Cloudflare API Shield makes it easy to secure APIs with strong client-certificate-based encryption. Support includes gRPCOpen external link-based APIs, which use binary formats such as protocol buffers rather than JSON.
Implementing a positive security model for APIs is the most direct way to eliminate credential stuffing attacks and deny access to automated scanning tools. The first step towards a positive model is deploying strong authentication such as mutual TLS (mTLS) authentication, which is not vulnerable to password reuse or sharing.
Mutual TLS authentication uses client certificates to ensure that traffic between client and server is bidirectionally secure and trusted. It also allows requests that do not authenticate via an identity provider, such as Internet-of-things (IoT) devices, to demonstrate they can reach a given resource.