Depending on what you're doing with it, that may technically be against the TOS on any of their "self-serve" plans, including the paid ones. You might get away with it anyway, especially if your traffic is low, but you'd be rolling the dice.

If it's consumed by a web app, doesn't it make it okay? Otherwise any api behind cloudflare would be violating the TOS...

> 2.8 Limitation on Serving Non-HTML Content The Services are offered primarily as a platform to cache and serve web pages and websites. Unless explicitly included as part of a Paid Service purchased by you, you agree to use the Services solely for the purpose of (i) serving web pages as viewed through a web browser or other functionally equivalent applications, including rendering Hypertext Markup Language (HTML) or other functional equivalents, and (ii) serving web APIs subject to the restrictions set forth in this Section 2.8. Use of the Services for serving video or a disproportionate percentage of pictures, audio files, or other non-HTML content is prohibited, unless purchased separately as part of a Paid Service or expressly allowed under our Supplemental Terms for a specific Service. If we determine you have breached this Section 2.8, we may immediately suspend or restrict your use of the Services, or limit End User access to certain of your resources through the Services.

Probably OK, but access it from Electron (let alone fully-native apps) and now you may not technically not be OK anymore—is that functionally equivalent to a web browser? Hard to say. And much of the benefit of web APIs, versus just serving pages and HTML fragments, is being able to serve those kinds of heterogenous clients, or to allow access to 3rd parties, and who knows what they might use to access it, so... yeah, you can push low-usefulness (browser-only, first-party-use-only) web APIs through Cloudflare and you're likely in the clear, but go beyond that and it gets murky fast.

And even then, the web API thing is subject to the rest of the restrictions in that same section ("serving web APIs subject to the restrictions set forth in this Section 2.8") so "serving video or a disproportionate percentage of pictures, audio files, or other non-HTML content is prohibited" (emphasis mine) meaning that if too much of your traffic is JSON or protobufs or what have you, they could send you a nastygram or simply cut you off, though they might choose not to.

Personally, I'd not rely on Cloudflare's free or $20 plans past MVP/experimentation or hobbyist use, precisely because the terms are restrictive and vague. Too risky. Then again, what can you expect for nothing-to-peanuts prices?

We do: We use Cloudflare Cache with Workers serving as API gateway handling a fairly low 2K reqs/day.

https://news.ycombinator.com/item?id=29339642 / https://news.ycombinator.com/item?id=24699175

We do that with CloudFront. Default is no cache, but some API responses specifically enable caching in the response headers (mainly the version check API).

If you're using the CDN by default it won't cache dynamic URLs. I'm 99% sure it will cache static .json files though, if that can work for you.

You can also create "page rules" using wildcards to cache dynamic URLs. Eg: /api/*

Another option is to use Workers to fetch from origin and interact with the cache with more control.

I did. If you need eviction, things get either suboptimal, complicated or costly. If you don't need that the only other thing to watch out is the upload size limit, and we'll only if that is ever relevant to you. You might want a direct endpoint for these.

We managed to get it working for analytical SQL queries [1] for our database. It's kind of questionable whether this is an intended use of Cloudflare, but it feels like it, since we use it for query results, which are essentially a static asset in our use case (dashboards and visualizations).

[1] https://www.splitgraph.com/blog/seafowl-sql-cdn

If u want to be as cheap as possible but in line with tos maybe cache manually to r2, then have some logic in your client to get from r2 or ur server?