled": true
}
]
},
"action": "allow",
"active": false,
"created_at": "2024-03-26T12:00:00Z",
"rule_order": 2
}
Delete a rule
Delete a security rule by its ID.
DELETE https://veille.io/api/v1/rule/:id
Response format
{
"success": true
}
Available Fields and Operators
Field Types
The system supports two field types:
string: Text fields with various string operatorsboolean: Boolean fields (true/false) with equality operators
String Operators
The following operators are available for string fields:
| Operator | Description | Example |
|---|---|---|
| wildcard | Use * as a wildcard | "192.168.*" |
| strict_wildcard | More exact wildcard matching | "192.168.1.*" |
| equals | Exact match | "192.168.1.1" |
| does_not_equal | Not an exact match | Not "192.168.1.1" |
| contains | Contains the substring | Contains "168" |
| does_not_contain | Does not contain the substring | Does not contain "168" |
| starts_with | Begins with the substring | Starts with "192" |
| does_not_start_with | Does not begin with the substring | Does not start with "192" |
| ends_with | Ends with the substring | Ends with ".1" |
| does_not_end_with | Does not end with the substring | Does not end with ".1" |
| matches_regex | Matches the regex pattern | Matches "^192.168.[0-9]+.1$" |
| does_not_match_regex | Does not match the regex pattern | Does not match "^192.168.*" |
Boolean Operators
The following operators are available for boolean fields:
| Operator | Description | Example |
|---|---|---|
| equals | Is equal to true/false | Equal to true |
| does_not_equal | Is not equal to true/false | Not equal to true |
Available Fields
Data Fields
| Field Name | Type | Description |
|---|---|---|
| ip_source_address | string | The source IP address of the request |
| user_agent | string | The browser or client user agent string |
Boolean Flag Fields
| Field Name | Type | Description |
|---|---|---|
| is_bogon | boolean | Non-routable IP (e.g., local IPs like 127.0.0.1) |
| is_mobile | boolean | IP belongs to a mobile ISP (e.g., AT&T Wireless) |
| is_satellite | boolean | IP belongs to a satellite ISP (e.g., Starlink) |
| is_crawler | boolean | IP belongs to a known web crawler/bot |
| is_datacenter | boolean | IP belongs to a hosting provider or cloud service |
| is_tor | boolean | IP is a TOR exit node |
| is_proxy | boolean | IP is a known proxy server |
| is_vpn | boolean | IP is a VPN exit node |
| is_abuser | boolean | IP known for abusive behavior |
ASN Fields
| Field Name | Type | Description |
|---|---|---|
| asn.asn | string | The Autonomous System Number |
| asn.type | string | The type of ASN (hosting, education, government, etc.) |
| asn.country | string | The country where the AS is administratively located |
| asn.rir | string | The Regional Internet Registry for this ASN |
VPN Fields
| Field Name | Type | Description |
|---|---|---|
| vpn.service | string | Name of the VPN service provider |
| vpn.country | string | Country where the VPN exit node is located |
Location Fields
| Field Name | Type | Description |
|---|---|---|
| location.continent | string | Continent code (NA, SA, EU, AF, AS, OC, AN) |
| location.country | string | Country where the IP is geographically located |
| location.city | string | City where the IP is geographically located |
| location.currency | string | Primary currency used in the location |
Rule Ordering
Rules are evaluated in order based on their rule_order value. This allows you to control the priority of your security rules:
- Lower
rule_ordervalues are evaluated first - If
rule_orderis not specified, it increments by 1 for each new rule - Rules are evaluated in sequence until a match is found
Code examples
List security rules
cURL
