Skip to main content

Purpose

The Cloudflare integration enables AirMDR to authenticate with Cloudflare and access account- or zone-level configuration and security context required for alert enrichment, investigation, and workflow automation. Depending on the use case, AirMDR may use either a legacy Global API Key with the account email, or a scoped API Token with specific permissions. Cloudflare recommends using API tokens whenever possible because they are more secure and more narrowly scoped than Global API Keys.

Prerequisites

Ensure you meet these prerequisites before starting:
  • Access to a Cloudflare account with administrative privileges.
  • At least one domain (zone) added to your Cloudflare account.
  • Access to the required account and zone.
  • Permission to create:
    • API Tokens, or
    • Access legacy Global API Key
  • Secure storage for the generated credentials
ComponentSupported Version
Cloudflare DashboardSupported
Cloudflare APICurrent supported API
AirMDR PlatformCurrent supported cloud deployments
AirMDR supports the following Cloudflare authentication inputs, depending on the integration workflow:
CredentialDescription
Authentication EmailEmail address of the Cloudflare user account
Authentication API KeyCloudflare Global API Key (legacy authentication)
API TokenScoped Cloudflare API token
Account IDUnique identifier of the Cloudflare account
Zone IDUnique identifier of the Cloudflare zone

🔑 Cloudflare Integration Guide: Global API Key, Email, Account ID, and Zone ID

This guide outlines the process of retrieving key credentials from your Cloudflare dashboard for integration with external tools and APIs.

Retrieve Your Cloudflare Account ID

  1. From the main dashboard, select any of your active domains.
  2. In the left-hand sidebar, scroll down and click Overview (if not already selected).
  3. In the right-side panel (under “API”), locate your Account ID.
  4. Click Copy to save it.

Generate a Global API Key

To generate an Global API key in the Cloudflare Platform for integrating with AirMDR, follow these steps:
1

Sign In to Cloudflare

  1. Go to Cloudflare dashboard.
  2. Enter your login credentials and sign in.
2

Retrieve Your Authentication Email

Your authentication email is the email address you use to log into Cloudflare.

It will appear in the top-right corner of the dashboard once you’re logged in.This email is used along with your API key when authenticating API requests.
  1. Log in to the Cloudflare dashboard.
  2. Click your profile icon in the top-right corner.
  3. Open your profile settings.
  4. Note the email address associated with the account.
    Use only this value as the Authentication Email when AirMDR requires legacy Global API Key authentication
3

Generate the Global API Key (Authentication API Key)

  1. From the dashboard, click your profile icon in the top-right corner.
  2. Select My Profile → Go to the API Tokens tab.
  3. Under API Keys section, locate Global API Key and click View.
  4. Enter your password to confirm.
  5. Click Copy to store the key securely.
    The Global API Key grants full account access.
    Copy and securely save the secret API key in your preferred password manager or secure storage solution. Use the Global API Key only if your AirMDR integration specifically requires the legacy authentication model.

Retrieve Your Cloudflare Zone ID (Optional)

  1. From the Overview tab of your selected domain (zone):
  2. Scroll down to the section titled API or Zone ID.
  3. Locate the Zone ID and click Copy.
    The Zone ID uniquely identifies your domain within Cloudflare.
Email the Admin API key, Authentication Email, Cloudflare Account ID, and Cloudflare Zone ID to AirMDR
or
Self configure OpenAI in the AirMDR Integrations Dashboard.

✅ Summary

CredentialDescription
Authentication EmailYour Cloudflare login email
Global API Key / TokenUsed to authenticate API requests
Account IDUnique ID for your Cloudflare account
Zone ID (Optional Requirement only)Unique ID for each domain (zone) added to Cloudflare

Post-Setup Security Best Practices (Optional)

  • Store credentials in environment variables or secrets managers.
  • Rotate Global API keys/API tokens regularly and revoke unused tokens immediately.
  • Support
    • For Cloudflare account and API token issues, refer to Cloudflare API and account documentation. For AirMDR integration issues, contact AirMDR Support.

Skills Provided by this Integration

Skill IDPurpose
Get Cloudflare Security Center InsightsFetches security insights from Cloudflare Security Center for accounts or zones.
Get Cloudflare Audit LogsFetches audit logs from Cloudflare accounts showing changes and activities.
Cloudflare Get Account Audit Logs for DetectionsThis skill retrieves audit logs from Cloudflare for detection purposes. It supports filtering by actor email/IP, time ranges, zones, and pagination to identify security-related activities and configuration changes.
List Cloudflare Access ApplicationsLists Cloudflare Access applications for accounts or zones with rich filters.
Get Cloudflare Zone DetailsGets Cloudflare zones with optional filters or a specific zone by ID.
Create Cloudflare Ruleset RuleCreates a new rule within a Cloudflare ruleset for accounts or zones.
To view the details of Input Parameters and Output for the respective skills
  • Go to AirMDR → Cloudflare Integration page.
  • Select the Skills tab and click on the required listed skills.

Test Cloudflare Authentication

Sample cURL Requests to Test Cloudflare Authentication 

curl -X GET "https://api.cloudflare.com/client/v4/accounts/<YOUR_ACCOUNT ID_ID>/dns_records" \
  -H "X-Auth-Email: <YOUR_EMAIL@example.com>" \
  -H "X-Auth-Key: <YOUR_GLOBAL_API_KEY>" \
  -H "Content-Type: application/json"
  • YOUR_ACCOUNT_ID with your actual Cloudflare Account ID
  • YOUR_EMAIL@example.com with your Cloudflare account email
  • YOUR_GLOBAL_API_KEY with your Global API Key.

{
  "success": true,
  "errors": [],
  "messages": [],
  "result": [
    {
      "id": "023e105f4ecefd0c353",
      "type": "A",
      "name": "example.com",
      "content": "192.0.2.1",
      "ttl": 3600,
      "proxied": false
    },
    {
      "id": "a1b2c3d4",
      "type": "CNAME",
      "name": "www.example.com",
      "content": "example.com",
      "ttl": 1,
      "proxied": true
    }
  ]
}

Error Handling

ErrorCauseResolution
Invalid API KeyIncorrect Global API KeyRecheck the Global API Key in My Profile
Invalid Authentication EmailWrong Cloudflare account emailConfirm the login email used in Cloudflare
Invalid API TokenToken expired, revoked, or missing scopeRecreate the token with the correct permissions
Account ID not foundWrong account selectedVerify the account from Account Home or Workers & Pages
Zone ID not foundWrong zone selectedVerify the zone from the Overview page
Permission deniedToken lacks required permissionsUpdate token scopes and retry

Configure Cloudflare in the AirMDR Integrations Dashboard

  1. Navigate to AirMDR, provide the credentials, and click Login
  2. Navigate to the AirMDR Integrations Dashboard in the left navigation pane and select Integrations.
  3. Use the search option, enter the keyword “Cloudflare”, select the Connections tab, and click Add New Connection.
  4. Enter an unique name to the Instance (e.g., your org name-Cloudflare) and brief Description to easily identify the user connection by AirMDR.
  5. Enter the generated Authentication API Key (Global API Key), and retrieved Authentication Email, Cloudflare Account ID, Cloudflare Zone ID and Expiry (optional) in the Authentication Details field params, and click Save.