Follows the correct sequence: select seat → fill details → pay. Each step must complete before moving to the next.
1 · Select Seat
2 · Details
3 · Pay
Ready — click Step 1 to start
Bot Behavior
Skip to Payment
A bot skips the sequence and hits the payment endpoint directly. API Shield Sequences will detect this and block the request.
1 · Select Seat
2 · Details
3 · Pay
Ready — click to simulate bot attack
How API Shield Sequences work:
You define a sequence rule in Cloudflare that enforces the order of API calls.
If a client skips steps or calls endpoints out of order, the request is blocked.
POST /api/seats/select→POST /api/booking/details→POST /api/payment/checkout
Any request to /api/payment/checkout that was not preceded by
the first two steps (in order) will be flagged and can be logged or blocked via a Sequence Matching rule.