Route your API endpoints using API Routing
API Shield Routing enables customers to create a unified external-facing API that routes requests to different back-end services that may have different paths and hosts than the existing zone and DNS configuration.
Process
You must add Source Endpoints to Endpoint Management through established methods, including uploading a schema, via API Discovery, or by adding manually, before creating a route.
To create a route, you will need the operation ID of the Source Endpoint. To find the operation ID in the dashboard:
- Log in to the Cloudflare dashboard and select your account and domain.
- Select Security > API Shield.
- Filter the endpoints to find your Source Endpoint.
- Expand the row for your Source Endpoint and note the operation ID field.
- Select the copy icon to copy the operation ID to your clipboard.
Once your Source Endpoints are added to Endpoint Management, use the following API calls to create and verify routes on any given operation ID:
Create a route
cURL commandcurl --request PUT "https://api.cloudflare.com/client/v4/zones/{zoneID}/api_gateway/operations/{operationID}/route" \
--header "Content-Type: application/json" \
--data '{"route": "https://api.example.com/api/service"}'
Response{ "result": { "route": "https://api.example.com/api/service" }, "success": true, "errors": [], "messages": []
}
Verify a Route
cURL commandcurl --request GET "https://api.cloudflare.com/client/v4/zones/{zoneID}/api_gateway/operations/{operationID}/route" \
--header "Content-Type: application/json"
Response{ "result": { "route": "https://api.example.com/api/service" }, "success": true, "errors": [], "messages": []
}
Remove a route
cURL commandcurl --request DELETE "https://api.cloudflare.com/client/v4/zones/{zoneID}/api_gateway/operations/{operationID}/route" \
--header "Content-Type: application/json"
Response{ "result":{}, "success":true, "errors":[], "messages":[]
}
Test a route
After sending a request to your Source Endpoint, you should see the contents of the back-end service as if you called the Target Endpoint directly.
If API Shield returns unexpected results, check your Source Endpoint host, method, and path and verify the route to ensure the Target Endpoint value is correct.
Limitations
The Target Endpoint cannot be routed to a Worker if the route is to the same zone.
You cannot change the method of a request. For example, a GET
Source Endpoint will always send a GET
request to the Target Endpoint.
You must use all of the variables in the Target Endpoint that appear in the Source Endpoint. For example, routing /api/{var1}/users/{var2}
to /api/users/{var2}
is not allowed and will result in an error since {var1}
is present in the Source Endpoint but not in the Target Endpoint.