---
title: Update a WAF Policy
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > API Reference > Application Security
---

> For the complete documentation index, see [llms.txt](https://docs.datadoghq.com/llms.txt).

# Update a WAF Policy{% #update-a-waf-policy %}
Copy pageCopied
{% tab title="v2" %}

| Datadog site      | API endpoint                                                                                 |
| ----------------- | -------------------------------------------------------------------------------------------- |
| ap1.datadoghq.com | PUT https://api.ap1.datadoghq.com/api/v2/remote_config/products/asm/waf/policies/{policy_id} |
| ap2.datadoghq.com | PUT https://api.ap2.datadoghq.com/api/v2/remote_config/products/asm/waf/policies/{policy_id} |
| app.datadoghq.eu  | PUT https://api.datadoghq.eu/api/v2/remote_config/products/asm/waf/policies/{policy_id}      |
| app.ddog-gov.com  | PUT https://api.ddog-gov.com/api/v2/remote_config/products/asm/waf/policies/{policy_id}      |
| us2.ddog-gov.com  | PUT https://api.us2.ddog-gov.com/api/v2/remote_config/products/asm/waf/policies/{policy_id}  |
| uk1.datadoghq.com | PUT https://api.uk1.datadoghq.com/api/v2/remote_config/products/asm/waf/policies/{policy_id} |
| app.datadoghq.com | PUT https://api.datadoghq.com/api/v2/remote_config/products/asm/waf/policies/{policy_id}     |
| us3.datadoghq.com | PUT https://api.us3.datadoghq.com/api/v2/remote_config/products/asm/waf/policies/{policy_id} |
| us5.datadoghq.com | PUT https://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/policies/{policy_id} |

### Overview

Update a specific WAF policy. Returns the policy object when the request is successful.

### Arguments

#### Path Parameters

| Name                        | Type   | Description           |
| --------------------------- | ------ | --------------------- |
| policy_id [*required*] | string | The ID of the policy. |

### Request

#### Body Data (required)

New WAF policy.

{% tab title="Model" %}

| Parent field | Field                               | Type     | Description                                                                                                                      |
| ------------ | ----------------------------------- | -------- | -------------------------------------------------------------------------------------------------------------------------------- |
|              | data [*required*]              | object   | Object for a single WAF policy.                                                                                                  |
| data         | attributes [*required*]        | object   | Update a WAF policy.                                                                                                             |
| attributes   | description [*required*]       | string   | Description of the WAF policy.                                                                                                   |
| attributes   | isDefault [*required*]         | boolean  | Make this policy the default policy. The default policy is applied to every service not specifically assigned to another policy. |
| attributes   | name [*required*]              | string   | The name of the WAF policy.                                                                                                      |
| attributes   | protectionPresets [*required*] | [string] | Presets enabled on this policy.                                                                                                  |
| attributes   | rules [*required*]             | [object] | Rule overrides applied by the policy.                                                                                            |
| rules        | blocking [*required*]          | boolean  | When blocking is enabled, the rule will block the traffic matched by this rule.                                                  |
| rules        | enabled [*required*]           | boolean  | When false, this rule will not match any traffic.                                                                                |
| rules        | extended_data_collection            | boolean  | When true, collects additional data from the WAF for this rule.                                                                  |
| rules        | id [*required*]                | string   | Override the parameters for this WAF rule identifier.                                                                            |
| attributes   | rulesets                            | [object] | **DEPRECATED**: Deprecated: Ruleset overrides. Use `protectionPresets` instead.                                                  |
| rulesets     | blocking [*required*]          | boolean  | When blocking is enabled, the ruleset will block the traffic it matches.                                                         |
| rulesets     | enabled [*required*]           | boolean  | When false, this ruleset will not match any traffic.                                                                             |
| rulesets     | id [*required*]                | string   | The identifier of the ruleset to override.                                                                                       |
| attributes   | scope [*required*]             | [object] | The scope of the WAF policy.                                                                                                     |
| scope        | env [*required*]               | string   | The environment scope for the WAF policy.                                                                                        |
| scope        | service [*required*]           | string   | The service scope for the WAF policy.                                                                                            |
| attributes   | version [*required*]           | int64    | Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.                                    |
| data         | type [*required*]              | enum     | The type of the resource. The value should always be `policy`. Allowed enum values: `policy`                                     |

