cloudflare · pedrosousa · Jul 14, 2025 · Jun 6, 2025 · Jun 6, 2025 · Jun 6, 2025
@@ -4,10 +4,9 @@ type: overview
 title: Build developer portals
 sidebar:
   order: 5
-
 ---
 
-import { GlossaryTooltip, Tabs, TabItem, Steps } from "~/components"
+import { GlossaryTooltip, Tabs, TabItem, Steps } from "~/components";
 
 Once your <GlossaryTooltip term="API endpoint">endpoints</GlossaryTooltip> are saved, API Shield doubles as an API catalog. API Shield can build an interactive documentation portal with the knowledge it has of your APIs, or you can upload a new OpenAPI schema file to build a documentation portal ad-hoc.
 
@@ -29,23 +28,25 @@ To create a developer portal:
       6. Select **Create pages project** to begin project creation. A new Pages project will be automatically created and your API schema will be automatically uploaded to the project along with other supporting static content.
       7. Select **Deploy site**.
     </Steps>
+
   </TabItem>
   <TabItem label="New dashboard" icon="rocket">
     <Steps>
       1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login), and select your account and domain.
-      2. Go to **Security** > **Settings**
+      2. Go to **Security** > **Settings**.
       3. Filter by **API abuse**.
       4. On **Create a developer portal**, select **Create site**.
-      4. Upload an OpenAPI v3.0 schema file or choose to select an existing schema from API Shield.
+      5. Upload an OpenAPI v3.0 schema file or choose to select an existing schema from API Shield.
           :::note
           If you do not have a schema to upload or to select from a pre-existing schema, export your Endpoint Management schema. For best results, include the learned parameters.
 
           Only <GlossaryTooltip term="API schema">API schemas</GlossaryTooltip> uploaded to Schema validation 2.0 are available when selecting existing schemas.
           :::
-      5. Select **Download project files** to save a local copy of the files that will be uploaded to Cloudflare Pages. Downloading the project files can be helpful if you wish to modify the project in any way and then upload the new version manually to Pages.
-      6. Select **Create pages project** to begin project creation. A new Pages project will be automatically created and your API schema will be automatically uploaded to the project along with other supporting static content.
-      7. Select **Deploy site**.
+      6. Select **Download project files** to save a local copy of the files that will be uploaded to Cloudflare Pages. Downloading the project files can be helpful if you wish to modify the project in any way and then upload the new version manually to Pages.
+      7. Select **Create pages project** to begin project creation. A new Pages project will be automatically created and your API schema will be automatically uploaded to the project along with other supporting static content.
+      8. Select **Deploy site**.
     </Steps>
+
   </TabItem>
 </Tabs>
 

@@ -109,7 +109,7 @@ Cloudflare will only add authentication labels to endpoints with successful resp
       1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login), and select your account and domain.
       2. Go to **Security** > **Settings**.
       3. Filter by **API abuse**.
-      4. Under **Endpoint labels**, select **Manage label**.
+      4. Under **Endpoint labels**, select **Manage labels**.
       5. Name the label and add an optional label description.
       6. Apply the label to your selected endpoints.
       7. Select **Create label**.

@@ -36,7 +36,7 @@ A JWT validation configuration consists of creating a token validation configura
       1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login), and select your account and domain.
       2. Go to **Security** > **Settings**.
       3. Filter by **API abuse**.
-      4. On **Token configurations**, select **Configure tokens**.
+      4. On **Token configurations**, select **Configure tokens**. If you already have one or more tokens, select **&lt;N> out of &lt;M> configurations used** instead.
       5. Add a name for your configuration.
       6. Choose where Cloudflare can locate the JWT for this configuration on incoming requests, such as a header or cookie and its name.
       7. Copy and paste your JWT issuer's public key(s) (JWKS).
@@ -87,7 +87,7 @@ To automatically keep your JWKS up to date when your identity provider refreshes
 
 :::note
 
-Token configuration rules will automatically apply to new endpoints added to Endpoint Management if those endpoints also match the rule. 
+Token configuration rules will automatically apply to new endpoints added to Endpoint Management if those endpoints also match the rule.
 :::
 
