Cloudflare Enablement
API Shield
Testing
GitHub icon
Edit this page on GitHub
Set theme to dark (⇧+D)
  1. Products
  2. API Shield
  3. Management and Monitoring
  4. Session identifiers

Session identifiers

While not strictly required, it is recommended that you configure your session identifiers when getting started with API Shield. When Cloudflare inspects your API traffic for individual sessions, we can offer more tools for visibility, management, and control.

If you are unsure of the session identifiers that your API uses, consult with your development team. A common session identifier for API traffic is the Authorization header.

​​ To set up session identifiers

  1. Log in to the Cloudflare dashboard and select your account and domain.
  2. Go to Security > API Shield.
  3. Select Settings.
  4. On Endpoint settings, select Manage identifiers.
  5. Enter the necessary information.
  6. Select Save.

After setting up session identifiers and allowing some time for Cloudflare to learn your traffic patterns, you can view your per endpoint and per session rate limiting recommendations, as well as enforce per endpoint and per session rate limits by creating new rules. Session identifiers will allow you to view API Discovery results from session ID-based discovery and session traffic patterns in Sequence Analytics.