Cloudflare offers API Shield for free with all plans

API Shield is available for customers with gRPC-based APIs and by request through a closed beta for JSON APIs.

Cloudflare API Shield

Cloudflare seeks to secure API endpoints that are vulnerable to security breaches with its new API Shield feature. Cloudflare developed the tool in response to the dual explosions of API calls from mobile apps and the proliferation of internet of things (IoT) devices. The API Shield will drop uncertified or unexpected API requests in an attempt to protect these devices from criminals who may use them to steal data or infiltrate systems.

By checking requests for credentials and matching requests to a pre-set schema of expected behaviors, API Shield moves endpoint protection from a negative security model to a positive one. Instead of only blocking requests from problematic IP addresses, for example, the tool only allows valid requests from known and certified entities.

Implementing a positive security model for APIs is the most direct way to eliminate the noise of credential stuffing attacks and other automated scanning tools.

Patrick R. Donahue and Daniele Molteni, Introducing API Shield

How API Shield works

API Shield will use a double layer of protection to keep API endpoints safe. It will first require a security certificate of the requester, and then it will check the request matches expected actions for the endpoint.

API Shield requires security certificate

Owners with access to the closed beta can set up their schema of expected JSON actions for each endpoint within the API Shield tool.

Example of how API Shield handles JSON schema protection

API Shield does require some coding investment to set up: developers will need to set up the rule in Cloudflare and embed the certificate on the device or mobile app. Cloudflare provided a full demonstration with sample code in their announcement.

Blocking crimes of opportunity

Criminals who have the time and motivation can exploit endpoints that are left open. These crimes often happen to small and medium-sized businesses that may believe that their data is too small or insignificant to steal. By offering a free tool for security, Cloudflare is boosting the overall security of the internet and connected devices.

Related News

Tamara Scott is a writer and content strategist based in Nashville. With a background in English education, she plans and writes clear, instructive content for marketers and technology users of all skill levels. Follow @t_scottie