--- title: Cloudflare API Integration on Truto slug: cloudflare category: Application Development canonical: "https://truto.one/integrations/detail/cloudflare/" --- # Cloudflare API Integration on Truto **Category:** Application Development **Status:** Generally available ## Unified APIs ### Unified User Directory API - **Roles** — The Role object represents a role of a User. - **Users** — The User object represents a User. ## MCP-ready AI tools Truto exposes 12 tools for Cloudflare that AI agents can call directly. - **list_all_cloudflare_accounts** — List all accounts you have ownership or verified access to. Use the name query parameter to filter by account name. - **get_single_cloudflare_account_by_id** — Get information about a specific Cloudflare account that you are a member of. Always requires the id to fetch. - **list_all_cloudflare_members** — Use this endpoint to get all the team members in a Cloudflare account. - **get_single_cloudflare_member_by_id** — Use this endpoint to get a single team member in a Cloudflare account. Always requires the id to fetch. - **list_all_cloudflare_roles** — Use this endpoint to list all the roles available in Cloudflare. - **list_all_cloudflare_waf_overrides** — List WAF overrides in Cloudflare for a specific zone. Requires zone_id. Returns id, description, groups, paused, priority, rewrite_action, rules, and urls fields for each override. This applies only to previous WAF managed rules version. - **list_all_cloudflare_zones** — List all the zones in the Cloudflare account. Use the name query parameter to filter by domain name. - **get_single_cloudflare_zone_by_id** — Retrieve details for a specific zone by its ID in the Cloudflare account. - **list_all_cloudflare_firewall_rules** — Fetches firewall rules in a zone. Always requires the ID of the Zone you want to fetch the firewall rules for. - **list_all_cloudflare_audit_logs** — Gets a list of audit logs for an account on Cloudflare. Some of the use cases is to figure out when someone logged in, when an API token was created, or basically any change event happening on a Cloudflare account. Use the actor and action query parameters to filter by who made the change, and the type of change. - **list_all_cloudflare_rule_sets** — List rulesets for a specific zone in Cloudflare. Requires zone_id. Returns id, kind, last_updated, name, phase, version, and description for each ruleset. - **get_single_cloudflare_rule_set_by_id** — Get a specific ruleset in Cloudflare. Requires zone_id and id. Returns fields such as id, kind, name, phase, version, description, and rules with their actions and parameters. ## How it works 1. **Link your customer's Cloudflare account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach Cloudflare.** The Proxy API is a 1-to-1 mapping of the Cloudflare API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Automate cloud security posture assessments across customer Cloudflare accounts** — Security SaaS platforms can connect to their customers' Cloudflare accounts to continuously audit firewall rules, WAF overrides, and rulesets — flagging misconfigurations or compliance gaps without manual intervention. - **Streamline identity governance for Cloudflare access** — IT and HR automation platforms can sync Cloudflare members and roles via Truto's Unified User Directory API to automate onboarding, offboarding, and role-based access control across their customers' Cloudflare accounts. - **Ingest Cloudflare audit logs for compliance and threat detection** — SIEM and compliance platforms can continuously pull audit logs from their customers' Cloudflare accounts to build immutable activity timelines, detect unauthorized changes, and generate evidence for SOC2 or HIPAA audits. - **Automate domain and zone verification for multi-tenant platforms** — Website builders and e-commerce platforms can read their customers' Cloudflare zones to verify domain ownership and ensure correct routing configurations when merchants connect custom domains. - **Centralize firewall rule management across client accounts** — Managed security service providers can read firewall rules and rulesets from multiple customer Cloudflare accounts to provide a unified security dashboard and detect drift from baseline configurations. ## What you can build - **WAF & firewall configuration audit dashboard** — Automatically scan a customer's Cloudflare firewall rules, WAF overrides, and rulesets to surface misconfigurations, disabled protections, and deviations from security best practices. - **Automated Cloudflare user access reviews** — Use Truto's Unified User Directory API to list all Cloudflare members and their roles, then flag over-privileged accounts or stale users who should be offboarded. - **Admin activity timeline for compliance reporting** — Continuously ingest Cloudflare audit logs to build a searchable, immutable timeline of who changed what and when — ready for SOC2 evidence collection or incident investigation. - **Multi-zone security posture overview** — Pull all Cloudflare zones for a customer account and cross-reference each zone's firewall rules and rulesets to provide a single-pane-of-glass security posture score across every domain. - **Automated employee offboarding from Cloudflare** — When an employee leaves, automatically detect their Cloudflare membership and role assignment via Truto's Unified User Directory to trigger access revocation workflows. - **Domain ownership verification flow** — Read a customer's Cloudflare zones and account details to programmatically verify domain ownership during custom domain setup in your multi-tenant platform. ## FAQs ### What authentication method does Cloudflare use with Truto? Cloudflare integrations through Truto typically use API tokens or API key + email authentication. Your end users provide their Cloudflare credentials, and Truto securely manages the auth lifecycle on your behalf. ### Which Cloudflare resources can I read through Truto? Truto supports reading accounts, members, roles, zones, firewall rules, WAF overrides, rulesets, and audit logs. Members and roles are also accessible through Truto's Unified User Directory API as Users and Roles. ### Does Truto handle Cloudflare API pagination automatically? Yes. Truto manages pagination for all list endpoints — such as listing zones, firewall rules, members, and audit logs — so you receive complete datasets without writing pagination logic yourself. ### Can I use Truto's Unified User Directory API with Cloudflare? Yes. Cloudflare members map to Users and Cloudflare roles map to Roles in Truto's Unified User Directory API, giving you a standardized schema to query identity data alongside other integrations you support. ### How fresh is the data returned from Cloudflare via Truto? Truto queries Cloudflare's API in real time by default, so data reflects the current state of the connected account. You can also configure periodic syncs to cache data at intervals that suit your use case. ### Are write operations supported for Cloudflare through Truto? The currently available tools focus on read operations — listing and retrieving accounts, members, roles, zones, firewall rules, WAF overrides, rulesets, and audit logs. If you need write capabilities, contact Truto to discuss custom endpoint support.