API attacks are rising, and now, Cloudflare is launching what they call ‘API Shield,’ which is designed to protect web APIs from attacks. The past few years have seen a rise in automated exploitation attacks, and Cloudflare is responding.
The Cloudflare API Shield is the new service free for all Cloudflare account holders, no matter what pricing plan they use.
Application Programming Interfaces are just interfaces between different apps. They receive instructions or queries from a ‘Client’ and perform a pre-programmed or pre-defined action.
A need that had to be addressed
APIs are applied in many places. They can be inside self-standing apps and ensure that components communicate with each other. They can be in web-based systems that allow remote ‘clients’ like apps, servers, users, and devices, to connect to the API server and get their queries & commands across, while also receiving data.
The web-based systems are the most prone to attacks because they are located online, where anyone can query them.
Industry reports about the web-based endpoints show that API attacks have risen in number and volume. They are not expected to slow down soon as more companies move to the cloud, where APIs are the glue that holds them together.
More to come
The API shield will work by denying incoming connections that provide no cryptographic certificate and key that the API owner has generated on the API Shield dashboard and then installed on all approved devices like mobile apps, web servers, IoT devices, and others.
Encryptions and certificates may sound like a complicated way to work, but Cloudflare assures users that API Shield’s automation is what makes it easy to use.
Some of the planned features to be added in the automated system include rate limiting, web app rules for APIs, API analytics, and DDoS protection.