Home / Companies / Cloudflare / Blog / Post Details
Content Deep Dive

HTTPS-only for Cloudflare APIs: shutting the door on cleartext traffic

Blog post from Cloudflare

Post Details
Company
Date Published
Author
Suleman Ahmad, Ash Pallarito, Algin Martin
Word Count
2,213
Company Posts That Month
41
Language
English
Hacker News Points
16
Post removed?
No
Summary

Connections over cleartext HTTP ports risk exposing sensitive information as they are transmitted unencrypted and can be intercepted by network intermediaries. To address this, Cloudflare is closing all HTTP ports on its API endpoint (`api.cloudflare.com`) to prevent initial plaintext requests from being exposed before a secure HTTPS connection is established. This change will make it clear to developers that accessing the API over HTTP instead of HTTPS with their secret API keys can have serious implications. The transition has been made gradually across data centers, and customers will be able to opt-in to this feature in the last quarter of 2025. The goal is to eliminate exposure entirely and prevent sensitive information from being transmitted in plaintext. By closing the underlying cleartext connection, Cloudflare is enforcing HTTPS-only connections for its API traffic, enhancing the security and reliability of its API endpoints.

Trends Found in this Post

No tracked trend matches for this post yet.

Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.