Configure Classic Schema Validation
If you are in the Schema Validation 2.0 beta, you can make changes to your settings but you cannot add any new Classic Schema Validation schemas.
Create an API Shield with Schema Validation
To configure Schema Validation in the Cloudflare dashboard:
Select Security > API Shield.
Go to Schema Validation and select Add schema.
Enter a descriptive name for your policy and optionally edit the expression to trigger Schema Validation.
For example, if your API is available at
http://api.example.com/v1, include a check for the Hostname field — equal to
api.example.com— and a check for the URI Path field using a regular expression — matching the regex
Upload your schema file.
Select Save to validate the content of the schema file and deploy the Schema Validation rule.
After deploying your API Shield rule, Cloudflare displays a summary of all API endpoints organized by their protection level and actions that will occur for non-compliant and unprotected requests.
- In the Endpoint action dropdown, select an action for every request that targets a protected endpoint and fails Schema Validation.
- In the Fallthrough action dropdown, select an action for every request that targets an unprotected endpoint.
- Optionally, you can save the endpoints to Endpoint Management at the same time the Schema is saved by selecting Save new endpoints to . Endpoints will be saved regardless of whether the Schema is saved as a draft or published live.
- Select Done.