Introducing API Shield

Cloudflare has introduced a new feature called "API Shield" to secure APIs through the use of strong client certificate-based identity and strict schema-based validation. The capabilities are available for free in all plans, making it simple to protect APIs from widespread attacks designed to perform unauthorized actions or exfiltrate data. API Shield uses a positive security model that allows only known behavior and identities while rejecting everything else, reducing the noise of credential stuffing attacks and other automated scanning tools. The feature also includes schema validation for JSON payloads, with gRPC/protocol buffer support on the roadmap.