Skip to main content

About Cloudflare

Iru reads zones, DNS, security and WAF settings, firewall rules, and account membership via the Cloudflare API using a scoped API token sent as Bearer authorization.

How It Works

Authorization: Bearer YOUR_API_TOKEN
DetailValue
CategoryEdge security / DNS
AuthenticationAPI token (Bearer)
Prefer Account API tokens (Manage Account → API Tokens) for long-lived automation; User tokens follow individual users. Official references: Create a token, Restrict tokens, API.

Prerequisites

  • Admin or Super Administrator (or equivalent) on the Cloudflare account.

Connect Cloudflare to Iru

Complete this tab before you connect the source in Compliance.
1

Sign in to Cloudflare

Open the Cloudflare dashboard and sign in with an Admin or Super Administrator account.
2

Choose account-level or user-level tokens

Decide whether Iru should use an account API token (Manage AccountAPI Tokens) or a user API token tied to your profile (My ProfileAPI Tokens). Account tokens are common for org-wide evidence; user tokens follow one operator’s access.
3

Create a token

Select Create Token. Prefer a Read template such as Read all resources unless your security team publishes a tighter custom policy.
4

Set read permissions

If you use a custom token, grant read (or equivalent) on Account, Zone, and User objects Iru needs for your frameworks. Avoid write permissions unless policy requires them.
5

Optional restrictions

Set TTL (time to live) and IP allowlists if your security program expects them. Note any expiry date in your rotation calendar.
6

Create and copy the token

Create the token and copy the secret once when Cloudflare displays it. Store it in a vault; you will paste it into Iru as the Bearer token.
Continue on the Iru Compliance tab.

Troubleshooting

Check pop-up blocker settings for the Iru site and try again.
Verify with GET https://api.cloudflare.com/client/v4/user/tokens/verify; check TTL and revocation.
Token scope - recreate with correct account and zone resources.
If you set TTL, rotate before expiry and update Iru.

Considerations

Iru uses read permissions only: it does not change…

Iru uses read permissions only - it does not change DNS, rules, or zones.

Sources Management

Browse and manage every Compliance source.

Getting Started With Compliance

Frameworks, actions, and Artifacts.

Iru Overview

How Endpoint, Compliance, and Identity fit together.

Artifacts Management

Upload, review, and organize evidence from sources and actions.