Protecting public JSON API responses from scraping when using Cloudflare CDN — is there any real solution?
Hi, I have a web app that serves cached JSON files via Cloudflare CDN. The data is generated by a proprietary algorithm and has significant competitive value. The JSON structure is simple to discover: /cache/_index.json → lists manifest URLs /cache/manifest_xxx.json → lists data file URLs /cache/data_xxx.json → actual proprietary data Anyone can write a 20-line script to crawl the full dataset in minutes. Rate limiting (Nginx, 60 req/min) slows it down but doesn't stop a patient scraper. The obvious solution would be JWT token authentication on the JSON endpoints, but Cloudflare CDN caches by URL — adding auth headers breaks caching entirely, defeating the purpose of having a CDN. Constraints: Must keep Cloudflare CDN caching working (performance critical) No user login/registration exists — it's a fully public site Data must remain accessible to legitimate browser users Cannot move away from Cloudflare Is there any real, production-proven solution to this problem? Or is "public CDN-cached data" fundamentally incompatible with "access control"? What would you do? submitted by /u/JosetxoXbox [link] [留言]