---
title: "Akamai Edgeworker"
slug: "akamai-edgeworker"
description: "Learn how to integrate Akamai EdgeWorker with Traceable for enhanced API security and monitoring. This step-by-step guide explains how to capture real-time traffic data at the edge, leveraging Akamai’s serverless capabilities to identify threats, enhance observability. Discover how EdgeWorker duplicates traffic for analysis while maintaining uninterrupted service to downstream applications."
updated: 2024-11-06T13:19:59Z
published: 2024-11-06T13:19:59Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://traceabledocs.document360.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Akamai Edgeworker

This document provides a step-by-step guide to setting up data collection on Akamai using the Traceable Platform Agent (TPA). Integrating with Akamai's EdgeWorker allows you to capture and export request and response data to Traceable for monitoring and analysis.

**Akamai EdgeWorker** is a serverless environment that allows you to run JavaScript at the edge of the Akamai network. This enables efficient processing of web traffic closer to the end user, reducing latency and improving performance. By leveraging EdgeWorker with Traceable, you can capture rich insights directly at the edge, allowing for enhanced observability and faster real-time detection of potential security issues. Following is a high-level deployment diagram:

![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_akamai_edgeworker_deployment_architecture.png)

1. **User Request**:
  - User sends an API request, which is received by Akamai's edge.
2. **Data Capture by Akamai EdgeWorker**:
  - The Akamai EdgeWorker processes the request, capturing and duplicating the traffic data.
  - Original traffic continues to downstream applications (API Gateways, Load Balancers, or Apps).
3. **Duplicate Traffic Sent to TPA**:
  - The EdgeWorker sends duplicated traffic over HTTPS to a TCP Load Balancer in the data center/cloud.
4. **Traffic Distribution to TPA Instances**:
  - The TCP Load Balancer distributes traffic across multiple Traceable Platform Agent (TPA) instances.
5. **Data Processing and Forwarding**:
  - Each TPA instance processes the traffic data for security insights and forwards relevant data to the Traceable Platform for monitoring and analysis.

---

## Before you begin

- **TPA Deployment**: Ensure a TPA instance is deployed and exposed on port 443.

### Steps Overview

This integration involves four key steps:

1. Create EdgeWorker in Akamai
2. Add Property Manager Variables
3. Add Origin Connectivity Rule
4. Add Invoke EdgeWorker Rule

> [!NOTE]
> Note
> 
> - The EdgeWorker that will be created in Step 1 can be shared across multiple properties.
> - However, Steps 2-4 (Property Variables, Origin Connectivity Rule, and EdgeWorker Rule) must be configured separately for each property.

---

## Deployment steps

### Step 1 — Create EdgeWorker in Akamai

An Akamai EdgeWorker is a serverless environment that enables JavaScript code execution at the edge of the Akamai network. We use EdgeWorker to capture data on incoming requests and responses in this setup.

1. **Download the Latest EdgeWorker Script** Obtain the latest `traceable-akamai` EdgeWorker JavaScript file.
2. **Create EdgeWorker in Akamai**
  - In Akamai, navigate to **EdgeWorkers**.
  - Click **Create EdgeWorker ID**.
  - Enter the required fields: **Name**, **Contract**, and **Subscription**.

![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_akamai_edgeworker_Create EdgeWorker.png)
3. **Upload the EdgeWorker Code**
  - Navigate to the newly created EdgeWorker.
  - Select **Create Version** and then **Open Editor**.
  - Paste the downloaded JavaScript bundle into the editor and save.
4. **Activate EdgeWorker**
  - Activate the EdgeWorker version in either **Staging** or **Production**.

> [!NOTE]
> Note
> 
> The EdgeWorker will not process traffic until attached to a property in later steps.

At this point, you have successfully deployed the EdgeWorker.

---

### Step 2 — Configure Property Variables

Each property that uses the EdgeWorker needs to have specific Property Variables configured.

