Configure Classic Schema Validation
Use the API Shield interface to configure API Schema Validation, which validates requests according to the API schema you provide.
Before you can configure Schema Validation for an API, you must obtain an API Schema file matching our specifications.
If you are in the Schema Validation 2.0 beta, you can make changes to your settings but you cannot add any new Classic Schema Validation schemas.
Create an API Shield with Schema Validation
To configure Schema Validation in the Cloudflare dashboard:
Log in to the Cloudflare dashboard and select your account and domain.
Select Security > API Shield.
Go to Schema Validation and select Add schema.
Enter a descriptive name for your policy and optionally edit the expression to trigger Schema Validation.
For example, if your API is available at
http://api.example.com/v1, include a check for the Hostname field — equal toapi.example.com— and a check for the URI Path field using a regular expression — matching the regex^/v1.Select Next.
Upload your schema file.
Select Save to validate the content of the schema file and deploy the Schema Validation rule.
If you get a validation error, ensure that you are using one of the supported file formats and that each endpoint and method pair has a unique operation ID.
After deploying your API Shield rule, Cloudflare displays a summary of all API endpoints organized by their protection level and actions that will occur for non-compliant and unprotected requests.
- In the Endpoint action dropdown, select an action for every request that targets a protected endpoint and fails Schema Validation.
- In the Fallthrough action dropdown, select an action for every request that targets an unprotected endpoint.
- Optionally, you can save the endpoints to Endpoint Management at the same time the Schema is saved by selecting Save new endpoints to endpoint management. Endpoints will be saved regardless of whether the Schema is saved as a draft or published live.
- Select Done.