Learn how API Shield will become an API Gateway in 2022 READ

Cloudflare API Shield

Keeping APIs secure and productive

At Cloudflare, we know APIs make the app world go around. That is why we make our massive global network your API security gateway. With API discovery and powerful, layered API defenses, Cloudflare ensures APIs drive business success like never before.

58% of the internet is API-related

Almost 60% of the world's internet traffic is API-related. And APIs are growing at ~40 percent. It is time for such a large, growing attack vector to enjoy dedicated, powerful protections.

APIs are growing fast

API traffic is growing 39% annually, while web traffic is declining, meaning API security challenges are here to stay.

Attackers are targeting APIs

According to Gartner, by 2022 API abuses will be the most-frequent attack vector, resulting in data breaches for enterprise web applications.


OWASP released a new top ten - focused exclusively on API security risks that security approaches must account for:

  1. Broken Object Level Authorization
  2. Broken User Authentication
  3. Excessive Data Exposure
  4. Lack of Resources & Rate Limiting
  5. Broken Function Level Authorization
  6. Mass Assignment
  7. Security Misconfiguration
  8. Injection
  9. Improper Assets Management
  10. Insufficient Logging & Monitoring

Cloudflare API Shield

Cloudflare API Shield keeps APIs secure with API discovery and layered protections:

  • API Discovery: discover and monitor your API endpoint estate.
  • Layer 7 security: prevent abusive attacks like application DDoS and brute-force attempts.
  • Mutual TLS: provide strong authentication for mobile and IoT APIs.
  • Positive API security: protect APIs by automatically enforcing OpenAPI schemas.
  • API abuse protection: stop volumetric API abuse through advanced anomaly detection.
  • Sensitive data detection: prevent data leaks by continuously scanning for sensitive data.

The best DDoS protection

All Cloudflare customers are shielded by 142 Tbps of DDoS protection.

Every server in every one of our 270 network locations runs the full stack of DDoS mitigation services to defend against the largest attacks.

World-class application security from Cloudflare

The Cloudflare web application firewall (WAF) is the cornerstone of our advanced application security portfolio that keeps applications and APIs secure and productive, thwarts DDoS attacks, keeps bots at bay, detects anomalies and malicious payloads, all while monitoring for browser supply chain attacks.

Bot Management

Deliver great customer experiences by protecting against bot attacks that harm web properties.

Web application firewall

Stop application attacks - both known techniques and zero day exploits.

Page Shield

Protect against 3rd party Magecart attacks carried out in visitors' browsers.

Learn more about API Shield

Solution & Product Guides

API Shield data sheet

Learn more about Cloudflare API Shield innovation to keep APIs safe and productive.

Download PDF

Keeping APIs secure and productive

As APIs become ever more important, so does keeping them secure and productive. This paper examines key API attacks - and the security needed to protect APIs against them.

Download PDF

API Security webinar with Forrester

Cloudflare and Forrester discuss key API security trends and risks while exploring how to strengthen API security postures to keep APIs secure and productive.

Watch Video

Cloudflare security leadership

Named a "Customers' Choice" for WAF in the 2021 Gartner Peer Insights report.

Innovation Leader in the Frost & Sullivan Frost Radar™: Global Holistic Web Protection Market Report.

'Leader' in The Forrester Wave for DDoS Mitigation Solutions.