¶ CloudFlare and API access
CloudFlare may decide to block API access. This is "intended"; CloudFlare is meant to only allow humans and applications using the API are clearly not. This only happens if you have turned on "Proxy" for an A record. We strongly recommend disabling Proxy for best performance and compatibility. Only use it if you actually suffer from DDoS attacks which your web hosting provider can't handle.
If you don't want to disable proxying by CloudFlare, please add an exception for the API from security checks.
¶ Option 1: Disable proxying entirely
The easiest option is to disable CloudFlare proxy entirely. This will also reduce latency, your traffic won't need to go through CloudFlare first anymore.
If you were using "Flexible SSL" for HTTPS before, you will now need to have a valid HTTPS certificate on the origin webserver. Please note that you shouldn't be using Flexible SSL regardless, it can hardly be considered HTTPS since traffic between CloudFlare and your webserver is unencrypted.
¶ Option 2: Disable browser checks globally
Go to Security > Settings and set Security Level to Essentially Off.
¶ Option 3: Disable browser checks for the API only
Go to Rules > Page rule and create a new page rule.
The URL should match the URL you use for the plugin/bot exactly, with /* added. For example:
yourdomain.com/index.php?route=/api/v2/*
Set the following settings:
| Setting | Value |
|---|---|
| Browser Integrity Check | Off |
| Disable Apps | - |
| Disable Performance | - |
| Disable Security | - |
| Email Obfuscation | Off |
| Security Level | Essentially Off |