Can one cache and secure a REST API with Cloudflare?

Question

I am designing a RESTful API that is intended to be consumed by a single-page application and a native mobile app. Some calls of this API return public results that can be c

Answer 1

Yes CloudFlare can help with DDOS protections and No it does not implement caching and rate-limiting for your API. You are to implement those your self or you use a framework that does.

You can use CloudFlare to protect your API endpoint by using it as a proxy. CloudFlare protects the entire URL bit your can use the page rules to tweak the settings to your api endpoint.

Example: https://api.example.com/*

• Reduce the the security for this rule to between low or medium so as not to show a captcha.
• API's are not meant to show captcha you protect them with authorizations and access codes.
• you can implement HTTP Strict Transport Security and Access-Control Headers on your headers.
• Cloud Hosting providers (e.g DigitalOcean, Vultr,etc..) have free or paid DDoS protection. You can subscribe for it on just that public facing VM. This will be a big plus because now you have double DDOS protection.

For cache APIs

Create a page rule like https://api.example.com/*.json

• Set the Caching Level for that rule such that CloudFlare caches it on its servers for a specific duration.

The are so many other ways you can protect APIs. Hopes this answer has been of help?