Protecting APIs with JWT Validation

Cloudflare has introduced a new feature that allows its customers to protect their APIs from broken authentication attacks by validating incoming JSON Web Tokens (JWTs) with API Gateway. This update addresses four main feature requests and includes support for the Bearer token format, multiple JWKS configurations, validation of JWTs sent in cookies, and exclusion of any number of managed endpoints in a JWT validation rule. Broken authentication is the top threat on the OWASP Top 10 and the second-highest threat on the OWASP API Top 10. JSON Web Token Validation in API Gateway enforces a positive security model for authenticated API users, helping to prevent these attacks.