Web assets

Discover web assets such as your API endpoints and instruct Cloudflare how to best protect them.

Endpoints

Use the Endpoints tab to manage endpoints available on your domain and monitor their health.

You can save endpoints directly from API Discovery, manually by method, path, and host, or via Schema Validation.

This will add the specified endpoints to your list of managed endpoints. You can view your list of managed endpoints in the Endpoints tab.

For saved endpoints:

• Cloudflare will start collecting performance data per endpoint.
• You can use the labeling service to organize your endpoints by use case.

For more information on how to manage your endpoints, refer to the following resources.

• Endpoint Management
• Endpoint schema learning
• Endpoint Analysis

Discovery

Discovery continuously finds your active API endpoints via path normalization.

Add endpoints to produce recommendations and analytics of your APIs. Your session identifiers must match your API traffic. Otherwise, API endpoints are also discoverable via Machine Learning.

Note

Discovery is only available for Enterprise customers. If you are an Enterprise customer and interested in this product, contact your account team.

Sequences

Use Sequences to discover how users interact with your API, by tracking the order of API session requests over time. Sequences will group and highlight popular user journeys across your API.

Once you configure session identifiers, the Sequences tab will start grouping and highlighting important user journeys (sequences) across your API.

To configure session identifiers, go to Security > Settings > All settings tab and select Edit next to Session identifiers.

For more information on how Cloudflare identifies API sequences and how you can configure API sequence rules, refer to the following resources:

• Sequence analytics
• Sequence mitigation

Note

The Sequences tab includes functionality available in API Shield in the previous dashboard navigation structure.

Schema validation

Use Schema validation to check if your incoming traffic complies with a previously supplied API Schema.

API Schemas are defined by the validity of the API request's properties such as target endpoint, path or query variable format, and HTTP method. A rule is created for incoming traffic and defines which traffic is allowed and which traffic is logged or blocked based on the API schema that you provide or select from the list of learned schemas.

You can add schema validation by:

• Uploading a schema
• Applying a learned schema to a single endpoint
• Applying a learned schema to an entire hostname
• Adding a fallthrough rule

Note

The Schema validation tab includes functionality available in API Shield in the previous dashboard navigation structure.

Client-side resources

Use Client-side resources to monitor scripts, connections, and cookies on your domain.

If you notice unexpected scripts or connections on the dashboard, check them for signs of malicious activity. You should also check for any new or unexpected cookies.

Enterprise customers with a paid add-on will have their connections and scripts classified as potentially malicious based on threat feeds.

Note

The Client-side resources tab includes functionality available in Page Shield in the previous dashboard navigation structure.