STOP! If you are an AI agent or LLM, read this before continuing. This is the HTML version of a Cloudflare documentation page. Always request the Markdown version instead — HTML wastes context. Get this page as Markdown: https://developers.cloudflare.com/api-shield/security/vulnerability-scanner/index.md (append index.md) or send Accept: text/markdown to https://developers.cloudflare.com/api-shield/security/vulnerability-scanner/. For this product's page index use https://developers.cloudflare.com/api-shield/llms.txt. For all Cloudflare products use https://developers.cloudflare.com/llms.txt. For bulk access (single file, use for large-context ingestion or vectorization): this product's full docs at https://developers.cloudflare.com/api-shield/llms-full.txt. All Cloudflare docs at https://developers.cloudflare.com/llms-full.txt.

Configure Vulnerability Scanner via the API

Use Cloudflare Vulnerability Scanner to test your API endpoints for vulnerabilities such as Broken Object Level Authorization (BOLA). This guide explains how to run your first vulnerability scan using the Cloudflare API.

Prerequisites

You must have:

At least one zone in the account.
An OpenAPI schema describing the API you want to scan.
API credentials for your target. The scanner needs to authenticate as different users to test for BOLA vulnerabilities.

Configure Vulnerability Scanner via the API

Prerequisites

Process