{% /tab %}

{% tab title="Example" %}

```json
{
  "data": {
    "attributes": {
      "description": "Policy applied to internal web applications.",
      "isDefault": false,
      "name": "Internal Network Policy",
      "protectionPresets": [
        "attack-tools"
      ],
      "rules": [
        {
          "blocking": false,
          "enabled": true,
          "extended_data_collection": false,
          "id": "rasp-001-002"
        }
      ],
      "rulesets": [
        {
          "blocking": false,
          "enabled": true,
          "id": "attack_tool"
        }
      ],
      "scope": [
        {
          "env": "prod",
          "service": "billing-service"
        }
      ],
      "version": 0
    },
    "type": "policy"
  }
}
```

{% /tab %}

### Response

{% tab title="200" %}
OK
{% tab title="Model" %}
Response object that includes a single WAF policy.

| Parent field | Field                         | Type      | Description                                                                                                                      |
| ------------ | ----------------------------- | --------- | -------------------------------------------------------------------------------------------------------------------------------- |
|              | data                          | object    | Object for a single WAF policy.                                                                                                  |
| data         | attributes                    | object    | A WAF policy.                                                                                                                    |
| attributes   | description [*required*] | string    | Description of the WAF policy.                                                                                                   |
| attributes   | isDefault                     | boolean   | Make this policy the default policy. The default policy is applied to every service not specifically assigned to another policy. |
| attributes   | name [*required*]        | string    | The name of the WAF policy.                                                                                                      |
| attributes   | protectionPresets             | [string]  | Presets enabled on this policy.                                                                                                  |
| attributes   | rules                         | [object]  | Rule overrides applied by the policy.                                                                                            |
| rules        | blocking [*required*]    | boolean   | When blocking is enabled, the rule will block the traffic matched by this rule.                                                  |
| rules        | enabled [*required*]     | boolean   | When false, this rule will not match any traffic.                                                                                |
| rules        | extended_data_collection      | boolean   | When true, collects additional data from the WAF for this rule.                                                                  |
| rules        | id [*required*]          | string    | Override the parameters for this WAF rule identifier.                                                                            |
| attributes   | rulesets                      | [object]  | **DEPRECATED**: Deprecated: Ruleset overrides. Use `protectionPresets` instead.                                                  |
| rulesets     | blocking [*required*]    | boolean   | When blocking is enabled, the ruleset will block the traffic it matches.                                                         |
| rulesets     | enabled [*required*]     | boolean   | When false, this ruleset will not match any traffic.                                                                             |
| rulesets     | id [*required*]          | string    | The identifier of the ruleset to override.                                                                                       |
| attributes   | scope                         | [object]  | The scope of the WAF policy.                                                                                                     |
| scope        | env [*required*]         | string    | The environment scope for the WAF policy.                                                                                        |
| scope        | service [*required*]     | string    | The service scope for the WAF policy.                                                                                            |
| attributes   | version                       | int64     | Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.                                    |
| data         | id                            | string    | The ID of the policy.                                                                                                            |
| data         | meta                          | object    | Metadata associated with the WAF policy.                                                                                         |
| meta         | added_at                      | date-time | The date and time the WAF policy was created.                                                                                    |
| meta         | added_by                      | string    | The handle of the user who created the WAF policy.                                                                               |
| meta         | added_by_name                 | string    | The name of the user who created the WAF policy.                                                                                 |
| meta         | modified_at                   | date-time | The date and time the WAF policy was last updated.                                                                               |
| meta         | modified_by                   | string    | The handle of the user who last updated the WAF policy.                                                                          |
| meta         | modified_by_name              | string    | The name of the user who last updated the WAF policy.                                                                            |
| data         | type                          | enum      | The type of the resource. The value should always be `policy`. Allowed enum values: `policy`                                     |

