Security
Cloudflare offers the following features to help secure your APIs:
- API Discovery
- Volumetric Abuse Detection
- Sequential Abuse Detection (Beta)
- Mutual TLS (mTLS)
- Schema Validation
Example Cloudflare solutions
Cloudflare’s API Shield — together with other compatible Cloudflare products — helps protect your API from the issues detailed in the OWASP® API Security Top 10.
The following table provides examples of how you might match Cloudflare products to OWASP vulnerabilities:
| OWASP issue | Example Cloudflare solution |
|---|---|
| Broken Object Level Authorization | Schema Validation |
| Broken User Authentication | mTLS , Anomaly Detection , Rate Limiting , Leaked Credential Checks |
| Excessive Data Exposure | Schema Validation , Sensitive Data Detection (Beta) |
| Lack of Resources & Rate Limiting | Anomaly Detection , Rate Limiting , DDoS Protection |
| Broken Function Level Authorization | Schema Validation |
| Mass Assignment | Schema Validation , Anomaly Detection , Rate Limiting |
| Security Misconfiguration | Schema Validation , Sensitive Data Detection (Beta) |
| Injection | Schema Validation , WAF Rulesets |
| Improper Assets Management | Discovery |
| Insufficient Logging & Monitoring | Discovery SIEM integration |