 ## Special cases

@@ -28,7 +28,7 @@ If you are uploading a schema via the API or Terraform, you must parse the schem
 
 :::note
 
-To view the contents in your learned schema, refer to [Export a schema](/api-shield/management-and-monitoring/#export-a-schema) in Endpoint Management. 
+To view the contents in your learned schema, refer to [Export a schema](/api-shield/management-and-monitoring/#export-a-schema) in Endpoint Management.
 :::
 
 ### Add validation by uploading a schema
@@ -48,7 +48,7 @@ To view the contents in your learned schema, refer to [Export a schema](/api-shi
    <TabItem label="New dashboard" icon="rocket">
       <Steps>
          1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login), and select your account and domain.
-         2. Go to **Security** > **Web assets** > **Schema Validation**.
+         2. Go to **Security** > **Web assets** > **Schema validation**.
          3. Select **Add validation**.
          4. Upload a schema file.
          5. Select **Add schema and endpoints**.
@@ -57,7 +57,7 @@ To view the contents in your learned schema, refer to [Export a schema](/api-shi
 </Tabs>
 
 :::note
-Changes may take a few minutes to process depending on the number of added endpoints. 
+Changes may take a few minutes to process depending on the number of added endpoints.
 :::
 
 ### Add validation by applying a learned schema to a single endpoint
@@ -113,12 +113,12 @@ At this time, learned schemas will not overwrite customer-uploaded schemas. If a
 </Tabs>
 
 :::note
-If an endpoint is currently protected by a learned schema, the date of the last applied learned schema will be shown in the current schema field. 
+If an endpoint is currently protected by a learned schema, the date of the last applied learned schema will be shown in the current schema field.
 :::
 
 ### Add validation by adding a fallthrough rule
 
-A fallthrough rule acts as a catch-all for requests that do not match endpoints in [Endpoint Management](/api-shield/management-and-monitoring/). 
+A fallthrough rule acts as a catch-all for requests that do not match endpoints in [Endpoint Management](/api-shield/management-and-monitoring/).
 
 By ensuring that all your endpoints in a schema are added to Endpoint Management, the fallthrough action can protect you against legacy or zombie endpoints that your team may be unaware of.
 
@@ -136,22 +136,25 @@ To set up a fallthrough action:
          7. Name your rule and select your action.
          8. Select **Save as draft** to deploy later, or **Deploy** to deploy now.
       </Steps>
+
+      Your current fallthrough rules can be viewed in the custom rules list.
+
    </TabItem>
    <TabItem label="New dashboard" icon="rocket">
       <Steps>
          1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login), and select your account and domain.
-         2. Go to **Security** > **Settings**.
-         3. Filter by **API abuse**.
-         4. Under **Custom fallthrough rules**, select **Create custom fallthrough rule** to create a custom fallthrough rule with the template.
+         2. Go to **Security** > **Security rules**.
+         3. Select **Templates**.
+         4. Search for the template named `Mitigate API requests to unidentified endpoints` and select **Preview template**.
          5. Give your rule a descriptive name.
          6. Choose one or more hostnames from the dropdown menu and select your action.
          7. Select **Save as draft** to deploy later, or **Deploy** to deploy now.
       </Steps>
+
+      Your current fallthrough rules can be viewed in the security rules list.
    </TabItem>
 </Tabs>
 
-Your current fallthrough rules can be viewed in the custom rules list.
-
 :::note
 You can use the `cf.api_gateway.fallthrough_triggered` syntax in your own custom rule for a more customized logic check. This detection will evaluate as `true` when a request does not match an endpoint in Endpoint Management, so it is important to check against your API's hostname or root path to ensure that you are not blocking any non-API traffic on your zone.
 :::
@@ -208,13 +211,11 @@ To change the default action:
    <TabItem label="New dashboard" icon="rocket">
       <Steps>
          1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login), and select your account and domain.
-         2. Go to **Security** > **Web assets** > **Schema Validation**.
-         3. Select **Schema Validation**.
-         4. Under the default `Log` action, select **Change**.
-         5. Choose a new action from the dropdown menu.
-         6. Observe the current action and accept the change by selecting **Change default action** in the popup window.
+         2. Go to **Security** > **Settings** and filter by **API abuse**.
+         3. Under **Schema validation** > **Configurations**, select the edit icon next to **Default action**.
+         4. Choose a new action from the dropdown menu.
+         5. Select **Save**.
       </Steps>
-      Alternatively, you can modify the global action via **Security** > **Settings** > **Schema Validation**.
    </TabItem>
 </Tabs>
 
