Cloudflare API Credentials
Description#
General#
- Documentation: https://api.cloudflare.com/
- Summary: Cloudflare protects and accelerates websites, providing CDN services,
DDoS mitigation, network security and DNS.
Cloudflare's API exposes the entire Cloudflare infrastructure via a standardized
programmatic interface : anything that can be done on
cloudflare.comdashboard can be done using the API : that's the reason whyCloudflarecredentials are highly sensitive. The API provides multiple ways to authenticate:
- With an
API token - With a
CA Key - With a
Global API Keyassociated to an email address.
- IPs allowlist: As of the time of writing this documentation, this feature is not yet supported.
- Scopes: Scopes are specified when creating the token, but custom scopes cannot be set for
Global API keyandCA key
Revoke the secret#
An API token can be revoked via cloudflare's dashboard or with the API,
see this [documentation] (https://api.cloudflare.com/#user-api-tokens-delete-token) for more details.
The Global API key and CA keycan only be changed
from Cloudflare's dashboard
Check for suspicious activity#
The application offers audit logs to check for suspicious activity. See docs
Details for Cloudflare ca key#
Family: Api
Category: CDN
Company: Cloudflare
High recall: False
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: True
Minimum number of matches: 1
Occurrences found for one million commits: very rare
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: false- type: ContentWhitelistPreValidator patterns: - cloudflare- type: ContentWhitelistPreValidator patterns: - v1\.0-
Examples#
- text: | "curl -X DELETE "https://api.cloudflare.com/client/v4/certificates/3664634374038615934" \ -H "X-Auth-User-Service-Key: v1.0-e24fe050c02dfcaccb4de8f5ee247fb5c78b48646fdf0ce76b29f94a0f90756b-cfa33fe60e8e34073c149323454383fc9005d25c9b4c502c2f063457ef65322eade065975001a0b4b4c591c5e1bd36a6e8f7e2d4fa8a9ec01c64c041e99530c2-07b9efe0acd78c82c8d9c690aacb8656d81c369246d7f996a205fe3c18e9254a" apikey: "v1.0-e24fe050c02dfcaccb4de8f5ee247fb5c78b48646fdf0ce76b29f94a0f90756b-cfa33fe60e8e34073c149323454383fc9005d25c9b4c502c2f063457ef65322eade065975001a0b4b4c591c5e1bd36a6e8f7e2d4fa8a9ec01c64c041e99530c2-07b9efe0acd78c82c8d9c690aacb8656d81c369246d7f996a205fe3c18e9254a"- text: | "curl -X DELETE "https://api.cloudflare.com/client/v4/certificates/3664634374033242543" \ -H "X-Auth-User-Service-Key: v1.0-125a8b5519b126526fc3640d-4734f25dc3e1f768241132453456747648735645637653785ccc7570dda15e8fa31cd2ba0888249be88800f8ac21998d8cee2016ebca71588c5ad4034b3cfcefe5c30aea43141165" apikey: "v1.0-125a8b5519b126526fc3640d-4734f25dc3e1f768241132453456747648735645637653785ccc7570dda15e8fa31cd2ba0888249be88800f8ac21998d8cee2016ebca71588c5ad4034b3cfcefe5c30aea43141165"- text: | "curl -X DELETE "https://api.cloudflare.com/client/v4/certificates/3664634374038615934" \ -H "X-Auth-User-Service-Key: v1.0-e24fe050c02dfcaccb4de8f5ee247fb5c78b48646fdf0ce76b29f94a0f90756b-cfa33fe60e8e34073c149323454383fc9005d25c9b4c502c2f063457ef65322eade065975001a0b4b4c591c5e1bd36a6e8f7e2d4fa8a9ec01c64c041e99530c2-07b9efe0acd78c82c8d9c690aacb8656d81c369246d7f996a205fe3c18e9254a" apikey: "v1.0-e24fe050c02dfcaccb4de8f5ee247fb5c78b48646fdf0ce76b29f94a0f90756b-cfa33fe60e8e34073c149323454383fc9005d25c9b4c502c2f063457ef65322eade065975001a0b4b4c591c5e1bd36a6e8f7e2d4fa8a9ec01c64c041e99530c2-07b9efe0acd78c82c8d9c690aacb8656d81c369246d7f996a205fe3c18e9254a" filename: some_file.md
Details for Cloudflare auth email#
Family: Api
Category: CDN
Company: Cloudflare
High recall: False
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: True
Minimum number of matches: 2
Occurrences found for one million commits: 4.57
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: false- type: ContentWhitelistPreValidator patterns: - cloudflare
Examples#
- text: | email="foo.bar@mail.com", apikey="78aa565a1a17665b5c6444b96fd9175a45f6f", endpoint="https://api.cloudflare.com/client/v4/" client_id: "foo.bar@mail.com" client_secret: "78aa565a1a17665b5c6444b96fd9175a45f6f"- text: email="foo.bar@mail.com", apikey="78aa565a1a17665b5c6444b96fd9175a45f6f", endpoint="https://api.cloudflare.com/client/v4/"
client_id: foo.bar@mail.com client_secret: 78aa565a1a17665b5c6444b96fd9175a45f6f filename: some_file.md
Details for Cloudflare api token#
Family: Api
Category: CDN
Company: Cloudflare
High recall: False
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: True
Minimum number of matches: 1
Occurrences found for one million commits: 0.24
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: false- type: ContentWhitelistPreValidator patterns: - cloudflare
Examples#
- text: | CLOUDFLARE_API_TOKEN=8wXU_dJJM-wQcDfBDGMh31-Jnw8UK__7mExAmPle
apikey: 8wXU_dJJM-wQcDfBDGMh31-Jnw8UK__7mExAmPle- text: CLOUDFLARE_API_TOKEN=8wXU_dJJM-wQcDfBDGMh31-Jnw8UK__7mExAmPle
apikey: 8wXU_dJJM-wQcDfBDGMh31-Jnw8UK__7mExAmPle filename: some_file.md