API Protection
Your APIs get the same edge protection as your web traffic. Schema validation, rate limiting, payload inspection, and request logging. Define what's allowed, and everything else gets blocked.
What It Does
Upload your API spec, set your rules, and the edge enforces them on every request. No SDK, no code changes.
Schema Validation
Upload your OpenAPI 3.0 spec and we enforce it at the edge. Requests that don't match your schema get rejected before they reach your backend. Wrong content types, missing fields, unexpected parameters, all caught automatically.
Rate Limiting
Control how many requests each client can make to each endpoint. Set thresholds per path, per method, or globally. Abusive clients get throttled while legitimate traffic flows through.
Payload Inspection
Every request and response body gets inspected at the edge for threats, injection patterns, and policy violations. Malicious payloads, embedded scripts, and suspicious data structures get caught before they reach your backend or your users.
Request Logging
Every API request gets logged with full context: path, method, headers, response codes, latency. See exactly what's hitting your API, what's getting blocked, and where the bottlenecks are.
Security at the Edge
API protection runs alongside the WAF, bot detection, and DDoS mitigation. Your API traffic gets the full stack.
Enforce Your API Contract
If a request doesn't match your OpenAPI spec, it doesn't get through. No unexpected query parameters, no malformed payloads, no undocumented endpoints. Your API contract becomes your security policy.
Stop Abuse at the Edge
Rate limiting, bot detection, and WAF rules all apply to your API traffic too. Credential stuffing, brute force, and scraping attempts get caught before they hit your application.
Request Transformation
Modify headers, query parameters, and request bodies at the edge before they reach your backend. Rewrite paths, inject authentication tokens, strip sensitive headers, and normalize payloads without changing your application code.
Full Audit Trail
Every request, every response, every block. Complete visibility into your API traffic for debugging, compliance, and incident response.
Coming Soon
We're building more API-specific features. Here's what's next.
JWT Validation
Validate JWT tokens at the edge before requests reach your backend. Check signatures, expiration, claims, and issuers without adding any code to your application.
GraphQL Security
Query depth limiting, introspection control, and cost analysis for GraphQL APIs. Prevent expensive queries from taking down your server.
API Discovery
Automatically discover and catalog all API endpoints across your infrastructure. Find shadow APIs, undocumented endpoints, and deprecated routes you forgot about.
mTLS Authentication
Enforce mutual TLS at the edge for API-to-API communication. Both client and server verify each other's certificates, ensuring only trusted services can talk to your endpoints.
Lock down your APIs
Upload your OpenAPI spec, configure your rules, and your API traffic starts flowing through the edge. Protection in minutes, not weeks.