API Update Rate Limit problem

Hello I have an issue using the update rate limit API endpoint,
I’ve made myself an API wrapper using .net WebClient and I’ve tested it for several of the API endpoints and it works. One example is that I can set the security level.
So I must be setting the X-Auth-Key, X-Auth-Email and ContentType headers correctly, as well as sending the correct zone and using the correct TSL.

I use the API to get a list of all my rate limits (I have one), then I just directly copy the data for the rate limiter, but I invert the disabled bool value (basically I just toggle the rate limter).
And I send this data to the cloudflare API for updating a rate limiter.
But I get “The remote server returned an error: (400) Bad Request.”.

This is the url endpoint I use to update the rate limiter:
https://api.cloudflare.com/client/v4/zones//rate_limits/fb4b147f72dc4a5882bff370d141b790
(zone is redacted here, but its there in the real thing)
I use the PUT method, as defined in the docs.

This is the data I send(its also exactly the same I received, with the disabled property flipped):
{
“id”: “fb4b147f72dc4a5882bff370d141b790”,
“disabled”: false,
“description”: “one rule to bind them all”,
“match”: {
“request”: {
“methods”: [
ALL
],
“schemes”: [
ALL
],
“url”: “*”
},
“response”: {
“content_type”: null,
“body”: null
},
“headers”: null
},
“bypass”: null,
“threshold”: 300,
“period”: 60,
“action”: {
“mode”: “ban”,
“timeout”: 3600,
“response”: null
}
}

What if you set bypass and headers to and empty array [] instead of null?

Fixed it:

The documentation is wrong.
I looked at the requests the dashboard makes and even though it makes them to a different endpoint link, it still seems to use the same API.

After i changed the JSON i send to fit what i saw in the dashboard, it still didnt work.
Then I tested sending an ajax using jquery from https://api.cloudflare.com/ (using a browser) and it worked.

So I figured the issue must be with the WebClient.
After looking into it, I found out that I have to set the “Content-Type” header for each request, while the X-Auth headers were fine being set only once (in the WebClient object). I find this weird, but after I started setting the content type for each request and started sending the correct JSON object(not the one in the cloudflare documentation) it worked.

It is possible it will work with the object defined in the cloudflare docs too, I never tested it after I fixed the content-type problem. But I will not even test it, because when I get the rate limits using the old object I got strange information. But after switching to the new undocumented object the information looks correct, so I prefer it.

Also there are already made API wrappers for .NET.

1 Like

Thank you for that link, but it seems to have very few features made and only one of them that I need.

I’ve not looked for wrappers(well I did when I got this problem, but only too look at their source code, but it yielded no good results), because I don’t think you should use someone else’s wrapper for a few simple API calls and its good to have more control over your code.

1 Like

That’s a general trade-off when using off the shelf solutions. They are ready and well-tested but may not what you exactly need or you may need just a few items and using the library without tree-shaking increases your app size.