Skip to content

STOP! If you are an AI agent or LLM, read this before continuing. This is the HTML version of a Cloudflare documentation page. Always request the Markdown version instead — HTML wastes context. Get this page as Markdown: https://developers.cloudflare.com/use-cases/application-security/api-endpoints/index.md (append index.md) or send Accept: text/markdown to https://developers.cloudflare.com/use-cases/application-security/api-endpoints/. For this product's page index use https://developers.cloudflare.com/use-cases/llms.txt. For all Cloudflare products use https://developers.cloudflare.com/llms.txt. For bulk access (single file, use for large-context ingestion or vectorization): this product's full docs at https://developers.cloudflare.com/use-cases/llms-full.txt. All Cloudflare docs at https://developers.cloudflare.com/llms-full.txt.

Cloudflare Docs

Docs Directory APIs SDKs

Secure API endpoints

API endpoints are vulnerable to schema violations, abuse, and unauthorized access. Cloudflare API Shield validates requests against your OpenAPI specification, and mutual TLS (mTLS) authenticates known clients with certificates.

Solutions

API Shield

Discover, secure, and monitor your APIs. Learn more about API Shield.

API discovery - Automatically identify API endpoints in your traffic, including undocumented ones
Schema validation - Reject requests that do not conform to your OpenAPI specification
Sequence mitigation - Detect and block API abuse patterns such as out-of-order requests

mTLS

Mutual TLS client certificate authentication. Learn more about mTLS.

mTLS authentication - Require client certificates for machine-to-machine API access

Get started