|
1 | 1 | --- |
2 | | -pcx_content_type: concept |
3 | | -type: overview |
| 2 | +pcx_content_type: reference |
4 | 3 | title: Management and Monitoring |
5 | 4 | sidebar: |
6 | 5 | order: 6 |
7 | | - label: Endpoint Management |
| 6 | + group: |
| 7 | + hideIndex: true |
8 | 8 |
|
9 | 9 | --- |
10 | | - |
11 | | -import { GlossaryTooltip, Plan } from "~/components" |
12 | | - |
13 | | -<Plan type="all" /> |
14 | | - |
15 | | -Monitor the health of your <GlossaryTooltip term="API endpoint">API endpoints</GlossaryTooltip> by saving, updating, and monitoring performance metrics using API Shield’s Endpoint Management. |
16 | | - |
17 | | -**Add endpoints** allows customers to save endpoints directly from [API Discovery](/api-shield/security/api-discovery/) or manually by method, path, and host. |
18 | | - |
19 | | -This will add the specified endpoints to your list of managed endpoints. You can view your list of saved endpoints in the **Endpoint Management** page. |
20 | | - |
21 | | -Cloudflare will start collecting [performance data](/api-shield/management-and-monitoring/#endpoint-analysis) on your endpoint when you save an endpoint. |
22 | | - |
23 | | -:::note |
24 | | - |
25 | | -When an endpoint is using [Cloudflare Workers](/workers/), the metrics data will not be populated. |
26 | | -::: |
27 | | - |
28 | | -## Access |
29 | | - |
30 | | -1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login) and select your account and domain. |
31 | | -2. Select **Security** > **API Shield**. |
32 | | -3. Add your endpoints [manually](#add-endpoints-manually), from [Schema validation](#add-endpoints-from-schema-validation), or from [API Discovery](#add-endpoints-from-api-discovery). |
33 | | - |
34 | | -## Add endpoints from API Discovery |
35 | | - |
36 | | -There are two ways to add API endpoints from Discovery. |
37 | | - |
38 | | -### Add from the Endpoint Management Tab |
39 | | - |
40 | | -1. From Endpoint Management, select **Add endpoints** > **Select from Discovery** tab. |
41 | | -2. Select the discovered endpoints you would like to add. |
42 | | -3. Select **Add endpoints**. |
43 | | - |
44 | | -### Add from the Discovery Tab |
45 | | - |
46 | | -1. From Endpoint Management, select the **Discovery** tab. |
47 | | -2. Select the discovered endpoints you would like to add. |
48 | | -3. Select **Save selected endpoints**. |
49 | | - |
50 | | -## Add endpoints from Schema validation |
51 | | - |
52 | | -1. Add a schema by [configuring Schema validation](/api-shield/security/schema-validation/). |
53 | | -2. On **Review schema endpoints**, save new endpoints to endpoint management by checking the box. |
54 | | -3. Select **Save as draft** or **Save and Deploy**. Endpoints will be saved regardless of whether the Schema is saved as a draft or published. |
55 | | - |
56 | | -API Shield will look for duplicate endpoints that have the same host, method, and path. Duplicate endpoints will not be saved to endpoint management. |
57 | | - |
58 | | -:::note |
59 | | - |
60 | | -If you deselect **Save new endpoints to endpoint management**, the endpoints will not be added. |
61 | | -::: |
62 | | - |
63 | | -## Add endpoints manually |
64 | | - |
65 | | -1. From Endpoint Management, select **Add endpoints** > **Manually add**. |
66 | | -2. Choose the method from the dropdown menu and add the path and hostname for the endpoint. |
67 | | -3. Select **Add endpoints**. |
68 | | - |
69 | | -:::note |
70 | | - |
71 | | -By selecting multiple checkboxes, you can add several endpoints from Discovery at once instead of individually. |
72 | | -::: |
73 | | - |
74 | | -When adding an endpoint manually, you can specify variable fields in the path or host by enclosing them in braces, `/api/user/{var1}/details` or `{hostVar1}.example.com`. |
75 | | - |
76 | | -Cloudflare supports hostname variables in the following formats: |
77 | | - |
78 | | -```txt |
79 | | -
|
80 | | -{hostVar1}.example.com |
81 | | -
|
82 | | -foo.{hostVar1}.example.com |
83 | | -
|
84 | | -{hostVar2}.{hostVar1}.example.com |
85 | | -``` |
86 | | - |
87 | | -Hostname variables must comprise the entire domain field and must not be used with other text in the field. |
88 | | - |
89 | | -The following format is not supported: |
90 | | - |
91 | | -```txt |
92 | | -
|
93 | | -foo-{hostVar1}.example.com |
94 | | -``` |
95 | | - |
96 | | -For more information on how Cloudflare uses variables in API Shield, refer to the examples from [API Discovery](/api-shield/security/api-discovery/). |
97 | | - |
98 | | -## Delete endpoints manually |
99 | | - |
100 | | -You can delete endpoints one at a time or in bulk. |
101 | | - |
102 | | -1. From Endpoint Management, select the checkboxes for the endpoints that you want to delete. |
103 | | -2. Select **Delete endpoints**. |
104 | | - |
105 | | -## Endpoint schema learning |
106 | | - |