{% /tab %}

{% tab title="Example" %}

```json
{
  "data": {
    "attributes": {
      "description": "Policy applied to internal web applications.",
      "isDefault": false,
      "name": "Internal Network Policy",
      "protectionPresets": [
        "attack-tools"
      ],
      "rules": [
        {
          "blocking": false,
          "enabled": true,
          "extended_data_collection": false,
          "id": "rasp-001-002"
        }
      ],
      "rulesets": [
        {
          "blocking": false,
          "enabled": true,
          "id": "attack_tool"
        }
      ],
      "scope": [
        {
          "env": "prod",
          "service": "billing-service"
        }
      ],
      "version": 0
    },
    "id": "2857c47d-1e3a-4300-8b2f-dc24089c084b",
    "meta": {
      "added_at": "2021-01-01T00:00:00Z",
      "added_by": "john.doe@datadoghq.com",
      "added_by_name": "John Doe",
      "modified_at": "2021-01-01T00:00:00Z",
      "modified_by": "john.doe@datadoghq.com",
      "modified_by_name": "John Doe"
    },
    "type": "policy"
  }
}
```

{% /tab %}

{% /tab %}

{% tab title="400" %}
Bad Request
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

{% tab title="403" %}
Not Authorized
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

{% tab title="404" %}
Not Found
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

{% tab title="409" %}
Concurrent Modification
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

{% tab title="429" %}
Too many requests
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

### Code Example

##### 
                  \## default
# 
 \# Path parameters export policy_id="recommended" \# Curl command curl -X PUT "https://api.datadoghq.com/api/v2/remote_config/products/asm/waf/policies/${policy_id}" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "description": "Policy applied to internal web applications.",
      "isDefault": false,
      "name": "Internal Network Policy",
      "protectionPresets": [
        "attack-tools"
      ],
      "rules": [
        {
          "blocking": false,
          "enabled": true,
          "id": "rasp-001-002"
        }
      ],
      "scope": [
        {
          "env": "prod",
          "service": "billing-service"
        }
      ],
      "version": 0
    },
    "type": "policy"
  }
}
EOF 
                
##### 

```python
"""
Update a WAF Policy returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.application_security_api import ApplicationSecurityApi
from datadog_api_client.v2.model.application_security_policy_rule_override import ApplicationSecurityPolicyRuleOverride
from datadog_api_client.v2.model.application_security_policy_ruleset_override import (
    ApplicationSecurityPolicyRulesetOverride,
)
from datadog_api_client.v2.model.application_security_policy_scope import ApplicationSecurityPolicyScope
from datadog_api_client.v2.model.application_security_policy_type import ApplicationSecurityPolicyType
from datadog_api_client.v2.model.application_security_policy_update_attributes import (
    ApplicationSecurityPolicyUpdateAttributes,
)
from datadog_api_client.v2.model.application_security_policy_update_data import ApplicationSecurityPolicyUpdateData
from datadog_api_client.v2.model.application_security_policy_update_request import (
    ApplicationSecurityPolicyUpdateRequest,
)

body = ApplicationSecurityPolicyUpdateRequest(
    data=ApplicationSecurityPolicyUpdateData(
        attributes=ApplicationSecurityPolicyUpdateAttributes(
            description="Policy applied to internal web applications.",
            is_default=False,
            name="Internal Network Policy",
            protection_presets=[
                "attack-tools",
            ],
            rules=[
                ApplicationSecurityPolicyRuleOverride(
                    blocking=False,
                    enabled=True,
                    extended_data_collection=False,
                    id="rasp-001-002",
                ),
            ],
            rulesets=[
                ApplicationSecurityPolicyRulesetOverride(
                    blocking=False,
                    enabled=True,
                    id="attack_tool",
                ),
            ],
            scope=[
                ApplicationSecurityPolicyScope(
                    env="prod",
                    service="billing-service",
                ),
            ],
            version=0,
        ),
        type=ApplicationSecurityPolicyType.POLICY,
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = ApplicationSecurityApi(api_client)
    response = api_instance.update_application_security_waf_policy(policy_id="policy_id", body=body)

    print(response)
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" python3 "example.py"
##### 

