Endpoint labeling service
API Shield's labeling service will help you organize your endpoints and address vulnerabilities in your API. The labeling service comes with managed and user-defined labels.
Today, managed labels are useful for organizing endpoints by use case. In a future release, managed labels will automatically label endpoints by use case and those with informative or security risks, alerting you on endpoints that need attention.
User-defined labels can also be added to endpoints in API Shield by creating a label and adding it to an individual endpoint or multiple endpoints. User-defined labels will be useful for organizing your endpoints by owner, version, or type.
You can filter your endpoints based on the labels.
cf-log-in
: Add this label to endpoints that accept user credentials. You may have multiple endpoints if you accept username, password, and multi-factor authentication (MFA) across multiple endpoints or requests.
cf-sign-up
: Add this label to endpoints that are the final step in creating user accounts for your site or application.
cf-content
: Add this label to endpoints that provide unique content, such as product details, user reviews, pricing, or other unique information.
cf-purchase
: Add this label to endpoints that are the final step in purchasing goods or services online.
cf-password-reset
: Add this label to endpoints that participate in the user password reset process. This includes initial password reset requests and final password reset submissions.
cf-add-cart
: Add this label to endpoints that add items to a user's shopping cart or verify item availability.
cf-add-payment
: Add this label to endpoints that accept credit card or bank account details where fraudsters may iterate through account numbers to guess valid combinations of payment information.
cf-check-value
: Add this label to endpoints that check the balance of rewards points, in-game currency, or other stored value products that can be earned, transferred, and redeemed for cash or physical goods.
cf-add-post
: Add this label to endpoints that post messages in a communication forum, or product or merchant reviews.
cf-account-update
: Add this label to endpoints that participate in user account or profile updates.
cf-rss-feed
: Add this label to endpoints that expect traffic from RSS clients.
cf-risk-missing-auth
: Automatically added when all successful requests lack a session identifier. Refer to the table below for more information.
cf-risk-mixed-auth
: Automatically added when some successful requests contain a session identifier and some successful requests lack a session identifier. Refer to the table below for more information.
cf-risk-sensitive
: Cloudflare will automatically add this label to endpoints when HTTP responses match the WAF's Sensitive Data Detection ruleset.
Description | 2xx response codes | 4xx, 5xx response codes |
---|---|---|
If all requests are missing authentication, Cloudflare will apply the label: | cf-missing-auth | Without successful responses, no label will be added. |
If only some requests are missing authentication, Cloudflare will apply the label: | cf-mixed-auth | Without successful responses, no label will be added. |
- Log in to the Cloudflare dashboard ↗ and select your account and domain.
- Go to Security > Settings > Labels.
- Under Security labels, select Create label.
- Name the label and add an optional label description.
- Apply the label to your selected endpoints.
- Select Create label.
Alternatively, you can create a user-defined label via Endpoint Management in API Shield.
- Log in to the Cloudflare dashboard ↗ and select your account and domain.
- Go to Security > Settings > Labels.
- Choose the endpoint that you want to label.
- Select Edit labels.
- Under User, select Create user label.
- Enter the label name.
- Select Create.
- Log in to the Cloudflare dashboard ↗ and select your account and domain.
- Go to Security > API Shield > Endpoint Management.
- Choose the endpoint that you want to label.
- Select Edit labels.
- Add the label(s) that you want to use for the endpoint from the list of managed and user-defined labels.
- Select Save labels.
- Log in to the Cloudflare dashboard ↗ and select your account and domain.
- Go to Security > Settings > Labels.
- On the existing label that you want to apply to multiple endpoints, select Bulk apply.
- Choose the endpoints that you want to label by selecting its checkbox.
- Select Save label.
Endpoint Management's labeling service is currently available to Enterprise API Shield subscribers.