Requests with Service Token still failing and CF activating Bot fighting mode

Dear community,

I am trying to do a host-to-host API call with Service Token. The problem is that when I am trying to call from server, Cloudflare is considering the request as bot even through I have provided CF-Access-Client-Id and CF-Access-Client-Secret.

The same call works from my local but not from the server.

Here my CURL command looks like:

Any help would be highly appreciated.

Those tokens are purely to bypass Cloudflare Access - the WAF (which you’re hitting) is a separate layer.

If it’s being caused by Bot Fight Mode in https://dash.cloudflare.com/?to=/:account/:zone/security then the only way you can stop it is turning off Bot Fight Mode or whitelisting the originating IP in IP Access Rules.

Thanks it worked but managing the IP is sometimes tricky

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.