1. **Navigate to Property Manager**
  - In Akamai, go to **Property Manager** and select the property you want to integrate.
2. **Create New Version**
  - Click **New Version** to create a new version of the property.
3. **Add Property Variables**
  - Configure the following variables as shown below:

| Variable Name | Value | Default Value | Visibility | Note |
| --- | --- | --- | --- | --- |
| `TRACEABLE_HOST` | string | undefined | Visible | Must be supplied (e.g., agents.traceable.ai, ec2-1.2.3.4-us-east2.amazon.aws.com) |
| `TRACEABLE_GUID` | string | undefined | Hidden | Required if exporting data directly to Traceable. |
| `TRACEABLE_TIMEOUT` | int | 100 | Visible | Time in milliseconds to allow the async export to complete. |
| `TRACEABLE_SERVICE_NAME` | string | Akamai | Visible | Service name that will appear in the Traceable UI. |

![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_akamai_edgeworker_configure_property_variables.png)

---

### Step 3 — Add Origin Connectivity Rule

The Origin Connectivity Rule ensures that the Traceable endpoint is recognized as part of the Akamai network. This is essential because EdgeWorkers can only make subrequests to HTTPS hosts within the Akamai network.

1. **Navigate to Property Configuration Settings**
  - In **Property Manager**, select **Property Configuration Settings**.
2. **Create a New Rule**
  - Click **+ Rules** and select **Blank Rule Template**.
  - Provide a rule name, such as `Traceable Origin Connectivity Rule`.
3. **Define Criteria and Behaviors**
  - **Criteria**:
    - Set **Path** to **Matches one of** and add `/ext_cap/v1/req_res_cap`. ![traceable_akamai_edgeworker_origin_connectivity_rule](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_akamai_edgeworker_origin_connectivity_rule.png)
  - **Behavior**:
    - Click **+ Behavior** and choose **Standard Property Behavior**.
    - Select **Origin Server**.
    - Configure the fields as follows:

| Field | Value |
| --- | --- |
| Origin Type | Your Origin |
| Origin Server Hostname | `{{user.PMUSER_TRACEABLE_HOST}}` |
| Forward Host Header | Custom Value |
| Custom Forward Host Header | `{{user.PMUSER_TRACEABLE_HOST}}` |
| Cache Key Hostname | Origin Hostname |
| IPv6 Origin Support | IPv4-Only |
| Supports gzip Compression | Yes |
| Send True Client IP Header | Yes |
| True Client IP Header Name | True-Client-IP |
| Verification Settings | Choose Your Own |
| Use SNI TLS Extension | Yes |
| Match CN/SAN to | `{{Origin Hostname}}, {{Forward Host Header}}` |
| Trust | - If using Traceable Hosted Platform Agent, use Akamai-managed Certificate Authorities Set - If running TPA on your own infrastructure with custom or self-signed certificates, use Custom Certificate Authority Set and upload your rootCA.crt. |
| HTTP Port | 80 |
| HTTPS_PORT | 443 |
| Minimum TLS version | Akamai Supported |

![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_akamai_edgeworker_origin_connectivity_rule_behavior.png)

---

### Step 4 — Add EdgeWorker Invoke Rule

The EdgeWorker Invoke Rule specifies when the EdgeWorker should be triggered based on path patterns and exclusions for specific file types.

1. **Navigate to Property Configuration Settings**
  - In **Property Manager**, select **Property Configuration Settings**.
2. **Create a New Rule**
  - Click **+ Rules** and select **Blank Rule Template**.
  - Provide a rule name, such as `Invoke Traceable EdgeWorker`.
3. **Define Criteria for Invoking EdgeWorker**
  - **Criteria**:
    - Set **Path** to **Matches one of** and add `/*` to capture all traffic.
    - Optionally, to narrow the scope, you can use patterns like `/api/*` to capture API traffic only.
  - **Exclude Static Assets**:
    - Add a condition to exclude static assets by setting:
      - **File Extension** to **Is not one of** with the following list:

```plaintext
avi, flv, mka, mkv, mov, mp4, mpeg, mpg, mp3, flac, ogg, ogm, opus, wav, webm, webp,
bmp, gif, ico, jpeg, jpg, png, svg, svgz, swf, eot, otf, ttf, woff, woff2, css, less, js
```
4. **Select EdgeWorker Behavior**
  - For **Behaviors**, select **EdgeWorkers**.
  - Ensure **Enable** is selected and choose the EdgeWorker created in Step 1.
5. **Deploy the New Property Version**
  - After setting the rule, deploy the new property version.
  - Activate it in **Staging** or **Production**, depending on the deployment stage.
6. **Verify Data Collection**
  - Once activated, wait up to 15 minutes for the configuration to go live.
  - Send some traffic and confirm that traces appear in the Traceable platform.

![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_akamai_edgeworker_invoke_behavior.png)