Cloudflare Docs
API Shield
Edit this page on GitHub
Set theme to dark (⇧+D)

Security

Cloudflare offers the following features to help secure your APIs:

​​ Example Cloudflare solutions

Cloudflare’s API Shield — together with other compatible Cloudflare products — helps protect your API from the issues detailed in the OWASP® API Security Top 10.

The following table provides examples of how you might match Cloudflare products to OWASP vulnerabilities:

OWASP issueExample Cloudflare solution
Broken Object Level AuthorizationSequence Mitigation, Schema Validation, JWT Validation, Rate Limiting
Broken AuthenticationmTLS, JWT Validation, Exposed Credential Checks, Bot Management
Broken Object Property Level AuthorizationSchema Validation, JWT Validation
Unrestricted Resource ConsumptionRate Limiting, Sequence Mitigation, Bot Management, GraphQL Query Protection
Broken Function Level AuthorizationSchema Validation, JWT Validation
Unrestricted Access to Sensitive Business FlowsSequence Mitigation, Bot Management, GraphQL Query Protection
Server Side Request ForgerySchema Validation, WAF Managed Rules, WAF Custom Rules
Security MisconfigurationSequence Mitigation, Schema Validation, WAF Managed Rules, GraphQL Query Protection
Improper Inventory ManagementDiscovery, Schema Learning
Unsafe Consumption of APIsJWT Validation, WAF Managed Rules