Drawer content here
< Back to API Products
API Overview

Lumen Arbor Sightline (SP) Distributed Denial of Service (DDoS) APIs allow Lumen customers with a DDoS subscription to pull in DDoS alert and mitigation details without using the customer portal.   

This documentation provides technical information that Lumen business partners may use to create their own API interfaces. It does not intend to provide technical or product training. Lumen DDoS Mitigation customers that utilize this API will be able to:

  • View DDoS Alert information (anomalous network activity)
  • View DDoS Managed Object information (configured network resources that Arbor Sightline uses to sort, filter, and store traffic and flow data)
  • View DDoS Mitigation information (filters malicious traffic while permitting expected traffic)

Intended User (Target Audience) 

The Arbor Sightline DDoS API is only for use by approved Lumen business partners and wholesale vendors. All Lumen business partners who intend to use Arbor Sightline DDoS APIs should request access for API Marketplace and complete the required authentication and authorization prerequisites before accessing the APIs. The Arbor Sightline DDoS APIs and associated technology should be used by someone who is familiar with API interfaces, REST, and JSON. 

Business Benefits 

The Arbor Sightline DDoS API allows a partner or vendor to directly call APIs from their own application instead of having to login to a Lumen system or front-end application to get information or complete actions. This empowers customers with a more efficient process for managing DDoS Mitigation through self-provisioning connections, viewing connection statuses, and disconnecting connections from their own applications. 

Getting started
Quick Start Guide
  1. Make sure you have an account with DDoS Mitigation product. (Contact your account representative or Lumen.com for more information on getting DDoS Mitigation.)
  2. Register as user on Lumen API Marketplace then Add App and request access to DDoS Mitigation API
  3. Obtain API Keys -
    1. Oauth2 Key and Secret are provided when request for access to DDoS Mitigation API is made but won't be working until in "Approved" status on MyApps screen (available when logged in on Lumen API Marketplace). 
    2. Contact Lumen Security Operations Center (SOC) to request Sightline credentials for your account.   Create a security change request. If you need help creating a security trouble ticket, call the Lumen Security Operations Center at 866-254-5210
  4. Try It - Use "Try It" button on "Documentation Specification" page to see mock data examples of available REST calls
  5. Build it - Build API calls into your application - use guidance, specifications and examples from "Documentation/Specification" and "Code Samples" sections to build your capabilities into your application. 

This is version 6 of the REST API for Sightline. 

Sandbox and Production

When setting up your Apps in My Apps you can create a Sandbox app and a Production app. You will then have two different sets of Consumer Keys and Consumer Secrets.

Base URL Sandbox: https://api-test.lumen.com/

Base URL Prod: https://api.lumen.com/

The Sandbox (test) environment is available to developers to build initial code against. It is a snapshot of production type data so that you can try out requests and responses. The Sandbox is not meant to be used as a QA environment. It is also not meant to duplicate production, therefore data that exists in Production may not be present in the Sandbox environment. Sandbox does not represent the up-time expectations of Production. We recommend that you complete shakeout testing against Production, keeping in mind that all transactions will be live.

 

Authentication / Authorization

Two sets of credentials are required in order to make API calls for this API Product; the Lumen API token and the Sightline API token.

  • Lumen API Token
    • Lumen supports the OAuth 2.0 client credentials authorization grant flow for external access by client-side applications. 
      • Only existing Lumen customers can access DDoS Mitigation APIs. Please contact your account manager to begin the enrollment process, or see www.lumen.com for more information about getting our DDoS Mitigation product.  DDoS Mitigation customers can request access to the API Product (See "Getting Started" on Lumen API Marketplace).  Once your request for access is approved you can go to Using OAuth 2.0 for detailed steps on getting a Bearer token using basic authorization base64 encoding.
        • The Lumen API token is your Auth Bearer token and can be retrieved like so:
          • curl -u "username:password" -d "grant_type=client_credentials" https://api.lumen.com/oauth/token
  • Sightline API Token
    • Enroll in Arbor Sightline API by opening a ticket with the Lumen Security Operations Center (SOC).  They will provide an API token to be used for access to Arbor Sightline equipment as in the example below. 
Documentation / Specification
Code Samples

Example: Lists all alerts on the system.

$ curl \  
-H "Authorization: Bearer $LUMEN_TOKEN" \
-H "X-Arbux-APIToken: $SIGHTLINE_TOKEN" \ 
-L https://api.lumen.com/Security/v1/Security/DDos/alerts/ 

Example: Lists the parameters and their values for alert 252. 

$ curl \
-H "Authorization: Bearer $LUMEN_TOKEN"  \
-H "X-Arbux-APIToken: $SIGHTLINE_TOKEN" \ 
-L https://api.lumen.com/Security/v1/Security/DDos/alerts/252 

Example: Lists the attributes, relationships, and values for the mitigations related to alert 252. 

$ curl \ 
-H "Authorization: Bearer $LUMEN_TOKEN" \
-H "X-Arbux-APIToken: $SIGHTLINE_TOKEN" \ 
-L https://api.lumen.com/Security/v1/Security/DDos/alerts/252/mitigations/ 

Status and Codes

 

Status Code Description
200 OK - Successful requests for data from the SP REST API will return the requested data along with the HTTP status code.
201 Created Successful - API POST and PATCH requests will return all the data for the object that was created or modified. 
202 Accepted - Successful requests will return the payload with the endpoint response.
204 No Content - API delete requests do not return any data, since the SP object you were acting on is now gone. 
400 Bad Request - If you POST to an endpoint with incorrect attributes or values, the REST API returns a BAD REQUEST 400 error and, in some cases, partially creates the new object. 
404 Not Found - If you GET/POST/etc to an endpoint in which user does not have permissions, the REST API returns a 404 NOT FOUND error. 

 

Rate Limits and Quotas

Access to DDoS Mitigation APIs is limited and may be restricted or rejected based on frequency of use.    

Support / Tools

The Lumen API Marketplace provides support options to ensure you get the most out of your experience. If at any time you need support, navigate to “Help” on any page in the Lumen API Marketplace and select "Contact Us" to engage with Lumen API Marketplace support.  

This API interface is outside of the normal production Lumen-controlled functionality. Its usage requires a technical level of knowledge by the end user. Lumen cannot be responsible for the lack of technical knowledge or understanding of the technologies integrated with this interface and the resulting incorrect results or end-user environmental impacts. Problems with a client’s operating environments or any technical issues on the client’s side of the transaction are not handled or supported by Lumen. As such, normal Lumen production support processes will be allowed only in the event of a data issue (if it is suspected that the extracted information is incorrect) or post-activation traffic issues, and only after the end user validates proper usage of this API.