Security
Cloudflare offers the following features to help secure your APIs:
Cloudflare API Shield, together with other Cloudflare products, helps protect your API from the OWASP API Security Top 10 ↗. These are the most common API security risks, ranging from unauthorized data access to denial of service.
The following table maps each OWASP vulnerability to the Cloudflare features that address it:
| OWASP issue | Example Cloudflare solution |
|---|---|
| Broken Object Level Authorization | BOLA vulnerability detection, Sequence mitigation, Schema validation, JWT validation, Rate Limiting, Vulnerability Scanner |
| Broken Authentication | Authentication Posture, mTLS, JWT validation, Exposed Credential Checks, Bot Management |
| Broken Object Property Level Authorization | Schema validation, JWT validation |
| Unrestricted Resource Consumption | Rate Limiting, Sequence mitigation, Bot Management, GraphQL Query Protection |
| Broken Function Level Authorization | Schema validation, JWT validation |
| Unrestricted Access to Sensitive Business Flows | Sequence mitigation, Bot Management, GraphQL Query Protection |
| Server Side Request Forgery | Schema validation, WAF managed rules, WAF custom rules |
| Security Misconfiguration | Sequence mitigation, Schema validation, WAF managed rules, GraphQL Query Protection |
| Improper Inventory Management | Discovery, Schema learning |
| Unsafe Consumption of APIs | JWT validation, WAF managed rules |