Starter Hub Starter Hub

Bảo vệ API với Cloudflare Secure an API with Cloudflare

API thường bị abuse bởi bots, scrapers, credential stuffing, excessive requests và broken clients. APIs are often abused by bots, scrapers, credential stuffing, excessive requests, and broken clients.

Kiến trúc gợi ý Suggested architecture

Mobile/Web Client → Cloudflare API security controls → API origin Mobile/Web Client → Cloudflare API security controls → API origin

Sơ đồ tham chiếu (Cloudflare Docs) Reference diagrams (Cloudflare Docs)

Figure 1: Securing data from the user device, all the way to the website/API

Securing data in transit Securing data in transit

Bảo vệ data in transit với Gateway/DLP — inspect TLS traffic trước khi tới SaaS hoặc Internet. Data in transit is often considered vulnerable to interception or tampering during transmission. Data Loss Prevention (DLP) technologies can be used to inspect the contents of network traffic and block sensitive data from going to a risky destination.

Thuật ngữ: Concepts: Gateway · DLP · TLS · CASB · Inline inspection

Sơ đồ chính thức ↗ Official diagram ↗ · Security Security

Figure 1: How Cloudflare identifies, scores and processes traffic from bots.

Bot management Bot management

Luồng phát hiện, chấm điểm và xử lý bot traffic trên edge — nền tảng cho WAF, rate limit và Bot Management. Cloudflare has bot management capabilities to help identify and mitigate automated traffic to protect domains from bad bots.

Thuật ngữ: Concepts: Bot score · Super Bot Fight Mode · WAF · Rate limiting

Sơ đồ chính thức ↗ Official diagram ↗ · Bots Bots

Controls & stack Controls & stack

  • WAF + managed rules cho pattern phổ biến WAF + managed rules for common patterns
  • Rate limiting theo endpoint (login, OTP, search, checkout) Endpoint-based rate limiting (login, OTP, search, checkout)
  • Bot protection cho traffic automation xấu Bot protection for harmful automation
  • Schema validation cho request/response quan trọng Schema validation for critical request/response
  • mTLS/token validation cho internal/auth endpoints mTLS/token validation for internal/auth endpoints
  • Logging/analytics để thấy top paths & top clients Logging/analytics to see top paths & clients

Next step Next step

Tiếp tục hành trình học của bạn. Continue your learning journey.

Làm quiz Take quiz