I tried to create a static IP address for the website (don’t know how). I went to account home, “dashboard”, clicked on my website and went to “DNS Records” There are 3 CNAMES, two TXTs and 4 MX records, 2 NS records - but no A records for a static IP address. Is this something I am supposed to bring from somewhere else? I think I need a static IP to create an API key - is this because I’m on the free plan that my website has no static ip address for an API key?
That IP address would have to be for the device making the API Request with that token.
If you have a script that runs on your server that makes this API call, you can get your server’s IP address by logging into your server, and running curl -4 icanhazip.com from the command line.
I do not have a server or a full stack. I am just using static HTML pages. So also this token would be publicly available to anyone that would want to exploit it. I’m aware of. I might also create a web assembly application and hardcoat the coking inside to give me some kind of security later on. But I was hoping I could just do this in a server less kind of way.
Security by obscurity will not work. Anyone can just pull up their browser’s devtools and open the network tab to see the API requests that are being made.
The only way to do this securely would be by having some kind of backend that handles validation and makes the API reqs to Cloudflare.
You could for example make use of Cloudflare Workers, which has a generous free tier that allows 100k invocations/requests per day.
There are plenty of learning resources and examples for how to get started with Cloudflare Workers at Overview · Cloudflare Workers docs
