Cloudflare API Token
Service Name: Cloudflare
Service Description: Cloudflare is a global cloud services provider that offers a range of security and performance services including CDN, DDoS protection, DNS management, and Zero Trust security solutions to help secure and accelerate websites, applications, and networks.
Service Address: https://www.cloudflare.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the token level by specifying which IP addresses are allowed to use the token.
Secret Access Scope: Grants programmatic access to Cloudflare resources and services based on the specific permissions assigned to the token. Tokens can be scoped to specific zones, accounts, and API operations.
Secret Revokement URL: https://dash.cloudflare.com/profile/api-tokens
Secret Example: 8M7wS6hCpXVc-DoRnPPY_UCWPgy8aea4Wy6kCe5T
Suspicious Activity Investigation Instructions:
- Review Cloudflare audit logs for unusual API calls or resource modifications
- Check for unexpected changes to DNS records, firewall rules, or other Cloudflare configurations
- Monitor for unauthorized zone transfers or account access
- Examine API request patterns for anomalies in frequency, location, or endpoints accessed
- Verify if the token was used from unusual IP addresses or locations
Mitigation Instructions:
- Log in to your Cloudflare dashboard at https://dash.cloudflare.com/
- Navigate to "My Profile" (click your profile icon in the top right)
- Select "API Tokens" from the menu
- Find the compromised token in the list
- Click the "Revoke" button next to the token
- Confirm the revocation when prompted
- Create a new token with appropriate permissions if needed
- Review all account settings and configurations for unauthorized changes
- Enable two-factor authentication if not already enabled
- Consider implementing more restrictive token permissions and IP restrictions
for new tokens