Cloudflare is blocked all my RestAPI calls

Hello,

I have a one problem, because I use a lot of products from Cloudflare, but I noticed that a Cloudflare blocked all API calls from companies that are connected to my server.

I use Wordpress and plugin Cloudflare.
I noticed that each of these connections has a different error in Google Developer Panel.
For example, the call from Sendinblue ends with the error "Loading failed for the with source “xxx”.

And from another company the call ends with a 401 error.

I change all my settings, but this not working.

Please help me.

If so, you should see the challenged/blocked firewall events in the firewall events if you navigate to the Cloudflare dashboard → Security → Overview and lookup for Firewall events for the past 24hours or so. Once you find them, click on a particular one to find more details about it (user-agent, IP, HTTP version …). If yes, could you share some details which service was triggered that blocked you?

• you should see your origin host/server IP out there and user-agent like WP-cron or WordPress/version

Unfortunately I see only one user-agent with which I was able to connect.

Surprisingly, this is one of two services I have been able to connect to via the API and both two are for stock control.

Do you have any more ideas on what I could check?

image1792×828 92.4 KB

You likely want to disable Bot Fight Mode or upgrade to a plan where you can control source IP/

But before that, I was able to connect via API to these services normally.

It just suddenly started blocking connections from Cloudflare’s side.

In general, after adding rules such as User-agent and IP address, the situation still persists and I have added this information from several API providers and the situation is the same for each.

Those rules won’t have an impact. Available options on plans are described here in the false positives section:

https://support.cloudflare.com/hc/en-us/articles/360035387431#5KX8t3C6SObnoWs5F6YOlU

I turned off the bot fight mode by following the instructions you sent however it still does not give any results…

If the requests are still being blocked what new reason is being given in the dashboard?

That’s the problem: the dashboard doesn’t show any blocked request from the service providers I connect to via the API.

Maybe it will be easier for you to find the problem this way.
One of my service providers with whom I connect via the API offers to ship the order to the buyer and mediates the payment.
When I am in the shopping cart I can normally select the type of delivery and this is normally sent to the cockpit of this service provider via the API. The problem starts when I want to select them as payment intermediaries. When I click on the ‘Buy Now’ button the payment is rejected and in the cockpit I only see the error ‘XHR POST url [HTTP/2 401 Unauthorised].’
Unfortunately after the payment is rejected it is not visible in the WAF dashboard.

I found another strange thing. I connected the API key with which I connect that the previously mentioned service to Postman. Connections from Postman were first rejected, then I created rules to enable the connection. With Postman, all connections were normally accepted and visible in events. With this service, still nothing is connecting.

I have contacted their customer support and they claim to see in their error logs that connections are being blocked by Cloudflare.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.