NEW

Protect your APIs from broken authentication attacks with JSON Web Token validation Read more

Cloudflare API Gateway

Keeping APIs secure and productive

At Cloudflare, we know APIs make the world go around. That is why we make our massive global network your API gateway. With API discovery, integrated API management and analytics, and layered API defenses, Cloudflare ensures APIs drive business success like never before.

API Gateway: Security

Protect and secure your APIs:

  • API discovery: automatically discover your API endpoints and their schemas through simple heuristics and machine learning models.
  • OWASP Top 10 security: block OWASP API Top 10 attacks including authentication, data loss, abuse, DDoS and brute-force attacks.
  • Mutual TLS: authenticate and validate API traffic with mTLS certificates for mobile and IoT APIs, and JSON web tokens (JWT) to block requests from illegitimate clients.
  • Positive API security: protect APIs by only accepting traffic that conforms to your OpenAPI schemas. Block malformed requests and HTTP anomalies.
  • API abuse detection: stop volumetric and sequential API abuse of XML, RESTful and GraphQL APIs through simple heuristics and advanced anomaly detection.
  • Sensitive data detection: prevent data leaks by continuously scanning response payloads for sensitive data.

API Gateway: Management

Maintain high performing APIs with powerful monitoring and management:

  • Developer portal and management: single view for up to date API inventory, interactive API documentation and security controls. Host the documentation on your domain with Cloudflare Pages.
  • API routing: will append headers or cookies or reroute to the right backend resource
  • API analytics: will closely track API performance and identify your most popular and business critical API sequences

Protections for OWASP API Top 10

Learn more about API Gateway

Solution & Product Guides

API Gateway data sheet

Learn more about Cloudflare API Gateway innovation to keep APIs safe and productive.

Download PDF
Whitepaper

Keeping APIs secure and productive

As APIs become ever more important, so does keeping them secure and productive. This paper examines key API attacks - and the security needed to protect APIs against them.

Download PDF
Webinar

API Security webinar with Forrester

Cloudflare and Forrester discuss key API security trends and risks while exploring how to strengthen API security postures to keep APIs secure and productive.

Watch Video

World-class application security from Cloudflare

The Cloudflare web application firewall (WAF) is the cornerstone of our advanced application security portfolio that keeps applications and APIs secure and productive, thwarts DDoS attacks, keeps bots at bay, detects anomalies and malicious payloads, all while monitoring for browser supply chain attacks.

Gartner® named Cloudflare a Representative Vendor in Web Application and API Protection.

Cloudflare recognized as a Representative Vendor in the Gartner Market Guide for WAAP report. We believe this recognition validates that we protect against emerging threats faster, offer tighter integration of security capabilities, and deliver powerful ease of use and deployment.

Learn moreMarket Guide for WAAP page