Endpoint Management
Monitor the health of your API endpoints by saving, updating, and monitoring performance metrics using API Shield’s Endpoint Management.
Add endpoints allows customers to save endpoints directly from API Discovery or manually by method, path, and host.
This will add the specified endpoints to your list of managed endpoints. You can view your list of saved endpoints in the Endpoint Management page.
Cloudflare will start collecting performance data on your endpoint when you save an endpoint.
- Log in to the Cloudflare dashboard ↗, and select your account and domain.
- Select Security > API Shield.
- Add your endpoints manually, from Schema validation, or from API Discovery.
- Log in to the Cloudflare dashboard ↗, and select your account and domain.
- Go to Security > Web assets > Endpoints.
- Select Add endpoints.
- Add your endpoints manually, from Schema validation, or from API Discovery.
There are two ways to add API endpoints from Discovery.
- From Endpoint Management, select Add endpoints > Select from Discovery tab.
- Select the discovered endpoints you would like to add.
- Select Add endpoints.
- From Endpoints, go to Add endpoints > Select from Discovery tab.
- Select the discovered endpoints you would like to add.
- Select Add endpoints.
- From Endpoint Management, select the Discovery tab.
- Select the discovered endpoints you would like to add.
- Select Save selected endpoints.
- From Web assets, go to the Discovery tab.
- Select the discovered endpoints you would like to add.
- Select Save selected endpoints.
- Add a schema by configuring Schema validation.
- On Review schema endpoints, save new endpoints to endpoint management by checking the box.
- Select Save as draft or Save and Deploy. Endpoints will be saved regardless of whether the schema is saved as a draft or published.
- From Web assets, go to the Endpoints tab.
- Select Add endpoints > Upload Schema.
- Upload a schema file.
- Select Add schema and endpoints.
API Shield will look for duplicate endpoints that have the same host, method, and path. Duplicate endpoints will not be saved to endpoint management.
- From Endpoint Management, select Add endpoints > Manually add.
- Choose the method from the dropdown menu and add the path and hostname for the endpoint.
- Select Add endpoints.
- From Web assets, go to the Endpoints tab.
- Select Add endpoints > Manually add.
- Choose the method from the dropdown menu and add the path and hostname for the endpoint.
- Select Add endpoints.
When adding an endpoint manually, you can specify variable fields in the path or host by enclosing them in braces, /api/user/{var1}/details or {hostVar1}.example.com.
Cloudflare supports hostname variables in the following formats:
{hostVar1}.example.com
foo.{hostVar1}.example.com
{hostVar2}.{hostVar1}.example.comHostname variables must comprise the entire domain field and must not be used with other text in the field.
The following format is not supported:
foo-{hostVar1}.example.comFor more information on how Cloudflare uses variables in API Shield, refer to the examples from API Discovery.
You can delete endpoints one at a time or in bulk.
- From Endpoint Management, select the checkboxes for the endpoints that you want to delete.
- Select Delete endpoints.
- From Web assets, go to the Endpoints tab.
- Select the checkboxes for the endpoints that you want to delete.
- Select Delete endpoints.
For each saved endpoint, customers can view:
- Request count: The total number of requests to the endpoint over time.
- Rate limiting recommendation: per 10 minutes. This is guided by the request count.
- Latency: The average origin response time in milliseconds (ms). This metric shows how long it takes from the moment a visitor makes a request to the moment the visitor gets a response back from the origin.
- Error rate vs. overall traffic: grouped by 4xx, 5xx, and their sum.
- Response size: The average size of the response (in bytes) returned to the request.
- Labels: The current labels assigned to the endpoint.
- Authentication status: The breakdown of which session identifiers were seen on successful requests to this endpoint.
- Sequences: The number of Sequence Analytics sequences the endpoint was found in.
You can interact with Endpoint Management through the Cloudflare API. Refer to Endpoint Management’s API documentation for more information.
Sensitive data comprises various personally identifiable information and financial data. Cloudflare created this ruleset to address common data loss threats, and the WAF can search for this data in HTTP response bodies from your origin.
API Shield will alert users to the presence of sensitive data in the response body of API endpoints listed in Endpoint Management if the zone is also subscribed to the Sensitive Data Detection managed ruleset.
Sensitive Data Detection is available to Enterprise customers on our Advanced application security plan.
Once Sensitive Data Detection is enabled for your zone, API Shield queries firewall events from the WAF for the last seven days and places a notification icon on the Endpoint Management table row if there are any matched sensitive responses for your endpoint.
API Shield displays the types of sensitive data found if you expand the Endpoint Management table row to view further details. Select Explore Events to view the matched events in Security Events.
After Sensitive Data Detection is enabled for your zone, you can browse the Sensitive Data Detection ruleset ↗. The link will not work if Sensitive Data Detection is not enabled.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark