Cloudflare API Gateway GA
March 16, 2022
The Cloudflare API Gateway provides businesses with a simple, fast, and
effective way to protect and control all of their APIs (application
programming interfaces). Organizations are using APIs more than ever
before, yet many of them struggle to secure this traffic as legacy
solutions are often expensive, overly complex, and slow. Cloudflare API
Gateway will simplify the process of identifying, securing, and managing
APIs of any protocol on one of the world’s largest and most
The world runs on APIs—our phones, smartwatches, banking systems, and
shopping sites all rely on APIs to communicate—and API traffic generates
more than 50% of all the HTTP requests on Cloudflare’s global network.
With this explosive growth it has become more critical than ever for
businesses of all sizes to have robust protection and a clear view of
their API suite. According to Gartner®: “API security challenges have
emerged as a top concern for most software engineering leaders, as
unmanaged and unsecured APIs create vulnerabilities that could
accelerate multimillion dollar security incidents.” However, traditional
legacy solutions are often difficult to implement, expensive to run, and
unreasonably slow. Now, Cloudflare API Gateway provides a single hub
allowing businesses to quickly discover APIs they weren’t aware of and
easily secure them in just a few clicks.
“APIs were never built with security in mind. Yet, today APIs are
involved in nearly every app a consumer or employee touches, often
carrying our sensitive personal data,” said Matthew Prince, CEO and
co-founder of Cloudflare. “Every day Cloudflare’s network blocks about
86 billion cyber threats for our customers. We’re confident that no
other API tool sees the breadth or volume of threats that we do. We’ve
built next generation AI and Machine Learning engines that take API
management to a new level, automatically detecting new APIs and
preventing threats. As with other Cloudflare products, API Gateway will
do all of this at a fraction of the cost and without the latency
introduced by legacy solutions.”
With Cloudflare API Gateway, businesses will be able to:
and stop API abuse: Leveraging Cloudflare’s unique Machine Learning
engine that processes 32+ million requests per second, customers can now
automatically analyze their API traffic to detect and prevent API
Automatically detect unmanaged APIs: As API use grows, sometimes
developers may publish APIs that security teams aren't aware of.
Cloudflare API Gateway passively scans the entire network and
automatically lists API endpoints for complete visibility.
Create and manage APIs directly with Cloudflare Workers: Customers will
be able to use integrations with Cloudflare Workers to create
lightweight, dynamic APIs that run at our edge.
Offload authentication and authorization: The gateway will support
industry protocols like OAuth 2.0, JSON Web Tokens (JWT) as well as
leverage authentication methods available in Cloudflare Access such as
Mutual TLS and service tokens.
Seamlessly route, log, and measure API requests: Cloudflare's existing
products, like Transform Rules, will introduce native gateway
functionality without adding latency, helping keep Cloudflare’s API
Gateway as fast as possible.
Schema Validation, API Discovery, mTLS, and API Abuse detection are