Where exactly do you run the HTTP request? When you connect to that API or when you update the database?
Assuming that API is not yours, you will have to go the HTTP route however then Cloudflare won’t be involved - or was involved before either, but you won’t be able to control the security settings.
What you essentially need to do is debug that and find where it breaks.