getAnpProvisioningStatus — Managing the SiteLock Firewall & CDN activation process
The getAnpProvisioningStatus method provides the current status of the firewall & cdn, allowing you to track the provisioning and configuration status.
This endpoint will provide various states: ready, pending-domain-validation,pending-dns, and pending-retry.
-
For SSL-enabled sites:
-
Partners are requested to automate the update of the user’s DNS with the TXT record returned from the provisioning call (for SSL-enabled sites) to provide a seamless experience to the user. If the partner doesn’t automate the DNS records update, the user can still initiate and monitor the process via the Activation screens on SiteLock’s dashboard, but will need to update their DNS records themselves.
TXT records are rotated every 30 days. If a TXT record is not set within 30 days of the add-on provisioning, a new TXT record will be provided on day 31.
-
Once the user’s DNS has been updated with the TXT resource record, partners should call
getAnpProvisioningStatusto retrieve the provisioning state on the site. This initiates the domain ownership verification process. This non-blocking process can take up to 24 hours to complete as a CA will validate domain ownership. If the state ispending-domain-validationmore then 36 hours, please contact SiteLock Partner Support. -
While the domain ownership verification is pending, the state returned by
getAnpProvisioningStatusremainspending-domain-validation, and the new values for A records and CNAME will be returned. Partners are requested to callgetAnpProvisioningStatusperiodically until the state changes topending-dns. -
When the state returned by
getAnpProvisioningStatusispending-dns, the response will include thedns_new_cnameanddns_new_aelements. If SSL is required for the provisioned site, ensure that bothcert_detectedandcert_installedare returning the value of1before updating the DNS records.
-
-
For SSL-enabled and non-SSL sites:
-
Partners are requested to automate the update of the CNAME alias and A records (returned by the provisioning call for non-SSL sites, and by the
getAnpProvisioningStatuscall for SSL-enabled sites) to provide a seamless experience to the user. If the partner doesn’t automate the DNS records update, the user can still initiate and monitor the process via the Activation screens in the SiteLock Dashboard, but has to update their DNS records themselves. -
Once these records have been updated, SiteLock partners are requested to periodically call
getAnpProvisioningStatusuntil the state changes toready. This non-blocking process can take up to 24 hours to complete. -
Once the state changes to
ready, the user will be able to view Firewall & CDN related data in the SiteLock Dashboard. SiteLock may take up to 24 hours to accumulate data to show in the dashboard.
-
The API endpoint is:
https://api.sitelock.com/v1/partnerRequest format
-
SiteLockOnlineRequest: This element is used to delineate the full API request.
-
authentication: The partner’s username, password, and branding
-
username: The partner’s API username
-
password: The partner’s API password
-
partner: (Optional) The brand name to use in messaging
-
-
getAnpProvisioningStatus: The method name
-
site_id: [attribute] - The ID of the site
-
-
Response format
The following are the various possible responses from getAnpProvisioningStatus.
Example success responses
Awaiting domain ownership verification for SSL sites (pending-domain-validation)
A response with the following elements is returned when the site uses SSL and domain ownership hasn’t yet been verified.
|
Do not update A & CNAME DNS records until the state is |
<SiteLockOnlineResponse>
<getAnpProvisioningStatus>
<dns_info>
<records>
<record>
<domain>example.com</domain>
<status>TXT Record(s) were found - but none match what we are looking for.</status>
<type>TXT</type>
</record>
</records>
<request>
<data>globalsign-domain-verification=VIYIM3EFP0APXADXY9D2MM4NHEXEGJNU2</data>
<type>TXT</type>
</request>
</dns_info>
<dns_new_a>45.60.23.58,45.60.25.58</dns_new_a>
<dns_new_cname>123b45e6.sitelockcdn.net</dns_new_cname>
<dns_ssl_verify>
<dns_record_domain>example.com</dns_record_domain>
<dns_record_type>TXT</dns_record_type>
<dns_record_value>globalsign-domain-verification=VIYIM3EFP0APXADXY9D2MM4NHEXEGJNU2</dns_record_value>
</dns_ssl_verify>
<original_dns>
<orig_a_rec>123.123.123.123,122.122.122.122</orig_a_rec>
</original_dns>
<site_id>123456789</site_id>
<ssl>
<cert_detected>1</cert_detected>
<cert_installed>0</cert_installed>
</ssl>
<state>pending-domain-validation</state>
<traffic_routing>0</traffic_routing>
<waf_dns_manager>customer</waf_dns_manager>
</getAnpProvisioningStatus>
</SiteLockOnlineResponse>Awaiting DNS changes (pending-dns)
A response with the following elements will be returned when the Firewall & CDN is ready for the partner or the site owner to reconfigure DNS settings.
