Cloudflare Access - Protecting Servers that also have API's used by other servers


Occasionally we have servers that we want to reverse proxy via Cloudflare Access, but the situation is that other servers need to access API’s on that server. Obviously those other servers that are trying to use the REST API’s have no idea that Cloudflare is there and so the API access will fail because they don’t know to authenticate to Cloudflare and aren’t expecting it to be there.

My question is what is the best way of handling this - should we give the proxied server a second hostname for direct access for APIs, along with a LetsEncrypt SSL certificate for that second hostname, or is there a way of solving this within Cloudflare Access itself that I have missed?


Have a look at Service tokens · Cloudflare Zero Trust docs.

1 Like

Ahh, I see, thank you. At the moment we are on the Free plan, but that is only because we are still trying it out to see whether it is worth us buying the Standard plan. This is good information to consider.

We may have to come up with a different solution temporarily while we are evaluating it, but it is good to know that this solution is available to us later when we actually move up to the Business plan.

Seemingly, service tokens are to be made available for all plans (free included):

1 Like

Thanks, I’ll check that out.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.