> ## Documentation Index
> Fetch the complete documentation index at: https://docs.steadwing.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Cloudflare

> Steadwing pulls DNS records, firewall rules, WAF configurations, and traffic analytics from Cloudflare to identify network-related root causes during incidents.

## What does the Cloudflare integration do?

Steadwing queries DNS records, WAF rules, and network infrastructure data from your Cloudflare account to diagnose network-related incidents. During root cause analysis, Steadwing pulls zone configurations, firewall rules, and security events to identify DNS misconfigurations, blocked traffic, and network routing issues.

## Why Use Cloudflare with Steadwing?

<CardGroup cols={2}>
  <Card title="DNS Analysis" icon="globe">
    Identify DNS misconfigurations and record issues affecting traffic
  </Card>

  <Card title="WAF & Firewall" icon="shield">
    Detect firewall rules or WAF configurations blocking legitimate traffic
  </Card>

  <Card title="Traffic Analytics" icon="chart-bar">
    Analyze traffic patterns and identify anomalies during incidents
  </Card>

  <Card title="Security Events" icon="lock">
    Review firewall events to understand blocked requests and threats
  </Card>
</CardGroup>

## How do I connect Cloudflare to Steadwing?

### Step 1: Create a Cloudflare Global API Key

1. Log in to your Cloudflare account
2. Navigate to **My Profile** → **API Tokens**
   * Direct link: [https://dash.cloudflare.com/profile/api-tokens](https://dash.cloudflare.com/profile/api-tokens)
3. In the **API Keys** section, locate **Global API Key**
4. Click **View** to reveal your Global API Key
5. Enter your Cloudflare password to confirm
6. Copy the API key

<Warning>
  The Global API Key provides full access to your Cloudflare account. Store it securely and never share it publicly.
</Warning>

### Step 2: Note Your Account Email

You'll need the email address associated with your Cloudflare account. This is the email you use to log in to Cloudflare.

### Step 3: Connect Cloudflare in Steadwing

1. Navigate to [Steadwing Settings](https://app.steadwing.com/settings)
2. Find the **Cloudflare** integration card
3. Click to expand the collapsible form
4. Fill in the required fields:
   * **API Key:** Your Cloudflare Global API Key
   * **Account Email:** The email address for your Cloudflare account
5. Toggle the switch to **Enable** the integration

## What data does Steadwing pull from Cloudflare?

### Data Collection

Steadwing queries Cloudflare for:

* **Zones** - List of domains and zone configurations
* **DNS Records** - DNS record configurations for your domains
* **Firewall Rules** - Active firewall rules that may block traffic
* **WAF Configuration** - Web Application Firewall packages and rules
* **Rate Limits** - Rate limiting rules that may throttle requests
* **Page Rules** - URL-based rules affecting traffic behavior
* **Zone Settings** - SSL, caching, and security configurations
* **Traffic Analytics** - Request volume and traffic patterns
* **Firewall Events** - Security events and blocked requests

## What permissions does the Cloudflare integration need?

### Required Permissions

The Cloudflare Global API Key provides:

* **Zone Read** - Read zone configurations and settings
* **DNS Read** - Read DNS record configurations
* **Firewall Read** - Read firewall rules and events
* **Analytics Read** - Read traffic analytics data
* **Health Check Write** - Create and manage health checks
* **Firewall Write** - Update firewall rules as part of automated remediation

<Note>
  Write operations (health check creation, firewall rule updates) are only executed as part of automated remediation, only after user's approval.
</Note>

<Tip>
  If you prefer more granular permissions, you can create a custom API Token with only read permissions for the resources Steadwing needs to access.
</Tip>

## FAQs

<AccordionGroup>
  <Accordion title="Can I use an API Token instead of Global API Key?">
    Yes, you can create a custom API Token with read permissions for Zones, DNS, Firewall, and Analytics. However, the Global API Key setup is simpler for most users.
  </Accordion>

  <Accordion title="Why do I need to provide my account email?">
    Cloudflare's API requires both the API key and the associated account email for authentication via the X-Auth-Email header.
  </Accordion>

  <Accordion title="Can Steadwing modify my DNS or firewall rules?">
    Steadwing can create health checks and modify firewall rules as part of automated remediation, only when approved by the user. All write operations require explicit user approval before execution.
  </Accordion>

  <Accordion title="Which zones does Steadwing access?">
    Steadwing can access all zones in your Cloudflare account. During RCA, it focuses on zones relevant to the incident being analyzed.
  </Accordion>

  <Accordion title="What happens if my API key is regenerated?">
    The integration will not work. Generate a new API key and update it in Steadwing Settings to reconnect.
  </Accordion>
</AccordionGroup>

Need additional help? Please reach out to us at [hello@steadwing.com](mailto:hello@steadwing.com)