<SiteLockOnlineResponse>
<getAnpProvisioningStatus>
<dns_new_a>107.154.149.145,107.154.153.145</dns_new_a>
<dns_new_cname>123ab23.sitelockcdn.net</dns_new_cname>
<original_dns>
<orig_a_rec>123.123.123.123,122.122.122.122</orig_a_rec>
</original_dns>
<site_id>123456789</site_id>
<ssl>
<cert_detected>1</cert_detected>
<cert_from>network</cert_from>
<cert_installed>1</cert_installed>
<network_ssl_cert_exp_date>2025-05-12</network_ssl_cert_exp_date>
</ssl>
<state>pending-dns</state>
<traffic_routing>0</traffic_routing>
<waf_dns_manager>customer</waf_dns_manager>
</getAnpProvisioningStatus>
</SiteLockOnlineResponse>Pending retry (pending-retry)
The following response is returned when a temporary condition exists that prevented the Firewall & CDN provisioning from completing. This response indicates the provisioning request will be retried until complete or unable to continue.
<SiteLockOnlineResponse>
<getAnpProvisioningStatus>
<site_id>10900</site_id>
<state>pending-retry</state>
</getAnpProvisioningStatus>
</SiteLockOnlineResponse>The following are typical reasons for the automatic pending-retry status:
-
Allowing for DNS propagation time.
-
The user purchased hosting from the partner along with the Firewall & CDN, but hasn’t yet configured their domain/site yet.
-
The user has added the domain to their hosting but hasn’t assigned IP addresses to the domain in the DNS system.
SiteLock will eventually stop retrying if the Firewall & CDN subscription is a free product. Currently, retries cease after 50 attempts, with attempts made 6 hours apart. Provision retries continue on paid Firewall & CDN products until the partner makes a request to deleteAddon.
The following response indicates the Firewall & CDN is fully configured.
<SiteLockOnlineResponse>
<getAnpProvisioningStatus>
<site_id>10900</site_id>
<state>ready</state>
<waf_dns_manager>partner</waf_dns_manager>
</getAnpProvisioningStatus>
</SiteLockOnlineResponse>Example error responses
Some errors require manual intervention. The partner or user should examine the site/domain configuration to determine the specific issue.
<SiteLockOnlineResponse>
<getAnpProvisioningStatus>
<site_id>10900</site_id>
<state>error</state>
</getAnpProvisioningStatus>
</SiteLockOnlineResponse>Data Error: Bad Site
This error indicates the provisioning process couldn’t find any information about the existence of the site (note the code element).
<SiteLockOnlineResponse>
<getAnpProvisioningStatus>
<code>SNF</code>
<message>Site Not Found</message>
<site_id>10900</site_id>
<state>error</state>
</getAnpProvisioningStatus>
</SiteLockOnlineResponse>Data Error: Site with no WAF
This error indicates that a partner API request was made on a site that doesn’t have an active Firewall & CDN addon subscription (note the code element).
<SiteLockOnlineResponse>
<getAnpProvisioningStatus>
<code>ANF</code>
<message>ANP Addon Not Found</message>
<site_id>10900</site_id>
<state>error</state>
</getAnpProvisioningStatus>
</SiteLockOnlineResponse>