Cloudflare API Shield

CloudflareSecurity

API-specific security layer — schema validation, mTLS client authentication, rate-limiting per JWT subject, sensitive-data detection in responses, and API discovery / inventory that auto-surfaces unknown endpoints.

FluffyStack tools
Add to Service BuilderAdd to CompareCompare with equivalentsExplore Cloudflare in TreemapExplore security in HoneycombSee Cloudflare regions on the World MapSee security as a networkScore jurisdiction exposure
DocumentationPricingCloudflare website

Jurisdictional exposure

Provider HQ
USSan Francisco, USA

Subject to CLOUD Act, FISA-702, DPF

Region locations
APACCNEEAEUUKUSOther29 regions across 7 jurisdictions
Sovereign option
No sovereign-flagged regions in the catalogue for this service.
Full scorecard for this service →US lens detail →Sovereign cloud coverage map →

Attributes

Ga Year
2021

Sub-services (3)

Schema Validation

OpenAPI-driven validation that rejects requests violating the contract

mTLS Authentication

Client-certificate auth enforced at the edge for B2B / partner APIs

API Discovery

Auto-discover endpoints from traffic patterns; surface shadow / undocumented APIs

Compliance & Certifications

This service is attested for the following frameworks. Always verify with the provider before relying on a specific compliance posture.

GDPRSOC 2ISO 27001HIPAAPCI DSS

Where this runs

29 regions
26 countries
Commercial regions (29)

Europe (10)

  • Paris
  • Frankfurt
  • Dublin
  • Milan
  • Amsterdam
  • Warsaw
  • Madrid
  • Stockholm
  • Zurich
  • London

North America (4)

  • Toronto
  • Ashburn
  • Chicago
  • San Jose

South America (2)

  • Buenos Aires
  • São Paulo

Asia (6)

  • Hong Kong
  • Mumbai
  • Tokyo
  • Singapore
  • Seoul
  • Taipei

Oceania (2)

  • Sydney
  • Auckland

Middle East (2)

  • Tel Aviv
  • Dubai

Africa (3)

  • Lagos
  • Cape Town
  • Johannesburg

Tags

api-securityschema-validationmtlsrate-limitingsecurity

Equivalent services on other platforms

AWS WAFAWS

Web application firewall that protects against common exploits with managed rule groups, custom rules, rate-based rules, Bot Control, and CAPTCHA challenges

Cloud ArmorGCP

Edge DDoS protection and web application firewall with managed rule sets for OWASP Top 10, adaptive bot protection, and reCAPTCHA Enterprise integration

Pricing

Pricing model:subscription