[yamtaddle]

Depending on what you're doing with it, that may technically be against the TOS on any of their "self-serve" plans, including the paid ones. You might get away with it anyway, especially if your traffic is low, but you'd be rolling the dice.

[Matheus28]

If it's consumed by a web app, doesn't it make it okay? Otherwise any api behind cloudflare would be violating the TOS...

> 2.8 Limitation on Serving Non-HTML Content The Services are offered primarily as a platform to cache and serve web pages and websites. Unless explicitly included as part of a Paid Service purchased by you, you agree to use the Services solely for the purpose of (i) serving web pages as viewed through a web browser or other functionally equivalent applications, including rendering Hypertext Markup Language (HTML) or other functional equivalents, and (ii) serving web APIs subject to the restrictions set forth in this Section 2.8. Use of the Services for serving video or a disproportionate percentage of pictures, audio files, or other non-HTML content is prohibited, unless purchased separately as part of a Paid Service or expressly allowed under our Supplemental Terms for a specific Service. If we determine you have breached this Section 2.8, we may immediately suspend or restrict your use of the Services, or limit End User access to certain of your resources through the Services.

[yamtaddle]

Probably OK, but access it from Electron (let alone fully-native apps) and now you may not technically not be OK anymore—is that functionally equivalent to a web browser? Hard to say. And much of the benefit of web APIs, versus just serving pages and HTML fragments, is being able to serve those kinds of heterogenous clients, or to allow access to 3rd parties, and who knows what they might use to access it, so... yeah, you can push low-usefulness (browser-only, first-party-use-only) web APIs through Cloudflare and you're likely in the clear, but go beyond that and it gets murky fast.

And even then, the web API thing is subject to the rest of the restrictions in that same section ("serving web APIs subject to the restrictions set forth in this Section 2.8") so "serving video or a disproportionate percentage of pictures, audio files, or other non-HTML content is prohibited" (emphasis mine) meaning that if too much of your traffic is JSON or protobufs or what have you, they could send you a nastygram or simply cut you off, though they might choose not to.

Personally, I'd not rely on Cloudflare's free or $20 plans past MVP/experimentation or hobbyist use, precisely because the terms are restrictive and vague. Too risky. Then again, what can you expect for nothing-to-peanuts prices?