Cloudflare Docs
Visit API Shield on GitHub
Set theme to dark (⇧+D)

Cloudflare API Shield

Cloudflare offers a range of products to help identify and address API vulnerabilities.

Why care about API security?

APIs have become the backbone of popular web services, helping the Internet become more accessible and useful.

As APIs have become more prevalent, however, so have their problems:

  • Many companies have thousands of APIs, including ones they do not even know about.
  • To support a large base of users, many APIs are protected by a negative security model that makes them vulnerable to credential-stuffing attacks and automated scanning tools.
  • With so many endpoints and users, it’s difficult to recognize brute-force attacks against specific endpoints.
  • Sophisticated attacks are even harder to recognize, often because even development teams are unaware of common and uncommon usage patterns.


Cloudflare offers the following features to help secure your APIs:


Cloudflare API Security products are available to Enterprise customers only, though anyone can set up Mutual TLS with a Cloudflare-managed certificate authority.

Additionally, API Discovery and Volumetric Abuse Detection are generally available. If you are interested in using these products, contact your account team.

Sequential Abuse Detection is currently enabled by request. If you are interested in using this products, contact your account team.