Generating WAF Rules with Invicti Standard API

Authentication Error when Integrating Cloudflare with Invicti Standard. Have contacted Invitci support and they have reviewed the logs and noticed there is an authentication error, however I have set up the API with the following permissions and when testing the application says the API settings are correct.

Someone please help me :grinning:

I’m surprised there’s such thing as Account Level WAF.

Looking at, it looks like all WAF settings are per Zone, so that would need a Zone permission.

Do you know the API call they’re trying to make?

This was a WAF for a Zone, I believe it is a POST as it will create WAF rules.

It looks like the Token is for Account settings.

You didn’t specify the API, but I bet it requires a Zone ID in the URL, meaning it will need a Zone token.


How would I create the API for the Zone?

As I had to put the Zone ID into the configuration on the Invicti side as well as API token

For reference, I put the Zone ID and Access Token (API Token)

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.