Skip to content
Cloudflare Docs
DirectoryAPISDKsChangelog

Get started

You do not need to complete a fixed setup flow before discovered operations can be used for protection. Use this page to choose the capability that matches your task.

Review operations

Review operations to understand the parts of your application that receive traffic, such as login, sign-up, checkout, upload, and AI-powered flows.

Discovered operations can be used for matching and downstream security detections before you manually refine them. For more information, refer to Manage operations.

Add or refine operations

Add an operation when traffic you want to protect does not appear, or when you want to define the operation structure yourself.

Refine an operation when the current grouping does not match how the traffic should be grouped or protected. For example, you may want a separate operation for a login flow, password reset flow, or payment flow.

For more information, refer to Manage operations.

Review labeled operations

Labels describe what an operation does. Detections can use labels to focus on traffic for a specific use case.

Refine labels when the current label set does not describe the operation correctly. For example, add cf-llm to operations that receive Large Language Model (LLM) prompts so AI Security for Apps can scan incoming prompts for threats such as prompt injection.

For more information, refer to Label operations.

Review traffic matched to operations

Use Security Analytics to review traffic matched to individual operations or labels.

Go to Analytics

For individual operations, use the operation ID or operation details to review matched traffic and logs. For labeled traffic, filter by managed labels such as cf-llm or cf-log-in.

Certain metrics, such as latency, may not populate when a request is handled by Cloudflare Workers or a product built on Workers, such as Waiting Room. You can also export operation and label fields through Logpush or query them through the GraphQL Analytics API. For more information, refer to Use labels in analytics and logs.

Use learned schemas

Schema learning observes live API traffic to discover the parameters, headers, and body formats your operations accept. You can export learned schemas in OpenAPI v3.0.0 format.

If you already maintain OpenAPI schemas, you can upload them to create operations and use them with API Shield Schema Validation.

For more information, refer to schema learning.

Define security protections

After traffic is matched to the relevant operation, define relevant security rules to act on that traffic.

For example, AI Security for Apps scans requests to operations labeled with cf-llm. You can then create rules that log or block requests with unsafe LLM prompt signals.

For more information, refer to Define security protections.

Review risks

Web Assets can show risks on operations that may need attention. A corresponding Security Center Insight may also be raised.

For the current risk reference, refer to API endpoint risks.