@@ -241,11 +242,10 @@ To change the action on an individual endpoint:
    <TabItem label="New dashboard" icon="rocket">
       <Steps>
          1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login), and select your account and domain.
-         2. Go to **Security** > **Web assets** > **Schema Validation**.
-         3. Select **Schema Validation** and filter the selected endpoint.
-         4. Select the ellipses on the endpoint's row.
-         5. Select **Change action**.
-         6. Choose a new action from the dropdown menu and select **Set action**.
+         2. Go to **Security** > **Web assets** > **Schema validation** tab.
+         3. Search for the endpoint to change.
+         4. Select the three dots on the endpoint's row > **Change action**.
+         5. Choose a new action from the dropdown menu and select **Set action**.
       </Steps>
    </TabItem>
 </Tabs>
@@ -268,10 +268,10 @@ To disable Schema Validation without changing actions:
    <TabItem label="New dashboard" icon="rocket">
       <Steps>
          1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login), and select your account and domain.
-         2. Go to **Security** > **Web assets** > **Schema Validation**.
+         2. Go to **Security** > **Web assets** > **Schema validation**.
          3. Select **Schema settings**.
          4. Filter by **API abuse**.
-         5. Turn **Schema Validation** off.
+         5. Turn **Schema validation** off.
       </Steps>
    </TabItem>
 </Tabs>
@@ -293,10 +293,10 @@ Your per-endpoint configurations will be saved when modifying the setting, so th
    <TabItem label="New dashboard" icon="rocket">
       <Steps>
          1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login), and select your account and domain.
-         2. Go to **Security** > **Web assets** > **Schema Validation**.
+         2. Go to **Security** > **Web assets** > **Schema validation** tab.
          3. Select **Schema settings**.
          4. Filter by **API abuse**.
-         5. View your schemas on **Schema Validation** > **Active schemas**.
+         5. View your schemas on **Schema validation** > **Active schemas**.
       </Steps>
    </TabItem>
 </Tabs>
@@ -320,10 +320,10 @@ To delete currently uploaded or learned schemas:
    <TabItem label="New dashboard" icon="rocket">
       <Steps>
          1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login), and select your account and domain.
-         2. Go to **Security** > **Web assets** > **Schema Validation**.
+         2. Go to **Security** > **Web assets** > **Schema validation** tab.
          3. Select **Schema settings**.
          4. Filter by **API abuse**.
-         5. View your schemas on **Schema Validation** > **Active schemas**.
+         5. View your schemas on **Schema validation** > **Active schemas**.
          6. Select the ellipses to access the menu and download or delete the listed schema.
       </Steps>
    </TabItem>
@@ -337,11 +337,11 @@ OpenAPI schemas generated by different tooling may not be specific enough to imp
 
 ## Limitations
 
-Schema Validation supports [OpenAPI Version 3.0.x schemas](https://spec.openapis.org/oas/v3.0.3). OpenAPI 3.1 is not supported yet, and we do not plan to expand support for OpenAPI 2.0. 
+Schema Validation supports [OpenAPI Version 3.0.x schemas](https://spec.openapis.org/oas/v3.0.3). OpenAPI 3.1 is not supported yet, and we do not plan to expand support for OpenAPI 2.0.
 
 Currently, API Shield does not support some features of API schemas, including the following: all responses, external references, non-basic path templating, or unique items.
 
