We have product which includes Frontend and Backend. So, When USER open the website, the front send a request on the backend via API.
We understand how Cloudflare works for Frontend, but don’t understand how it works for an API request. We need a security for backend. Please, tell us your experience and detail how we can work with Cloudflare.
Ideally your frontend is speaking with your backend in the same datacenter/application instance and shouldn’t be exposed to the interwebs directly. If it is exposed to the interwebs, it should be locked down to only accept connections from your application… via IP and/or api key or token to prevent malicious queries from non-authorized sources.
Cloudflare is a cloud based service, it doesn’t run in your datacenter. Application level logic /security for your service should be handled within the services layer. You can further restrict possible allowable queries to/through the frontend using WAF rules.
Thank you for the feedback. We have already used token for exchange data from front to back, but we need more security and are thinking about Cloudflare solutions. Maybe somebody has case like us and share details how he do it.