---
title: Secure API endpoints
description: Protect APIs with schema validation, rate limiting, and authentication.
image: https://developers.cloudflare.com/cf-twitter-card.png
---

[Skip to content](#%5Ftop) 

Was this helpful?

YesNo

[ Edit page ](https://github.com/cloudflare/cloudflare-docs/edit/production/src/content/docs/use-cases/application-security/api-endpoints.mdx) [ Report issue ](https://github.com/cloudflare/cloudflare-docs/issues/new/choose) 

Copy page

# Secure API endpoints

API endpoints are vulnerable to schema violations, abuse, and unauthorized access. Cloudflare API Shield validates requests against your OpenAPI specification, and mutual TLS (mTLS) authenticates known clients with certificates.

## Solutions

### API Shield

Discover, secure, and monitor your APIs. [Learn more about API Shield](https://developers.cloudflare.com/api-shield/).

* **API discovery** \- Automatically identify API endpoints in your traffic, including undocumented ones
* **Schema validation** \- Reject requests that do not conform to your OpenAPI specification
* **Sequence mitigation** \- Detect and block API abuse patterns such as out-of-order requests

### mTLS

Mutual TLS client certificate authentication. [Learn more about mTLS](https://developers.cloudflare.com/ssl/client-certificates/).

* **mTLS authentication** \- Require client certificates for machine-to-machine API access

## Get started

1. [API Shield get started](https://developers.cloudflare.com/api-shield/get-started/)
2. [Set up mTLS](https://developers.cloudflare.com/ssl/client-certificates/)

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/use-cases/","name":"Use cases"}},{"@type":"ListItem","position":3,"item":{"@id":"/use-cases/application-security/","name":"Application security"}},{"@type":"ListItem","position":4,"item":{"@id":"/use-cases/application-security/api-endpoints/","name":"Secure API endpoints"}}]}
```