Read about the central API management and analytics in API Gateway READ
Cloudflare API Gateway
Keeping APIs secure and productive
At Cloudflare, we know APIs make the world go around. That is why we make our massive global network your API gateway. With API discovery, integrated API management and analytics, and layered API defenses, Cloudflare ensures APIs drive business success like never before.
58% of Cloudflare traffic is API-related
Cloudflare allows IT Security leaders to protect their public APIs - XML, RESTful and GraphQL - while enabling innovation. Your customer and partner trust is at stake, after all.
Shadow APIs create security blindspots
APIs are the fastest growing data type, growing more than twice as fast as web traffic. Cloudflare enables IT and Security leaders to gain visibility over their public APIs, schemas and performance metrics.
Authentication, data loss and abuse concerns
Once discovered, Cloudflare protects your APIs from abuse, vulnerability exploits, authentication loopholes and data leakage. Cloudflare now blocks more API traffic than web traffic.
API Gateway: Security
Protect and secure your APIs:
- API discovery: automatically discover your API endpoints and their schemas through simple heuristics and machine learning models.
- OWASP Top 10 security: block OWASP API Top 10 attacks including authentication, data loss, abuse, DDoS and brute-force attacks.
- Mutual TLS: authenticate and validate API traffic with mTLS certificates for mobile and IoT APIs, and JSON web tokens (JWT) to block requests from illegitimate clients.
- Positive API security: protect APIs by only accepting traffic that conforms to your OpenAPI schemas. Block malformed requests and HTTP anomalies.
- API abuse detection: stop volumetric and sequential API abuse of XML, RESTful and GraphQL APIs through simple heuristics and advanced anomaly detection.
- Sensitive data detection: prevent data leaks by continuously scanning response payloads for sensitive data.
API Gateway: Management
Maintain high performing APIs with powerful monitoring and management:
- Developer portal and management: single view for up to date API inventory, interactive API documentation and security controls. Host the documentation on your domain with Cloudflare Pages.
- API routing: will append headers or cookies or reroute to the right backend resource
- API analytics: will closely track API performance and identify your most popular and business critical API sequences
API Gateway protects organizations against the risks in the OWASP Foundation's API Security Top 10 security list.
- Broken Object Level Authorization
- Broken Authentication
- Broken Object Property Level Authorization
- Unrestricted Resource Consumption
- Broken Function Level Authorization
- Unrestricted Access to Sensitive Business Flows
- Server Side Request Forgery
- Security Misconfiguration
- Improper Inventory Management
- Unsafe Consumption of APIs
Protections for OWASP API Top 10
Learn more about API Gateway
World-class application security from Cloudflare
The Cloudflare web application firewall (WAF) is the cornerstone of our advanced application security portfolio that keeps applications and APIs secure and productive, thwarts DDoS attacks, keeps bots at bay, detects anomalies and malicious payloads, all while monitoring for browser supply chain attacks.
Gartner® named Cloudflare a “Leader” in Web Application and API Protection
Cloudflare has been recognized as a Leader in the 2022 "Gartner Magic Quadrant for WAAP" report. We believe this recognition validates that we protect against emerging threats faster, offer tighter integration of security capabilities, and deliver powerful ease of use and deployment.