-There is a limit of 10,000 total operations for enabled schemas for Enterprise customers subscribed to [API Shield](/api-shield/). To raise this limit, contact your account team. 
+There is a limit of 10,000 total operations for enabled schemas for Enterprise customers subscribed to [API Shield](/api-shield/). To raise this limit, contact your account team.
 
 For limits on Free, Pro, Business, or Enterprise customers not subscribed to API Shield, refer to [Plans](/api-shield/plans/).
 
@@ -456,4 +456,4 @@ Media-ranges can also be configured to enforce a `charset` parameter. For this,
 
 ## Availability
 
-Schema Validation is available for all customers. Refer to [Plans](/api-shield/plans/) for more information based on your plan type. 
+Schema Validation is available for all customers. Refer to [Plans](/api-shield/plans/) for more information based on your plan type.
@@ -47,24 +47,24 @@ If your website does not have a `robots.txt` file, Cloudflare creates a new file
 
 To implement a `robots.txt` file on your domain:
 
-<Tabs syncKey="dashNewNav"> 
+<Tabs syncKey="dashNewNav">
 	<TabItem label="Old dashboard">
 		<Steps>
 			<Render
 				file="enable-managed-robots-txt"
 				params={{ one: "Bot Fight Mode" }}
 			/>
 		</Steps>
-	</TabItem> 
+	</TabItem>
 	<TabItem label="New dashboard" icon="rocket">
 		<Steps>
 			1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login), and select your account and domain.
 			2. Go to **Security** > **Settings**.
 			3. Filter by **Bot traffic**.
-			4. Go to **Managed robots.txt**. 
-			5. Turn **Managed robots.txt** on.
+			4. Go to **Manage AI bot traffic with robots.txt**.
+			5. Turn **Manage AI bot traffic with robots.txt** on.
 		</Steps>
-	</TabItem> 
+	</TabItem>
 </Tabs>
 
 ## Availability

@@ -23,7 +23,7 @@ This Enterprise product provides the most flexibility to customers by:
 
 Bot Management is automatically enabled for Enterprise zones entitled with the add-on.
 
-<Tabs syncKey="dashNewNav"> 
+<Tabs syncKey="dashNewNav">
   <TabItem label="Old dashboard">
       To enable a [Bot Management](https://dash.cloudflare.com/?to=/:account/:zone/security/bots) trial on Enterprise zones without the Bot Management add-on entitled:
     <Steps>
@@ -37,9 +37,9 @@ Bot Management is automatically enabled for Enterprise zones entitled with the a
 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login), and select your account and domain.
 2. Go to **Security** > **Settings**.
 3. Filter by **Bot traffic**.
-4. Go to **Bot Management**. 
-5. Turn **Bot Management** on.
-6. Choose how your domain should respond to various types of traffic by selecting the associated edit icon.   
+4. Go to **Bot management**.
+5. Turn **Bot management** on.
+6. Choose how your domain should respond to various types of traffic by selecting the associated edit icon.
       - For more details on verified bots, refer to [Verified Bots](/bots/concepts/bot/#verified-bots).
       - For more details on supported file types, refer to [Static resource protection](/bots/additional-configurations/static-resources/).
       - For more details on invisible code injection, refer to [JavaScript detections](/bots/additional-configurations/javascript-detections/).

@@ -24,7 +24,7 @@ To update the Challenge Passage (and the value of the `cf_clearance` cookie):
 1. Log into the [Cloudflare dashboard](https://dash.cloudflare.com).
 2. Select your account and domain.
 3. Go to **Security** > **Settings**.
-4. For **Challenge Passage**, set a duration.
+4. For **Challenge passage**, set a timeout duration.
 
 ### Limitations
 

@@ -27,7 +27,7 @@ If you do not have access to Page Shield in the Cloudflare dashboard, check if y
 
 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
 2. Go to **Security** > **Settings** and filter by **Client side abuse**.
-3. Next to **Continuous script monitoring**, set the toggle to **On**.
+3. Turn on **Continuous script monitoring**.
 
 If you do not have access to resource monitoring in the Cloudflare dashboard, check if your user has one of the [necessary roles](/page-shield/reference/roles-and-permissions/).