Cloudflare Access Login Events
Ingests Cloudflare Access login events using the GraphQL Analytics API. This input collects authentication events from the accessLoginRequestsAdaptiveGroups dataset, including successful and failed login attempts, device information, and access policy details.
Sync Type: Incremental
Requirements
- A Cloudflare account with access to the Analytics API
- An API Token with the
Account Analytics:Readpermission - Your Cloudflare Account ID
Dynamic API Settings
Data retention (notOlderThan), maximum query window (maxDuration), and maximum page size (maxPageSize) are queried dynamically from the Cloudflare accessLoginRequestsAdaptiveGroups settings endpoint at startup. These values vary by account subscription.
If the settings endpoint is unreachable, the input falls back to defaults:
| Setting | Default |
|---|---|
Data retention (notOlderThan) | 30 days |
Max query window (maxDuration) | 1 hour |
Max page size (maxPageSize) | 10,000 |
Creating an API Token
- Log in to your Cloudflare dashboard
- Navigate to Manage Account > API Tokens
- Click Create Token
- Use the Create Custom Token option
- Configure the token:
- Token name: Give it a descriptive name (e.g., "Monad Access Login Events")
- Permissions: Add
Account>Account Analytics>Read - Account Resources: Select the specific account(s) or "All accounts"
- Click Continue to summary and then Create Token
- Copy the token value (you won't be able to see it again)
Finding Your Account ID
- Log in to your Cloudflare dashboard
- Navigate to My Profile > Account Settings
- The Account ID is displayed at the top of the page
- It's a 32-character alphanumeric string
Details
- State Management: Timestamp-based incremental sync. Stores last processed event timestamp.
- API Endpoint: GraphQL Analytics API (
/graphql) - Dataset:
accessLoginRequestsAdaptiveGroups - Dynamic Settings: At startup, queries the settings endpoint to discover
maxPageSize,maxDuration, andnotOlderThanfor the account. Falls back to defaults (10,000 / 1h / 30d) if unavailable. - Pagination: Fixed time-window pagination with
cfRayId_gttiebreaker. Each query covers up tomaxDuration. On a full page, the cursor advances within the same window using the last record'scfRayId. On a partial page, the window advances. - Rate Limits: 300 requests per 5 minutes (1 RPS), enforced by the client.
- Filtering: Optionally filter events by identity provider type using the
identity_providerssetting.
Configuration
Settings
| Setting | Type | Required | Description |
|---|---|---|---|
account_id | string | Yes | Cloudflare Account ID (32-character alphanumeric string) |
backfill_start_time | string | No | The date to start fetching data from. If not specified, no past records will be fetched. |
identity_providers | array | No | Optional list of identity provider types to filter events by (e.g., nonidentity, onetimepin). If empty, all events are returned. |
Secrets
| Secret | Type | Required | Description |
|---|---|---|---|
api_token | string | Yes | API Token with Account Analytics: Read permission |
Rate Limits
| Limit | Value | Notes |
|---|---|---|
| Requests per 5 minutes | 300 | GraphQL Analytics API limit |
| Max records per query | Dynamic | Determined by settings endpoint (default: 10,000) |
| Max query window | Dynamic | Determined by settings endpoint (default: 1 hour) |
Headers: Authorization: Bearer {api_token}, Content-Type: application/json
Source: Cloudflare GraphQL Analytics API Limits
Troubleshooting
Common Issues
Issue: GraphQL error with authentication message
Cause: The API token is invalid, expired, or lacks the required permissions.
Solution: Verify your API token is correct and has the Account Analytics: Read permission. Create a new token if needed.
Issue: Account ID is required validation error
Cause: The Account ID field was left empty.
Solution: Enter your Cloudflare Account ID in the settings. You can find this in your Cloudflare dashboard under My Profile > Account Settings.
Issue: invalid settings response error
Cause: The Account ID is incorrect or the API token doesn't have access to that account.
Solution: Verify the Account ID is correct and that your API token has permissions for that specific account.
Issue: No data returned despite having login events Cause: The time range may exceed your plan's data retention, or there may be no events in the time range. Solution: Ensure you're querying within the retention window for your account. The input queries the settings endpoint at startup to determine your account's retention limit (defaults to 30 days if unavailable).
Related Articles
- Cloudflare GraphQL Analytics API
- Querying Access Login Events Tutorial
- Cloudflare API Tokens
- GraphQL Analytics API Limits
Sample Record
{
"datetime": "2024-01-15T10:30:45Z",
"isSuccessfulLogin": 1,
"hasWarpEnabled": 0,
"hasGatewayEnabled": 1,
"hasExistingJWT": 0,
"approvingPolicyId": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
"cfRayId": "8f7e6d5c4b3a2190",
"ipAddress": "203.0.113.42",
"userUuid": "a1b2c3d4-e5f6-4a5b-9c8d-1e2f3a4b5c6d",
"identityProvider": "Okta",
"country": "US",
"deviceId": "b2c3d4e5-f6a7-4b5c-9d8e-2f3a4b5c6d7e",
"mtlsStatus": "verified",
"mtlsCertSerialId": "",
"mtlsCommonName": "",
"serviceTokenId": ""
}