Akamai FAQs: Cloud, Security, Delivery, and Support

A web application firewall (WAF) protects web applications by filtering and monitoring HTTP and HTTPS traffic. It helps block common threats such as SQL injection, cross-site scripting (XSS), and other application-layer attacks.

WAF protection focuses on safeguarding web applications from known attack patterns and suspicious behavior.

Web application and API protection extends beyond traditional WAF capabilities.

WAAP typically includes:

• WAF protection
• API security
• Bot management
• Application-layer DDoS protection
• Client-side protection

WAAP is designed to protect both web applications and APIs across modern, distributed architectures.

Akamai App & API Protector is a WAAP solution that delivers web application firewall protection, API security capabilities, bot management, and DDoS defense in a unified platform.

It is designed to help organizations protect public-facing applications and APIs without compromising performance.

App & API Protector protects:

• Public-facing websites
• Web applications
• REST and GraphQL APIs
• Mobile application back ends

It helps defend against application-layer attacks, credential-based attacks, API abuse, and automated threats.

App & API Protector strengthens perimeter and application-layer defenses, complementing Zero Trust approaches that verify and limit access across users, devices, and workloads.

When combined with microsegmentation and identity-based controls, it supports a layered defense-in-depth strategy.

Akamai API Security provides advanced API discovery, risk analysis, and behavioral monitoring. It helps organizations identify, catalog, and secure both known and unknown APIs.

Akamai API Security addresses risks such as Broken Object Level Authorization (BOLA), sensitive data exposure, and API abuse.

API Security analyzes live traffic to detect APIs that may not be formally documented or managed. These are sometimes referred to as shadow APIs.

By identifying unknown APIs, security teams can reduce visibility gaps and improve overall API governance.

Akamai API Security supports API testing by identifying vulnerabilities and risky behaviors observed in real-world traffic. Instead of relying only on pre-production testing, it continuously analyzes live API interactions to uncover issues such as BOLA, excessive data exposure, and misuse patterns.

Security teams can use these insights to prioritize remediation, validate fixes, and improve API security posture over time.

While WAAP and WAF provide runtime protection, API Security focuses on discovery, posture management, and ongoing risk visibility.

Organizations with extensive API ecosystems often use API Security alongside WAAP to improve visibility and reduce risk.

AI and LLM APIs introduce new attack surfaces, including prompt injection, data leakage, and abuse of model endpoints. Akamai API Security helps protect these APIs by:

• Discovering and inventorying AI-related endpoints
• Monitoring usage patterns to detect abuse or anomalous behavior
• Identifying sensitive data exposure risks in API responses
• Supporting governance and access controls across model interfaces

When combined with WAAP and bot management, API Security helps reduce risk across both traditional and AI-driven APIs.

Prolexic is an enterprise-grade DDoS protection solution designed to mitigate large-scale distributed denial of service attacks at network and application layers.

It is supported by 24/7 global operations teams to help maintain availability during attacks.

Prolexic provides:

• Network-layer DDoS protection
• Application-layer DDoS protection
• Hybrid deployment options, including on-premises and cloud-based integration
• 24/7 monitoring and mitigation support

If you are under attack:

• Contact Akamai support immediately
• Provide details about impacted assets and traffic patterns
• Follow incident response guidance from your Akamai team

Prolexic customers have access to around-the-clock operational support during active events.

Akamai Guardicore Segmentation provides microsegmentation to reduce lateral movement risk within data centers, hybrid cloud, and multicloud environments.

It enables granular policy enforcement aligned with Zero Trust principles.

Microsegmentation limits which systems can communicate with each other. If an attacker compromises one workload, segmentation policies help prevent movement to additional systems.

This reduces the blast radius of an incident.

Microsegmentation enforces Zero Trust principles by limiting communication between workloads based on identity, policy, and context — as opposed to network location alone.

Instead of assuming trust within a network, segmentation helps to ensure that only explicitly allowed traffic is permitted. This reduces implicit trust, strengthens access control, and helps organizations enforce least-privilege access across applications and environments.

Perimeter and application-layer protections defend external-facing assets. Segmentation protects internal workloads and east-west traffic.

Together, these controls support a comprehensive security strategy.

Bot management helps organizations detect and mitigate unwanted automated traffic targeting websites, applications, and APIs.

Not all bots are malicious. Some support search indexing or performance monitoring. However, malicious bots are often used for credential stuffing, account takeover (ATO), inventory hoarding, scraping, fraud, and API abuse.

Effective bot management distinguishes between legitimate automation and malicious activity. It helps protect revenue, customer trust, and application performance without blocking good traffic.

Bot management is a core component of web application and API protection.
While a web application firewall focuses on filtering known attack patterns and rule-based threats, bot management analyzes behavioral signals, intent, and automation patterns to detect sophisticated abuse that may look like normal traffic.

When combined with API security, bot management helps protect both web applications and APIs from automated threats, including credential-based attacks, scraping, and business logic abuse.

Together, WAAP, WAF, API security, and bot management provide layered protection across modern, distributed applications.

Akamai Cloud is a cloud computing platform for running and scaling applications closer to users. It runs on a globally distributed infrastructure designed for performance, resilience, and security.

