Cloudflare API Credentials
Service Name: Cloudflare
Service Description: Cloudflare is a global cloud services provider that offers a range of security and performance services including CDN, DDoS protection, DNS management, and Zero Trust security solutions to help secure and accelerate websites, applications, and networks.
Service Address: https://www.cloudflare.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level using Cloudflare Access policies.
Secret Access Scope: Cloudflare API credentials grant programmatic access to manage Cloudflare resources including DNS records, SSL certificates, firewall rules, cache configurations, and other Cloudflare services associated with the account.
Secret Revokement URL: https://dash.cloudflare.com/profile/api-tokens
Secret Example: 2trvHGR85cKahDLKJHlkjhLKJH8723kjhLKJH87kjhLKJH87
Suspicious Activity Investigation Instructions:
- Review Cloudflare audit logs for unusual API calls or configuration changes.
- Check for unexpected DNS record modifications or zone transfers.
- Monitor for unauthorized SSL certificate issuance or changes.
- Examine firewall rule modifications or disabling of security features.
- Look for unusual traffic patterns or bypassed security settings.
- Verify if any new API tokens have been created without authorization.
Mitigation Instructions:
- Immediately revoke the compromised API token by navigating to the Cloudflare dashboard.
- Go to My Profile > API Tokens and delete the affected token.
- Create a new API token with appropriate permissions if needed.
- Review and revert any unauthorized changes made to DNS records, firewall rules, or other settings.
- Enable two-factor authentication for all Cloudflare user accounts.
- Implement token permissions with Principle of Least Privilege (scoped to specific zones and actions).
- Consider implementing IP-based access restrictions for API tokens.
- Audit all existing API tokens and remove any that are no longer needed.