Could I please get help in solving this authentication issue below:
Had a call with Invicti regarding the API integration not working correctly and the summary is below:
I want to inform you about updates:
We investigated the attached .har and .saz files and checked the attached error messages.
We saw that the sending vulnerability to the WAF request returned an authentication error message:
This problem seems to be related to the Cloudflare side instead of Invicti.
Here is the final decision about this issue in that ticket:
• You are unable to send issues to Cloudflare WAF. You get an Authentication error code 10000. We talked with our Developers a lot about this case. It is clear that there is something wrong on the Cloudflare side. You tried with a couple of different tokens, but none worked.
• Lastly, we can clearly say to check this on the Cloudflare side and share a couple of similar error posts.
Also, previously, we tried to send these requests through the Postman and they also failed due to Authentication Error code 10000. We know that you already reached out to Cloudflare about this and you told back to check the integration instead, but there are hundreds of other cases reported the same as this. We already share the following cases for the visibility of this problem with you:
• Authentication Error Code 10000
• [ApiError { code: 10000, message: "Authentication error", other: {} }]
• Error Authentication error (Code: 10000)
Again, as we explained previously, we are trying to help as much as we can, but the solution needs to be provided by Cloudflare as this is like a known issue for a long time. The token must be working without any problems and the requests with the token must be responded to with 200 responses.
After getting a 200 response with a request to create a rule on Postman and if it is not working on Invicti, we can check it out and see what could be the reason for that. But for now, it needs to be ensured the token can create rules and is validated on Postman or any other requester tool.
Currently, we also don’t have any solution for this Authentication problem since it isn’t related to our side.