It brings together core cloud services like compute, storage, networking, and Kubernetes with edge native capabilities that help organizations build and deliver modern applications and APIs worldwide.

Akamai Cloud is best used for:

• AI and machine learning workloads, particularly distributed AI inference that requires low latency and proximity to users
• Performance-sensitive applications in which latency and user experience matter (global web apps, SaaS, APIs)
• Distributed workloads that benefit from running in multiple regions without managing complex multicloud architectures
• Edge-adjacent compute use cases, such as request handling, personalization, and lightweight API orchestration
• Cost-conscious scaling, especially when price-performance and predictable spend are priorities
  

Teams that want tighter alignment between delivery, compute, and security typically choose Akamai Cloud to reduce the need to stitch together multiple vendors.

Akamai Cloud provides the distributed infrastructure necessary to build, train, and deploy AI models efficiently. By combining high-performance compute, GPU instances, and edge capabilities, organizations can run AI inference closer to end users. This reduces latency, lowers data egress costs, and improves real-time decision-making for AI-driven applications.  

Distributed cloud computing places compute and services closer to users while maintaining centralized visibility and control.

Akamai Cloud supports distributed cloud architectures through its globally distributed infrastructure and edge capabilities, making it uniquely positioned to support next-generation workloads like distributed AI inference, where processing data at the edge is critical for performance.

Organizations evaluating Akamai Cloud often consider:

• AI inference and GPU-accelerated workload requirements
• Application performance requirements
• Geographic distribution of users
• Price-performance needs based on high-egress workloads
• Security integration requirements
• Edge compute use cases

Akamai Cloud is often well suited for performance-sensitive workloads, AI deployments, and distributed applications.

Akamai has rebranded “Akamai Connected Cloud” to simply “Akamai Cloud.”  

Yes. Linode’s cloud-based virtual machines and developer-focused services are part of Akamai Cloud.

Customers continue to use familiar Linode tools and APIs, now backed by Akamai’s global infrastructure and a broader portfolio of services. Akamai continues to add new functionality to Akamai Cloud to enable enterprise functionality, including expanded GPU availability for AI workloads.  

Yes. Through Akamai Cloud (formerly Linode), developers and enterprises have access to scalable GPU instances optimized for artificial intelligence, machine learning, and intensive data processing workloads.

An edge computing platform is a software framework that allows you to execute logic closer to end users. It should be used when you need to reduce latency and enable dynamic request handling.

EdgeWorkers allows you to execute JavaScript at the edge.

Common use cases include:

• Personalization
• A/B testing
• Request and response modification
• Lightweight API orchestration

Refer to the official EdgeWorkers documentation for setup guidance, API references, and code examples.

Akamai Functions is a serverless edge compute capability that allows you to run code closer to users without managing infrastructure.

It enables developers to execute logic in response to requests, helping reduce latency and improve responsiveness for dynamic, AI-integrated applications.

Both enable execution at the edge, but they are designed for different use cases:

• EdgeWorkers: Best for lightweight, request/response manipulation and inline logic within delivery workflows
• Akamai Functions: Designed for broader serverless compute use cases that require more flexible execution and application logic
  

Together, they support a range of edge native application patterns.

Akamai Functions is well suited for:

• AI inference and real-time data processing
• API back ends and lightweight services
• Event-driven processing
• Personalization and dynamic content generation
• Authentication and request-handling logic
  

These workloads benefit from low-latency execution and proximity to end users.

Akamai Control Center is the management interface for configuring and monitoring Akamai services.

Control Center is used to manage services such as:

• App & API Protector
• API Security
• Prolexic configurations and integrations
• CDN configurations
• DNS services
• EdgeWorkers

For new deployments, start with setup guides and reference architectures.

For live issues, use troubleshooting guides and configuration documentation specific to your product.

You can contact Akamai support through our official support channels, typically accessed via your account portal and support resources. If you are a customer, the fastest path is usually:

• Sign in to your Akamai account.
• Open a support case for the relevant product or service.
• Provide impact details and technical context so the support team can route and respond quickly.
  

If you’re not yet a customer (or you’re evaluating), you can also reach out through sales or contact channels to get directed to the right support or technical resource for your stage.

Including the right details up front helps Akamai support troubleshoot faster and reduces back-and-forth. When you open a ticket, include:

• Product or service name
• Account details, such as account ID, contract ID, or other relevant identifiers
• Impacted assets, like hostnames, properties, APIs, applications, IP addresses, or regions
• Exact timestamps of the issue, including the time zone
• What changed recently, such as deployments, configuration updates, DNS changes, certificate changes, or policy updates
• Error messages and supporting evidence, like logs, request IDs, headers, screenshots, WAF events, or SIEM logs
• Steps to reproduce the issue, if possible, and what you expected versus what actually happened
• Business impact and severity, including affected users or regions, and whether production is down
  

If the issue is urgent, clearly state the severity, confirm the service impact, and include the best on-call contact method for faster escalation.

For urgent service-impacting issues:

• Contact Akamai support immediately.
• Check the Akamai status page.
• Escalate through your designated support channel.