Thank you! Your request has been submitted.
Oops! Something went wrong while submitting the form.
In recent weeks, many libraries and vendors have experienced disruptions in harvesting COUNTER 5.1 usage statistics. The root cause in most of these cases is Cloudflare protection applied in front of COUNTER API services (formerly known as SUSHI).
At CELUS, we work with usage data from libraries all over the world, and we want to help clarify what is happening, why it is a problem specifically for COUNTER APIs, and what options are available to libraries and publishers.
The COUNTER API is designed for machine-to-machine communication.
Its purpose is to allow automated systems—such as library analytics platforms—to regularly and reliably harvest standardized usage reports without human intervention.
This automation is a core requirement of the COUNTER Code of Practice and is essential for:
Over the past month, we have seen a growing number of COUNTER 5.1 endpoints protected by Cloudflare security mechanisms. These protections are appearing primarily on platforms hosted by Atypon Systems, including publishers such as:
In many cases, Cloudflare is actively presenting CAPTCHA challenges when an automated client attempts to access the COUNTER API. Since CAPTCHAs require human interaction, this blocks automated harvesting entirely.
Protecting publicly exposed web resources is absolutely valid and often necessary. However, the COUNTER API is not a public web interface — it is a technical service endpoint intended exclusively for automated access.
Applying CAPTCHA-based protection to such endpoints breaks their fundamental purpose. Automated systems cannot solve CAPTCHAs, and there is no supported way to bypass them without human involvement.
Some providers attempt to work around this by allowing access based on IP address recognition. While this approach may appear to solve the immediate problem, it introduces new issues:
The COUNTER Code of Practice Release 5.1 explicitly defines how authentication and security for the COUNTER API should work. Workarounds such as IP-based authentication are not compliant with Section 8.2 (Authentication and Security for the COUNTER API).
COUNTER has addressed this topic directly in their guidance, including the article published by COUNTER Metrics:
Protecting the COUNTER API, which explains acceptable approaches to securing API access without disrupting automated harvesting.
To help libraries and publishers understand the current landscape, we maintain a continuously updated overview:
COUNTER 5.1 INFO – Cloudflare blocking status
This page visualizes:
The goal is transparency: libraries can quickly see whether an issue is likely related to Cloudflare protection and identify the responsible data host.
If you are affected by this issue, there are two main paths forward:
CELUS is happy to provide additional technical context, examples, or supporting information if it helps move the discussion forward.
COUNTER 5.1 was designed to improve consistency, security, and interoperability across the usage statistics ecosystem. For it to work as intended, COUNTER APIs must remain accessible to automated systems without human-interaction barriers.
We hope this article helps clarify why Cloudflare protection—when applied incorrectly—creates real operational problems, and why resolving this issue benefits libraries, publishers, and vendors alike.
If you have questions or need assistance, feel free to contact us at ask@celus.net.
