Cloudflare for android app and web API

Hello.

I have an android app that uses an API with a backend. Also a website using the same API to connect with the same backend.

The main reason of using Cloudflare for that is DDoS protection, WAF, zero trust and stopping bots. We don’t need to use CDN to serve any content or any similar thing.

I would like to know If It is possible using Cloudflare for serving the data from the API or that’s directly a violation of their TOS for serving non-html content.
The API serves in both sides text, and in some cases images.

As I’ve saw in this forum, a solution for that is getting the enterprise plan, who probably is more expensive than even the business plan, being prohibitive since we get just a lite amount of traffic, most time not even reaching a gigabyte.

In case it’s not complaining with TOS, it there any alternative to protect APIs without needing a business plan? I’ve saw Cloudflare has a specific product called API gateway, but seems to be restricted to enterprise too.

I’d say it’s fine, however, Cloudflare has the final answer on this and the odds are that they won’t give you a conclusive answer.

My suggestion? Go for it. If Cloudflare ever wants money from you, they will send an email before taking any actions (throttling your site, disabling the zone, etc).

I would like to be sure and not risk that way, mainly because they could directly disable or ban my account, affecting my main domain (they’re my registrar) and a website that has nothing to do with what I had mentioned.

Hope I get an official response about that, but they should at least have a clearer policy and terms, without generalizing so much. They say non-html content, but most websites need to have at least javascript or CSS, so as said, it’s too generalized.