curl -X GET \ 'https://veille.io/api/v1/rule?page=1&limit=10&action=block&active=true' \ -H 'x-api-key: your-api-key-here'
JavaScript (Fetch)
fetch('https://veille.io/api/v1/rule?page=1&limit=10', {
headers: {
'x-api-key': 'your-api-key-here'
}
})
.then(response => response.json())
.then(data => console.log(data))
.catch(error => console.error('Error:', error));
Get a specific rule
cURL
curl -X GET \ 'https://veille.io/api/v1/rule/123e4567-e89b-12d3-a456-426614174000' \ -H 'x-api-key: your-api-key-here'
JavaScript (Fetch)
fetch('https://veille.io/api/v1/rule/123e4567-e89b-12d3-a456-426614174000', {
headers: {
'x-api-key': 'your-api-key-here'
}
})
.then(response => response.json())
.then(data => console.log(data))
.catch(error => console.error('Error:', error));
Create a new rule
cURL
curl -X POST \
'https://veille.io/api/v1/rule' \
-H 'x-api-key: your-api-key-here' \
-H 'Content-Type: application/json' \
-d '{
"name": "Block Datacenter IPs",
"description": "Blocks access from known datacenter IP addresses",
"conditions": {
"action": "block",
"enabled": true,
"conditions": [
{
"field": "is_datacenter",
"operator": "equals",
"value": true,
"order": 1,
"enabled": true
}
]
},
"action": "block"
}'
JavaScript (Fetch)
fetch('https://veille.io/api/v1/rule', {
method: 'POST',
headers: {
'x-api-key': 'your-api-key-here',
'Content-Type': 'application/json'
},
body: JSON.stringify({
name: "Block Datacenter IPs",
description: "Blocks access from known datacenter IP addresses",
conditions: {
action: "block",
enabled: true,
conditions: [
{
field: "is_datacenter",
operator: "equals",
value: true,
order: 1,
enabled: true
}
]
},
action: "block"
})
})
.then(response => response.json())
.then(data => console.log(data))
.catch(error => console.error('Error:', error));
Create a complex rule with multiple conditions
cURL
curl -X POST \
'https://veille.io/api/v1/rule' \
-H 'x-api-key: your-api-key-here' \
-H 'Content-Type: application/json' \
-d '{
"name": "Block Suspicious Traffic",
"description": "Block traffic from VPNs and known abusers from specific countries",
"conditions": {
"action": "block",
"enabled": true,
"conditions": [
{
"field": "is_vpn",
"operator": "equals",
"value": true,
"order": 1,
"enabled": true
},
{
"field": "is_abuser",
"operator": "equals",
"value": true,
"order": 2,
"enabled": true
},
{
"field": "location.country",
"operator": "equals",
"value": "RU",
"order": 3,
"enabled": true
}
]
},
"action": "block"
}'
Update a rule
cURL
curl -X PUT \
'https://veille.io/api/v1/rule/123e4567-e89b-12d3-a456-426614174000' \
-H 'x-api-key: your-api-key-here' \
-H 'Content-Type: application/json' \
-d '{
"name": "Updated Rule Name",
"active": false
}'
JavaScript (Fetch)
fetch('https://veille.io/api/v1/rule/123e4567-e89b-12d3-a456-426614174000', {
method: 'PUT',
headers: {
'x-api-key': 'your-api-key-here',
'Content-Type': 'application/json'
},
body: JSON.stringify({
name: "Updated Rule Name",
active: false
})
})
.then(response => response.json())
.then(data => console.log(data))
.catch(error => console.error('Error:', error));
Delete a rule
cURL
curl -X DELETE \ 'https://veille.io/api/v1/rule/123e4567-e89b-12d3-a456-426614174000' \ -H 'x-api-key: your-api-key-here'
JavaScript (Fetch)
fetch('https://veille.io/api/v1/rule/123e4567-e89b-12d3-a456-426614174000', {
method: 'DELETE',
headers: {
'x-api-key': 'your-api-key-here'
}
})
.then(response => response.json())
.then(data => console.log(data))
.catch(error => console.error('Error:', error));
Error handling
For details on error responses and status codes, please refer to the Status Codes & Error Responses documentation.
Note: Validation of rule conditions is handled automatically. Invalid fields, operators, or incompatible values will result in a 400 error.