Cloudflare Docs
API Shield
Visit API Shield on GitHub
Set theme to dark (⇧+D)

Security

Cloudflare offers the following features to help secure your APIs:

​​ Example Cloudflare solutions

Cloudflare’s API Shield — together with other compatible Cloudflare products — helps protect your API from the issues detailed in the OWASP® API Security Top 10.

The following table provides examples of how you might match Cloudflare products to OWASP vulnerabilities:

OWASP issue Example Cloudflare solution
Broken Object Level Authorization Sequence Mitigation, Schema Validation, JWT Validation, Rate Limiting
Broken Authentication mTLS, JWT Validation, Leaked Credential Checks, Bot Management
Broken Object Property Level Authorization Schema Validation, JWT Validation
Unrestricted Resource Consumption Rate Limiting, Sequence Mitigation, Bot Management, GraphQL Query Protection
Broken Function Level Authorization Schema Validation, JWT Validation
Unrestricted Access to Sensitive Business Flows Sequence Mitigation, Bot Management, GraphQL Query Protection
Server Side Request Forgery Schema Validation, WAF Managed Rules, WAF Custom Rules
Security Misconfiguration Sequence Mitigation, Schema Validation, WAF Managed Rules, GraphQL Query Protection
Improper Inventory Management Discovery, Schema Learning
Unsafe Consumption of APIs JWT Validation, WAF Managed Rules