Security
Cloudflare offers the following features to help secure your APIs:
- API Discovery
- Volumetric Abuse Detection
- Sequence Analytics
- Sequence Mitigation
- GraphQL malicious query protection
- JSON Web Tokens validation
- Mutual TLS (mTLS)
- Schema Validation
- Authentication Posture
- Broken Object Level Authorization vulnerability detection
Cloudflare's API Shield — together with other compatible Cloudflare products — helps protect your API from the issues detailed in the OWASP® API Security Top 10 ↗.
The following table provides examples of how you might match Cloudflare products to OWASP vulnerabilities:
| OWASP issue | Example Cloudflare solution | 
|---|---|
| Broken Object Level Authorization | Broken Object Level Authorization vulnerability detection, Sequence Mitigation, Schema validation, JWT validation, Rate Limiting | 
| Broken Authentication | Authentication Posture, mTLS, JWT validation, Exposed Credential Checks, Bot Management | 
| Broken Object Property Level Authorization | Schema validation, JWT validation | 
| Unrestricted Resource Consumption | Rate Limiting, Sequence Mitigation, Bot Management, GraphQL Query Protection | 
| Broken Function Level Authorization | Schema validation, JWT validation | 
| Unrestricted Access to Sensitive Business Flows | Sequence Mitigation, Bot Management, GraphQL Query Protection | 
| Server Side Request Forgery | Schema validation, WAF managed rules, WAF custom rules | 
| Security Misconfiguration | Sequence Mitigation, Schema validation, WAF managed rules, GraphQL Query Protection | 
| Improper Inventory Management | Discovery, Schema Learning | 
| Unsafe Consumption of APIs | JWT validation, WAF managed rules | 
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark