1. Home
2. Reference documentation

The Fastly API is a RESTful API that provides access to all the features available through the Fastly web interface. The API is organized into collections of endpoints that allow manipulation of objects related to Fastly services and accounts.

Domain

Almost all API endpoints are served on theapi.fastly.com domain. For example, to get a list of Fastly services available to your account, you could use acurl command such as:

$ curl -H "Fastly-Key: YOUR_FASTLY_TOKEN" "https://api.fastly.com/service"

Purge requests are a special case and can be sent to the URL that you want to purge.

Thereal time stats API uses the domainrt.fastly.com.

Authentication

Most (but not all) API endpoints require authentication with an appropriately scopedAPI token, which may be createdvia the API or in theFastly web interface. Requirements for individual endpoints are shown on each endpoint page. To authenticate a request, generate an API token, and then include it in your request as aFastly-Key HTTP header:

Fastly-Key:YOUR_FASTLY_TOKEN

If you are usingcurl to make requests, you can append a header with-H 'Fastly-Key: YOUR_FASTLY_TOKEN'.

API Endpoints

The API endpoints are divided into collections. You can view an index ofall endpoints on a single page or select a collection from the list below to explore that collection in detail:

• API Security
• Access control lists
• Account
• Authentication tokens
• Dictionaries
• Domain Management
• Fastly DDoS Protection Events
• Load balancing
• Metrics and stats
• Next-Gen WAF
• Observability
• Products
• Publishing
• Purging
• Real-time logging
• Security
• Services
• TLS
• Utilities
• VCL objects

Postman collection

If you usePostman, you canexplore the Fastly API workspace ordownload our Postman collection.

Clients

Client libraries are available in a number of languages. The following clients are built and maintained by Fastly:

• Go (availablefrom pkg.go.dev)
• JavaScript (availablefrom npm)
• PHP (availablefrom Packagist)
• Perl (availablefrom CPAN)
• Python (availablefrom PyPi)
• Ruby (availablefrom RubyGems)
• Rust (availablefrom crates.io)

We also offer aTerraform provider. If you use Terraform to orchestrate Fastly services, see ourguidance on best practices.

Rate limiting

API write operations are subject to a default limit of 1,000 requests per hour. This applies to each user account orautomation token. For user tokens, the limit applies to the user, regardless of the number of tokens attached to that user.

The following types of requests are not covered by the general rate limit policy:

• All read operations, such asGET andHEAD requests: 6,000 requests per minute.
• Single-URL and surrogate key purges: limited to an average of 100,000 purges per customer per hour.
• Anonymous (unauthenticated) requests: 6,000 requests per minute.

Fastly reserves the right to lower these limits to ensure system stability.

If you go over the rate limit, you will receive a429 Too Many Requests HTTP response.

Rate limit information is provided in response headers, as shown below. TheFastly-RateLimit-Remaining header provides the number of API requests remaining in the current rate limit window. TheFastly-RateLimit-Reset provides the time at which the current rate limit window resets, as aUnix timestamp.

Fastly-RateLimit-Remaining:999
Fastly-RateLimit-Reset:1452032384

If you have purchased a Fastly service package that includes specific rate limits for API operations, those will apply instead of the limits shown on this page.