Cloudflare Integration Guide
If your traffic runs through Cloudflare, this integration connects your account and zone configuration to Openlane so you have visibility into your network boundary controls (SOC 2: CC6.6, CC6.7; ISO 27001: A.13).
Key Capabilities
- Infrastructure Visibility: Connects account and zone scope metadata to Openlane, supporting evidence for network security controls (SOC 2: CC6.6, CC6.7).
- Read-Only API Access: Validates token health without changing your Cloudflare configuration.
- Scoped Connection Options: Limit collection scope by account and optional zone selection so you only pull what falls within your compliance boundary.
Prerequisites
- Cloudflare account access with permission to create API tokens under Manage Account.
- Your Cloudflare account ID (visible in the Cloudflare dashboard under Account Home > right sidebar).
Step-by-Step Setup
Step 1: Create a Cloudflare API Token
- In Cloudflare, go to Manage Account > API tokens.
- Click Create Token and build a custom token with read scopes for the resources you want Openlane to access.
- Save the token value — it is only shown once.
Create an Account API Token, not a User API Token. User tokens are tied to an individual account and will break if that user is removed.
Step 2: Connect in Openlane
- Navigate to Organization Settings > Integrations and find Cloudflare.
- Click Configure and enter the credential fields:
| Field | Required | Description |
|---|---|---|
apiToken | Yes | API token scoped to your Cloudflare account and zones |
accountId | Yes | Cloudflare account ID required for listing account members |
- Optionally configure data ingestion behavior:
Configuration
| Setting | Description |
|---|---|
| Filter Expression | CEL expression evaluated against each record — only records that match are ingested |
Filter expression example:
payload.status = 'ACTIVE'
- Click Save & Connect.
Validate Connection
After saving, Openlane runs a health check against Cloudflare and displays the result on the Installed tab of the Integrations page. A Healthy badge confirms connectivity. If the badge shows Needs Attention, review the troubleshooting section below.
What Openlane Syncs
Openlane validates your token and records account and zone scope context. This data feeds into your boundary protection evidence for SOC 2 CC6.6 and CC6.7, and supports network security management controls under ISO 27001 A.13.
Disconnect
To remove this integration:
- Navigate to Organization Settings > Integrations
- Select the Installed tab
- Open the menu on the integration card and select Disconnect.
This removes stored credentials and stops all collection activity. You can reconnect later by configuring the integration again.
Troubleshooting
- Token verification failed: verify the token value and that it is an Account API Token, not a User API Token.
- Permission errors: expand token read scopes for the resources Openlane needs to access.
- Account ID mismatch: confirm the account ID matches the account the token was created under.