Skip to main content
__wf_reserved_inherit

Cloudflare API Credentials

Description

General

  • Documentation: https://api.cloudflare.com/
  • Summary: Cloudflare protects and accelerates websites, providing CDN services, DDoS mitigation, network security and DNS. Cloudflare's API exposes the entire Cloudflare infrastructure via a standardized programmatic interface : anything that can be done on cloudflare.com dashboard can be done using the API : that's the reason why Cloudflare credentials are highly sensitive. The API provides multiple ways to authenticate:
  • With an API token
  • With a CA Key
  • With a Global API Key associated to an email address.
  • IPs allowlist: As of the time of writing this documentation, this feature is not yet supported.
  • Scopes: Scopes are specified when creating the token, but custom scopes cannot be set for Global API key and CA key

Revoke the secret

An API token can be revoked via cloudflare's dashboard or with the API, see this [documentation] (https://api.cloudflare.com/#user-api-tokens-delete-token) for more details. The Global API key and CA keycan only be changed from Cloudflare's dashboard

Check for suspicious activity

The application offers audit logs to check for suspicious activity. See docs

Details for Cloudflare ca key

  • Family: Api

  • Category: CDN

  • Company: Cloudflare

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 1

  • Occurrences found for one million commits: very rare

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - cloudflare
- type: ContentWhitelistPreValidator
  patterns:
    - v1\.0-

Examples

- text: |
    "curl -X DELETE "https://api.cloudflare.com/client/v4/certificates/3664634374038615934" \
     -H "X-Auth-User-Service-Key: v1.0-e24fe050c02dfcaccb4de8f5ee247fb5c78b48646fdf0ce76b29f94a0f90756b-cfa33fe60e8e34073c149323454383fc9005d25c9b4c502c2f063457ef65322eade065975001a0b4b4c591c5e1bd36a6e8f7e2d4fa8a9ec01c64c041e99530c2-07b9efe0acd78c82c8d9c690aacb8656d81c369246d7f996a205fe3c18e9254a"
  apikey: 'v1.0-e24fe050c02dfcaccb4de8f5ee247fb5c78b48646fdf0ce76b29f94a0f90756b-cfa33fe60e8e34073c149323454383fc9005d25c9b4c502c2f063457ef65322eade065975001a0b4b4c591c5e1bd36a6e8f7e2d4fa8a9ec01c64c041e99530c2-07b9efe0acd78c82c8d9c690aacb8656d81c369246d7f996a205fe3c18e9254a'
- text: |
    "curl -X DELETE "https://api.cloudflare.com/client/v4/certificates/3664634374033242543" \
     -H "X-Auth-User-Service-Key: v1.0-125a8b5519b126526fc3640d-4734f25dc3e1f768241132453456747648735645637653785ccc7570dda15e8fa31cd2ba0888249be88800f8ac21998d8cee2016ebca71588c5ad4034b3cfcefe5c30aea43141165"
  apikey: 'v1.0-125a8b5519b126526fc3640d-4734f25dc3e1f768241132453456747648735645637653785ccc7570dda15e8fa31cd2ba0888249be88800f8ac21998d8cee2016ebca71588c5ad4034b3cfcefe5c30aea43141165'
- text: |
    "curl -X DELETE "https://api.cloudflare.com/client/v4/certificates/3664634374038615934" \
    -H "X-Auth-User-Service-Key: v1.0-e24fe050c02dfcaccb4de8f5ee247fb5c78b48646fdf0ce76b29f94a0f90756b-cfa33fe60e8e34073c149323454383fc9005d25c9b4c502c2f063457ef65322eade065975001a0b4b4c591c5e1bd36a6e8f7e2d4fa8a9ec01c64c041e99530c2-07b9efe0acd78c82c8d9c690aacb8656d81c369246d7f996a205fe3c18e9254a"
  apikey: 'v1.0-e24fe050c02dfcaccb4de8f5ee247fb5c78b48646fdf0ce76b29f94a0f90756b-cfa33fe60e8e34073c149323454383fc9005d25c9b4c502c2f063457ef65322eade065975001a0b4b4c591c5e1bd36a6e8f7e2d4fa8a9ec01c64c041e99530c2-07b9efe0acd78c82c8d9c690aacb8656d81c369246d7f996a205fe3c18e9254a'

Details for Cloudflare auth email

  • Family: Api

  • Category: CDN

  • Company: Cloudflare

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 4.57

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - cloudflare

Examples

- text: |
    email="foo.bar@mail.com", apikey="78aa565a1a17665b5c6444b96fd9175a45f6f", endpoint="https://api.cloudflare.com/client/v4/"
  client_id: 'foo.bar@mail.com'
  client_secret: '78aa565a1a17665b5c6444b96fd9175a45f6f'
- text: email="foo.bar@mail.com", apikey="78aa565a1a17665b5c6444b96fd9175a45f6f", endpoint="https://api.cloudflare.com/client/v4/"

  client_id: foo.bar@mail.com
  client_secret: 78aa565a1a17665b5c6444b96fd9175a45f6f

Details for Cloudflare api token

  • Family: Api

  • Category: CDN

  • Company: Cloudflare

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 0.24

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - cloudflare

Examples

- text: |
    CLOUDFLARE_API_TOKEN=8wXU_dJJM-wQcDfBDGMh31-Jnw8UK__7mExAmPle

  apikey: 8wXU_dJJM-wQcDfBDGMh31-Jnw8UK__7mExAmPle
- text: CLOUDFLARE_API_TOKEN=8wXU_dJJM-wQcDfBDGMh31-Jnw8UK__7mExAmPle

  apikey: 8wXU_dJJM-wQcDfBDGMh31-Jnw8UK__7mExAmPle
__wf_reserved_inherit__wf_reserved_inherit

Something we didn’t cover?

__wf_reserved_inherit

See our Roadmap

__wf_reserved_inherit

Subscribe on GitHub

__wf_reserved_inherit

Submit a request

__wf_reserved_inherit

API status