Cloudflare WAF is blocking incoming request to WP JSON

Hi all,

Im currently using Cloudflare in combination with my WordPress / WooCommerce webshop. I’m trieng to configure a marketing automation tool (growmatik.ai) in combination with my WooCommerce webshop.

To set this up properly Growmatik needs to connect and sync the data from my WordPress website. For this reason I’ve created a rule in the Firewall in Cloudflare dashboard where I allow incoming requests from Growmatik.ai. When I check the Firewall events in Cloudflare I can see that traffic from growmatik to my WordPress website is allowed.

However the sync is still not working. Therefore I’ve contacted support of Growmatik. And it seems that Cloudflare WAF is still blocking the traffic by adding some code in my WP JSON file.

I’m hosting my website on Cloudways platform, and the WAF Module is enabeled.

Here the complete answer from their support agent/developer from Growmatik:

===

Hello,
The issue seems to be with Cloudflare’s WAF or XSS/HTML protection services or any other plugin that is adding some HTML code to your WP JSON file.
This is a screenshot of your WP JSON file:
https://www.wijnlandkroatie.nl/wp-json/ → then right-click and choose view source.

Screenshot source: https://downloads.intercomcdn.com/i/o/386997949/e21f57d1369bef2b7c1b4788/Screen+Shot+2021-09-09+at+9.49.16+AM.png

The lines I highlighted in red shouldn’t be there. You may check WordPress’s WP JSON which starts with the {“name”:… unlike what currently is showing for your website.
https://wordpress.org/wp-json

Our suggestion is that you contact Cloudflare’s support. Because the link marked in red color above looks like a CDN link belonging to them.

===

Can you help me out with this? Any tips how to solve this issue?