Cloudflare Docs
API Shield
Visit API Shield on GitHub
Set theme to dark (⇧+D)

Configure Schema Validation

Use the API Shield interface to configure API Schema Validation, which validates requests according to the API Schema you provide.

Before you can configure Schema Validation for an API, you must obtain an API Schema file matching our specifications.

​​ Create an API Shield with Schema Validation

To configure Schema Validation in the Cloudflare dashboard:

  1. Log in to the Cloudflare dashboard and select your account and application.

  2. Click Security > API Shield.

  3. In the API Shield card, click Deploy API Shield.

  4. For the Shield properties, enter a descriptive name and set up an expression to trigger your shield.

    For example, if your API is available at http://api.example.com/v1, include a check for the Hostname field — equal to api.example.com — and a check for the URI Path field using a regular expression — matching the regex ^/v1.

  5. Click Next.

  6. In the Schema Validation card, switch the toggle to On.

  7. For Upload API Schema, upload your schema file.

  8. Click Save to validate the content of the schema file and deploy the Schema Validation rule.

    If you get a validation error, make sure you are using one of the supported file formats and that each endpoint and method pair has a unique Operation ID.

  9. After deploying your API Shield rule, Cloudflare displays a summary of all API endpoints organized by their protection level and actions that will occur for non-compliant and unprotected requests.

  10. In the Endpoint action dropdown, select an action for every request that targets a protected endpoint and fails Schema Validation.

  11. In the Fallthrough action dropdown, select an action for every request that targets an unprotected endpoint.

  12. Click Done.