Protected API?
Hi, so for pages like the index file, I can set up a WAF rule to force a challange, to prevent it from getting ddossed,
but when i for example have /api/getInfo, I obviously can't force a challange on that endpoint.
My question is, is there a way to sign api calls, so that without cloudflare cleareance that you got from getting on the page, you can't reach the api?
I know things like caching, ratelimiting etc. help, but there is always a limit, it won't protect a massive botnet for example on an endpoint that has to be uncached.
1 Reply
I will look at it thank you