Read about the central API management and analytics in API Gateway READ
Cloudflare API Gateway
Keeping APIs secure and productive
At Cloudflare, we know APIs make the world go around. That is why we make our massive global network your API gateway. With API discovery, integrated API management and analytics, and layered API defenses, Cloudflare ensures APIs drive business success like never before.
API Gateway: Security
Protect and secure your APIs:
- API discovery: automatically discover your API endpoints and their schemas through simple heuristics and machine learning models.
- OWASP Top 10 security: block OWASP API Top 10 attacks including authentication, data loss, abuse, DDoS and brute-force attacks.
- Mutual TLS: authenticate and validate API traffic with mTLS certificates for mobile and IoT APIs, and JSON web tokens (JWT) to block requests from illegitimate clients.
- Positive API security: protect APIs by only accepting traffic that conforms to your OpenAPI schemas. Block malformed requests and HTTP anomalies.
- API abuse detection: stop volumetric and sequential API abuse of XML, RESTful and GraphQL APIs through simple heuristics and advanced anomaly detection.
- Sensitive data detection: prevent data leaks by continuously scanning response payloads for sensitive data.
API Gateway: Management
Maintain high performing APIs with powerful monitoring and management:
- Developer portal and management: single view for up to date API inventory, interactive API documentation and security controls. Host the documentation on your domain with Cloudflare Pages.
- API routing: will append headers or cookies or reroute to the right backend resource
- API analytics: will closely track API performance and identify your most popular and business critical API sequences
Protections for OWASP API Top 10
Learn more about API Gateway
API Gateway data sheet
Learn more about Cloudflare API Gateway innovation to keep APIs safe and productive.
Keeping APIs secure and productive
As APIs become ever more important, so does keeping them secure and productive. This paper examines key API attacks - and the security needed to protect APIs against them.
API Security webinar with Forrester
Cloudflare and Forrester discuss key API security trends and risks while exploring how to strengthen API security postures to keep APIs secure and productive.
World-class application security from Cloudflare
The Cloudflare web application firewall (WAF) is the cornerstone of our advanced application security portfolio that keeps applications and APIs secure and productive, thwarts DDoS attacks, keeps bots at bay, detects anomalies and malicious payloads, all while monitoring for browser supply chain attacks.
Gartner® named Cloudflare a “Leader” in Web Application and API Protection
Cloudflare has been recognized as a Leader in the 2022 "Gartner Magic Quadrant for WAAP" report. We believe this recognition validates that we protect against emerging threats faster, offer tighter integration of security capabilities, and deliver powerful ease of use and deployment.