cloudflare · patriciasantaana · Jan 22, 2026 · Jan 22, 2026
@@ -0,0 +1,31 @@
+---
+title: New BOLA Vulnerability Detection for API Shield
+description: Find broken object level authorization attacks with BOLA Vulnerability Detection for API Shield
+date: 2025-11-12
+---
+
+Now, API Shield automatically searches for and highlights **Broken Object Level Authorization (BOLA) attacks** on managed API endpoints. API Shield will highlight both BOLA enumeration attacks and BOLA pollution attacks, telling you what was attacked, by who, and for how long.
+
+You can find these attacks three different ways: Security Overview, Endpoint details, or Security Analytics. If these attacks are not found on your managed API endpoints, there will not be an overview card or security analytics suspicious activity card.
+
+On the Security Overview card, select the suggestion > **View details** to review the top attacked API endpoints, endpoint details, and the attack summary:
+![BOLA attack Overview card](~/assets/images/changelog/api-shield/bola-overview-card.png)
+![BOLA attack Overview drawer](~/assets/images/changelog/api-shield/bola-overview-drawer.png)
+
+From the endpoint details, you can select **View attack** to find details about the BOLA attacker’s sessions.
+
+![BOLA attack endpoint details](~/assets/images/changelog/api-shield/bola-endpoint-attack.png)
+
+From here, select **View in Analytics** to observe attacker traffic over time for the last seven days.
+
+![BOLA attack analytics drawer](~/assets/images/changelog/api-shield/bola-analytics-drawer.png)
+
+Your search will filter to traffic on that endpoint in the last seven days, along with the malicious session IDs found in the attack. Session IDs are hashed for privacy and will not be found in your origin logs. Refer to IP and JA4 fingerprint to cross-reference behavior at the origin.
+
+At any time, you can also start your investigation into attack traffic from Security Analytics by selecting the suspicious activity card.
+
+![Suspicious Activity card](~/assets/images/changelog/api-shield/bola-suspicious-card.png)
+
+We urge you to take all of this client information to your developer team to research the attacker behavior and ensure any broken authorization policies in your API are fixed at the source in your application, preventing further abuse.
+
+In addition, this release marks the end of the beta period for these scans. All Enterprise customers with API Shield subscriptions will see these new attacks if found on their zone.