API-Security

At Cloudflare, we protect customer APIs from abuse. This is no easy task, as abusive traffic can take different forms, from giant DDoS attacks to low-and-slow credential stuffing campaigns. We now address this challenge in a new way: by looking outside typical volumetric measures and using statistical machine learning to find important API client request sequences.

Cloudflare customers can now protect their APIs from broken authentication attacks by validating incoming JSON Web Tokens (JWTs) with API Gateway

Today, we’re releasing our 2024 API Security and Management Report. This blog introduces and is a supplement to the API Security and Management Report for 2024 where we detail exactly how we’re protecting our customers, and what it means for the future of API security

API shield customers can now upload their own CA to use for client certificate validation. This ensures that only authorized clients and devices can make requests to your API endpoint or application.

Starting today, Cloudflare’s API Gateway can protect GraphQL APIs against malicious requests that may cause a denial of service to the origin

Earn best practices for securing generative AI applications based on Cloudflare's experience protecting some of the largest AI applications in the world