```ruby
# Update a WAF Policy returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::ApplicationSecurityAPI.new

body = DatadogAPIClient::V2::ApplicationSecurityPolicyUpdateRequest.new({
  data: DatadogAPIClient::V2::ApplicationSecurityPolicyUpdateData.new({
    attributes: DatadogAPIClient::V2::ApplicationSecurityPolicyUpdateAttributes.new({
      description: "Policy applied to internal web applications.",
      is_default: false,
      name: "Internal Network Policy",
      protection_presets: [
        "attack-tools",
      ],
      rules: [
        DatadogAPIClient::V2::ApplicationSecurityPolicyRuleOverride.new({
          blocking: false,
          enabled: true,
          extended_data_collection: false,
          id: "rasp-001-002",
        }),
      ],
      rulesets: [
        DatadogAPIClient::V2::ApplicationSecurityPolicyRulesetOverride.new({
          blocking: false,
          enabled: true,
          id: "attack_tool",
        }),
      ],
      scope: [
        DatadogAPIClient::V2::ApplicationSecurityPolicyScope.new({
          env: "prod",
          service: "billing-service",
        }),
      ],
      version: 0,
    }),
    type: DatadogAPIClient::V2::ApplicationSecurityPolicyType::POLICY,
  }),
})
p api_instance.update_application_security_waf_policy("policy_id", body)
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"
##### 

```go
// Update a WAF Policy returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.ApplicationSecurityPolicyUpdateRequest{
		Data: datadogV2.ApplicationSecurityPolicyUpdateData{
			Attributes: datadogV2.ApplicationSecurityPolicyUpdateAttributes{
				Description: "Policy applied to internal web applications.",
				IsDefault:   false,
				Name:        "Internal Network Policy",
				ProtectionPresets: []string{
					"attack-tools",
				},
				Rules: []datadogV2.ApplicationSecurityPolicyRuleOverride{
					{
						Blocking:               false,
						Enabled:                true,
						ExtendedDataCollection: datadog.PtrBool(false),
						Id:                     "rasp-001-002",
					},
				},
				Rulesets: []datadogV2.ApplicationSecurityPolicyRulesetOverride{
					{
						Blocking: false,
						Enabled:  true,
						Id:       "attack_tool",
					},
				},
				Scope: []datadogV2.ApplicationSecurityPolicyScope{
					{
						Env:     "prod",
						Service: "billing-service",
					},
				},
				Version: 0,
			},
			Type: datadogV2.APPLICATIONSECURITYPOLICYTYPE_POLICY,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewApplicationSecurityApi(apiClient)
	resp, r, err := api.UpdateApplicationSecurityWafPolicy(ctx, "policy_id", body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `ApplicationSecurityApi.UpdateApplicationSecurityWafPolicy`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `ApplicationSecurityApi.UpdateApplicationSecurityWafPolicy`:\n%s\n", responseContent)
}
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" go run "main.go"
##### 

```java
// Update a WAF Policy returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.ApplicationSecurityApi;
import com.datadog.api.client.v2.model.ApplicationSecurityPolicyResponse;
import com.datadog.api.client.v2.model.ApplicationSecurityPolicyRuleOverride;
import com.datadog.api.client.v2.model.ApplicationSecurityPolicyRulesetOverride;
import com.datadog.api.client.v2.model.ApplicationSecurityPolicyScope;
import com.datadog.api.client.v2.model.ApplicationSecurityPolicyType;
import com.datadog.api.client.v2.model.ApplicationSecurityPolicyUpdateAttributes;
import com.datadog.api.client.v2.model.ApplicationSecurityPolicyUpdateData;
import com.datadog.api.client.v2.model.ApplicationSecurityPolicyUpdateRequest;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    ApplicationSecurityApi apiInstance = new ApplicationSecurityApi(defaultClient);

