Overview
Identify and address your API vulnerabilities.
APIs have become the backbone of popular web services ↗, helping the Internet become more accessible and useful.
As APIs have become more prevalent, however, so have their problems:
- Many companies have thousands of APIs, including ones they do not even know about.
- To support a large base of users, many APIs are protected by a negative security model that makes them vulnerable to credential-stuffing attacks and automated scanning tools.
- With so many endpoints and users, it’s difficult to recognize brute-force attacks against specific endpoints.
- Sophisticated attacks are even harder to recognize, often because even development teams are unaware of common and uncommon usage patterns.
Refer to the Get started guide to set up API Shield.
Security features
Secure your APIs using API Shield’s security features.
Management, monitoring, and more
A package of features that will do everything for your APIs.
Cloudflare API Security products are available to Enterprise customers only, though anyone can set up Mutual TLS with a Cloudflare-managed certificate authority.
The full API Shield security suite is available as an Enterprise-only paid add-on, but all customers can access Endpoint Management and Schema Validation functionalities.
Cloudflare DDoS protection secures websites, applications, and entire networks while ensuring the performance of legitimate traffic is not compromised.