Security
Cloudflare offers the following features to help secure your APIs:
| Discovery & management | Posture management | Runtime protection |
|---|---|---|
| API Discovery | Volumetric Abuse Detection | Schema validation |
| Schema learning | Authentication Posture | JWT validation |
| Sequence Analytics | BOLA vulnerability detection | Sequence mitigation |
| Risk labels | Mutual TLS (mTLS) | |
| GraphQL query protection |
Cloudflare's API Shield — together with other compatible Cloudflare products — helps protect your API from the issues detailed in the OWASP® API Security Top 10 ↗.
The following table provides examples of how you might match Cloudflare products to OWASP vulnerabilities:
| OWASP issue | Example Cloudflare solution |
|---|---|
| Broken Object Level Authorization | BOLA vulnerability detection, Sequence mitigation, Schema validation, JWT validation, Rate Limiting |
| Broken Authentication | Authentication Posture, mTLS, JWT validation, Exposed Credential Checks, Bot Management |
| Broken Object Property Level Authorization | Schema validation, JWT validation |
| Unrestricted Resource Consumption | Rate Limiting, Sequence mitigation, Bot Management, GraphQL Query Protection |
| Broken Function Level Authorization | Schema validation, JWT validation |
| Unrestricted Access to Sensitive Business Flows | Sequence mitigation, Bot Management, GraphQL Query Protection |
| Server Side Request Forgery | Schema validation, WAF managed rules, WAF custom rules |
| Security Misconfiguration | Sequence mitigation, Schema validation, WAF managed rules, GraphQL Query Protection |
| Improper Inventory Management | Discovery, Schema learning |
| Unsafe Consumption of APIs | JWT validation, WAF managed rules |