    ApplicationSecurityPolicyUpdateRequest body =
        new ApplicationSecurityPolicyUpdateRequest()
            .data(
                new ApplicationSecurityPolicyUpdateData()
                    .attributes(
                        new ApplicationSecurityPolicyUpdateAttributes()
                            .description("Policy applied to internal web applications.")
                            .isDefault(false)
                            .name("Internal Network Policy")
                            .protectionPresets(Collections.singletonList("attack-tools"))
                            .rules(
                                Collections.singletonList(
                                    new ApplicationSecurityPolicyRuleOverride()
                                        .blocking(false)
                                        .enabled(true)
                                        .extendedDataCollection(false)
                                        .id("rasp-001-002")))
                            .rulesets(
                                Collections.singletonList(
                                    new ApplicationSecurityPolicyRulesetOverride()
                                        .blocking(false)
                                        .enabled(true)
                                        .id("attack_tool")))
                            .scope(
                                Collections.singletonList(
                                    new ApplicationSecurityPolicyScope()
                                        .env("prod")
                                        .service("billing-service")))
                            .version(0L))
                    .type(ApplicationSecurityPolicyType.POLICY));

    try {
      ApplicationSecurityPolicyResponse result =
          apiInstance.updateApplicationSecurityWafPolicy("recommended", body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling ApplicationSecurityApi#updateApplicationSecurityWafPolicy");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" java "Example.java"
##### 

```rust
// Update a WAF Policy returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_application_security::ApplicationSecurityAPI;
use datadog_api_client::datadogV2::model::ApplicationSecurityPolicyRuleOverride;
use datadog_api_client::datadogV2::model::ApplicationSecurityPolicyRulesetOverride;
use datadog_api_client::datadogV2::model::ApplicationSecurityPolicyScope;
use datadog_api_client::datadogV2::model::ApplicationSecurityPolicyType;
use datadog_api_client::datadogV2::model::ApplicationSecurityPolicyUpdateAttributes;
use datadog_api_client::datadogV2::model::ApplicationSecurityPolicyUpdateData;
use datadog_api_client::datadogV2::model::ApplicationSecurityPolicyUpdateRequest;

#[tokio::main]
async fn main() {
    let body =
        ApplicationSecurityPolicyUpdateRequest::new(ApplicationSecurityPolicyUpdateData::new(
            ApplicationSecurityPolicyUpdateAttributes::new(
                "Policy applied to internal web applications.".to_string(),
                false,
                "Internal Network Policy".to_string(),
                vec!["attack-tools".to_string()],
                vec![ApplicationSecurityPolicyRuleOverride::new(
                    false,
                    true,
                    "rasp-001-002".to_string(),
                )
                .extended_data_collection(false)],
                vec![ApplicationSecurityPolicyScope::new(
                    "prod".to_string(),
                    "billing-service".to_string(),
                )],
                0,
            )
            .rulesets(vec![ApplicationSecurityPolicyRulesetOverride::new(
                false,
                true,
                "attack_tool".to_string(),
            )]),
            ApplicationSecurityPolicyType::POLICY,
        ));
    let configuration = datadog::Configuration::new();
    let api = ApplicationSecurityAPI::with_config(configuration);
    let resp = api
        .update_application_security_waf_policy("policy_id".to_string(), body)
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" cargo run
##### 

```typescript
/**
 * Update a WAF Policy returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.ApplicationSecurityApi(configuration);

const params: v2.ApplicationSecurityApiUpdateApplicationSecurityWafPolicyRequest =
  {
    body: {
      data: {
        attributes: {
          description: "Policy applied to internal web applications.",
          isDefault: false,
          name: "Internal Network Policy",
          protectionPresets: ["attack-tools"],
          rules: [
            {
              blocking: false,
              enabled: true,
              extendedDataCollection: false,
              id: "rasp-001-002",
            },
          ],
          rulesets: [
            {
              blocking: false,
              enabled: true,
              id: "attack_tool",
            },
          ],
          scope: [
            {
              env: "prod",
              service: "billing-service",
            },
          ],
          version: 0,
        },
        type: "policy",
      },
    },
    policyId: "policy_id",
  };

apiInstance
  .updateApplicationSecurityWafPolicy(params)
  .then((data: v2.ApplicationSecurityPolicyResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"
{% /tab %}
