Skip to content
API Security
Visit API Security on GitHub
Set theme to dark (⇧+D)

Volumetric Abuse Detection

Cloudflare Volumetric Abuse Detection helps you set up a system of adaptive rate limiting.


After API Discovery, Cloudflare looks for endpoint abuse based on common user traffic.

For example, your API might see different levels of traffic to a /reset-password endpoint than a /login endpoint. Additionally, your /login endpoint might see higher than average traffic after a successful marketing campaign.

These two scenarios speak to the limitations of traditional rate limiting. Not only does traffic vary between endpoints, but it also can vary over time for the same endpoint. Volumetric Abuse Detection solves these problems with unsupervised learning to develop separate baselines for each API and better adjust to changes in user behavior.

This process currently requires a session identifier, like an authorization token available as a request header.

For more technical details, see our blog post.