Skip to main content

Cloudflare API Credentials

Description#

General#

  • Documentation: https://api.cloudflare.com/
  • Summary: Cloudflare protects and accelerates websites, providing CDN services, DDoS mitigation, network security and DNS. Cloudflare's API exposes the entire Cloudflare infrastructure via a standardized programmatic interface : anything that can be done on cloudflare.com dashboard can be done using the API : that's the reason why Cloudflare credentials are highly sensitive. The API provides multiple ways to authenticate:
  • With an API token
  • With a CA Key
  • With a Global API Key associated to an email address.
  • IPs allowlist: As of the time of writing this documentation, this feature is not yet supported.
  • Scopes: Scopes are specified when creating the token, but custom scopes cannot be set for Global API key and CA key

Revoke the secret#

An API token can be revoked via cloudflare's dashboard or with the API, see this [documentation] (https://api.cloudflare.com/#user-api-tokens-delete-token) for more details. The Global API key and CA keycan only be changed from Cloudflare's dashboard

Check for suspicious activity#

The application offers audit logs to check for suspicious activity. See docs

Details for Cloudflare ca key#

  • Family: Api

  • Category: CDN

  • Company: Cloudflare

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 1

  • Occurrences found for one million commits: very rare

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames: []  check_binaries: false  include_default_banlist_extensions: true  ban_markup: false- type: ContentWhitelistPreValidator  patterns:  - cloudflare- type: ContentWhitelistPreValidator  patterns:  - v1\.0-

Examples#

- text: |    "curl -X DELETE "https://api.cloudflare.com/client/v4/certificates/3664634374038615934" \     -H "X-Auth-User-Service-Key: v1.0-e24fe050c02dfcaccb4de8f5ee247fb5c78b48646fdf0ce76b29f94a0f90756b-cfa33fe60e8e34073c149323454383fc9005d25c9b4c502c2f063457ef65322eade065975001a0b4b4c591c5e1bd36a6e8f7e2d4fa8a9ec01c64c041e99530c2-07b9efe0acd78c82c8d9c690aacb8656d81c369246d7f996a205fe3c18e9254a"  apikey: "v1.0-e24fe050c02dfcaccb4de8f5ee247fb5c78b48646fdf0ce76b29f94a0f90756b-cfa33fe60e8e34073c149323454383fc9005d25c9b4c502c2f063457ef65322eade065975001a0b4b4c591c5e1bd36a6e8f7e2d4fa8a9ec01c64c041e99530c2-07b9efe0acd78c82c8d9c690aacb8656d81c369246d7f996a205fe3c18e9254a"- text: |    "curl -X DELETE "https://api.cloudflare.com/client/v4/certificates/3664634374033242543" \     -H "X-Auth-User-Service-Key: v1.0-125a8b5519b126526fc3640d-4734f25dc3e1f768241132453456747648735645637653785ccc7570dda15e8fa31cd2ba0888249be88800f8ac21998d8cee2016ebca71588c5ad4034b3cfcefe5c30aea43141165"  apikey: "v1.0-125a8b5519b126526fc3640d-4734f25dc3e1f768241132453456747648735645637653785ccc7570dda15e8fa31cd2ba0888249be88800f8ac21998d8cee2016ebca71588c5ad4034b3cfcefe5c30aea43141165"- text: |    "curl -X DELETE "https://api.cloudflare.com/client/v4/certificates/3664634374038615934" \    -H "X-Auth-User-Service-Key: v1.0-e24fe050c02dfcaccb4de8f5ee247fb5c78b48646fdf0ce76b29f94a0f90756b-cfa33fe60e8e34073c149323454383fc9005d25c9b4c502c2f063457ef65322eade065975001a0b4b4c591c5e1bd36a6e8f7e2d4fa8a9ec01c64c041e99530c2-07b9efe0acd78c82c8d9c690aacb8656d81c369246d7f996a205fe3c18e9254a"  apikey: "v1.0-e24fe050c02dfcaccb4de8f5ee247fb5c78b48646fdf0ce76b29f94a0f90756b-cfa33fe60e8e34073c149323454383fc9005d25c9b4c502c2f063457ef65322eade065975001a0b4b4c591c5e1bd36a6e8f7e2d4fa8a9ec01c64c041e99530c2-07b9efe0acd78c82c8d9c690aacb8656d81c369246d7f996a205fe3c18e9254a"  filename: some_file.md

Details for Cloudflare auth email#

  • Family: Api

  • Category: CDN

  • Company: Cloudflare

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 4.57

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames: []  check_binaries: false  include_default_banlist_extensions: true  ban_markup: false- type: ContentWhitelistPreValidator  patterns:  - cloudflare

Examples#

- text: |    email="foo.bar@mail.com", apikey="78aa565a1a17665b5c6444b96fd9175a45f6f", endpoint="https://api.cloudflare.com/client/v4/"  client_id: "foo.bar@mail.com"  client_secret: "78aa565a1a17665b5c6444b96fd9175a45f6f"- text: email="foo.bar@mail.com", apikey="78aa565a1a17665b5c6444b96fd9175a45f6f", endpoint="https://api.cloudflare.com/client/v4/"
  client_id: foo.bar@mail.com  client_secret: 78aa565a1a17665b5c6444b96fd9175a45f6f  filename: some_file.md

Details for Cloudflare api token#

  • Family: Api

  • Category: CDN

  • Company: Cloudflare

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 0.24

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames: []  check_binaries: false  include_default_banlist_extensions: true  ban_markup: false- type: ContentWhitelistPreValidator  patterns:  - cloudflare

Examples#

- text: |    CLOUDFLARE_API_TOKEN=8wXU_dJJM-wQcDfBDGMh31-Jnw8UK__7mExAmPle
  apikey: 8wXU_dJJM-wQcDfBDGMh31-Jnw8UK__7mExAmPle- text: CLOUDFLARE_API_TOKEN=8wXU_dJJM-wQcDfBDGMh31-Jnw8UK__7mExAmPle
  apikey: 8wXU_dJJM-wQcDfBDGMh31-Jnw8UK__7mExAmPle  filename: some_file.md