107 | | -Cloudflare learns schema parameters via traffic inspection. For all endpoints saved to Endpoint Management, you can export OpenAPI schemas in `v3.0.0` format by hostname. You can also include learned schema parameters. |
108 | | - |
109 | | -To protect your API with a learned schema, refer to [Schema validation](/api-shield/security/schema-validation/#add-validation-by-applying-a-learned-schema-to-an-entire-hostname). |
110 | | - |
111 | | -### Export a schema |
112 | | - |
113 | | -1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account and domain. |
114 | | -2. Select **Security** > **API Shield**. |
115 | | -3. Navigate to **Endpoint Management**. |
116 | | -4. Select **Export schema** and choose a hostname to export. |
117 | | -5. Select whether to include [learned parameters](/api-shield/management-and-monitoring/#learned-schemas-will-always-include) and [rate limit recommendations](/api-shield/security/volumetric-abuse-detection/) |
118 | | -6. Select **Export schema** and choose a location to save the file. |
119 | | - |
120 | | -:::note |
121 | | - |
122 | | -The schema is saved as a JSON file in OpenAPI `v3.0.0` format. |
123 | | -::: |
124 | | - |
125 | | -#### Learned schemas will always include: |
126 | | - |
127 | | -- The listed hostname in the servers section |
128 | | -- All endpoints by host, method, and path |
129 | | -- Detected path variables |
130 | | -- JSON `POST` body formats |
131 | | - |
132 | | -#### Learned schemas can optionally include: |
133 | | - |
134 | | -- Detected query parameters and its format |
135 | | -- API Shield’s rate limit threshold recommendations |
136 | | - |
137 | | -## Endpoint Analysis |
138 | | - |
139 | | -For each saved endpoint, customers can view: |
140 | | - |
141 | | -- **Request count**: The total number of requests to the endpoint over time. |
142 | | -- **Rate limiting recommendation**: per 10 minutes. This is guided by the request count. |
143 | | -- **Latency**: The average origin response time in milliseconds (ms). This metric shows how long it takes from the moment a visitor makes a request to the moment the visitor gets a response back from the origin. |
144 | | -- **Error rate** vs. overall traffic: grouped by 4xx, 5xx, and their sum. |
145 | | -- **Response size**: The average size of the response (in bytes) returned to the request. |
146 | | -- **Labels**: The current [labels](/api-shield/management-and-monitoring/endpoint-labels/) assigned to the endpoint. |
147 | | -- **Authentication status**: The breakdown of which [session identifiers](/api-shield/get-started/#session-identifiers) were seen on successful requests to this endpoint. |
148 | | -- **Sequences**: The number of [Sequence Analytics](/api-shield/security/sequence-analytics/) sequences the endpoint was found in. |
149 | | - |
150 | | -:::note |
151 | | - |
152 | | -Customers viewing analytics have the ability to toggle detailed metrics view between the last 24 hours and 7 days. |
153 | | -::: |
154 | | - |
155 | | -## Using the Cloudflare API |
156 | | - |
157 | | -You can interact with Endpoint Management through the Cloudflare API. Refer to [Endpoint Management’s API documentation](/api/resources/api_gateway/subresources/discovery/subresources/operations/methods/list/) for more information. |
158 | | - |
159 | | -## Sensitive Data Detection |
160 | | - |
161 | | -Sensitive data comprises various personally identifiable information and financial data. Cloudflare created this ruleset to address common data loss threats, and the WAF can search for this data in HTTP response bodies from your origin. |
162 | | - |
163 | | -API Shield will alert users to the presence of sensitive data in the response body of API endpoints listed in Endpoint Management if the zone is also subscribed to the [Sensitive Data Detection managed ruleset](/waf/managed-rules/reference/sensitive-data-detection/). |
164 | | - |
165 | | -Sensitive Data Detection is available to Enterprise customers on our Advanced application security plan. |
166 | | - |
167 | | -Once Sensitive Data Detection is enabled for your zone, API Shield queries firewall events from the WAF for the last seven days and places a notification icon on the Endpoint Management table row if there are any matched sensitive responses for your endpoint. |
168 | | - |
169 | | -API Shield displays the types of sensitive data found if you expand the Endpoint Management table row to view further details. Select **Explore Events** to view the matched events in Security Events. |
170 | | - |
171 | | -After Sensitive Data Detection is enabled for your zone, you can [browse the Sensitive Data Detection ruleset](https://dash.cloudflare.com/?to=/:account/:zone/security/data/ruleset/e22d83c647c64a3eae91b71b499d988e/rules). The link will not work if Sensitive Data Detection is not enabled. |
0 commit comments