Cloudflare Zero Trust Access Requests
Ingests Cloudflare Zero Trust Access authentication events and access requests. This input collects authentication events that record user access attempts to applications protected by Cloudflare Zero Trust Access, including login/logout actions, identity provider information, and temporary access approvals.
Sync Type: Incremental
Requirements
- A Cloudflare account with Zero Trust Access enabled
- An API Token with the
Zero Trust Access:Readpermission - Your Cloudflare Account ID
Creating an API Token
- Log in to your Cloudflare dashboard
- Navigate to My Profile > API Tokens
- Click Create Token
- Use the Create Custom Token option
- Configure the token:
- Token name: Give it a descriptive name (e.g., "Monad Zero Trust Access")
- Permissions: Add
Zero Trust>Zero Trust Access>Read - Account Resources: Select the specific account(s) or "All accounts"
- Click Continue to summary and then Create Token
- Copy the token value (you won't be able to see it again)
Finding Your Account ID
- Log in to your Cloudflare dashboard
- Select the account you want to monitor
- The Account ID is displayed in the right sidebar on the overview page
- Alternatively, find it in the URL:
https://dash.cloudflare.com/{account_id}/...
Details
- State Management: Uses ascending cursor-based pagination with timestamp tracking. Monad stores the last processed timestamp to fetch only new events on subsequent runs.
- API Endpoint:
GET /accounts/{account_id}/access/logs/access_requests - Pagination: Time-based pagination with a
sinceparameter and up to 1000 records per page, sorted in ascending order by timestamp. - Rate Limits: 1200 requests per 5 minutes (4 requests per second). The input automatically enforces this limit.
- Deduplication: Uses
ray_id(unique Cloudflare request identifier) to prevent duplicate records.
Configuration
Settings
| Setting | Type | Required | Description |
|---|---|---|---|
account_id | string | Yes | Cloudflare Account ID |
backfill_start_time | string | No | The date to start fetching data from. If not specified, no past records will be fetched. |
Secrets
| Secret | Type | Required | Description |
|---|---|---|---|
api_token | string | Yes | API Token with Zero Trust Access:Read permission |
Rate Limits
| Limit | Value | Notes |
|---|---|---|
| Requests per 5 minutes | 1,200 | Enforced by Cloudflare |
| Max records per page | 1,000 | Maximum allowed by API |
Source: Cloudflare API Rate Limits
Troubleshooting
Common Issues
Issue: API returned success=false with authentication error
Cause: The API token is invalid, expired, or lacks the required permissions.
Solution: Verify your API token is correct and has the Zero Trust Access:Read permission. Create a new token if needed.
Issue: Account ID is required validation error
Cause: The Account ID field was left empty.
Solution: Enter your Cloudflare Account ID in the settings. You can find this in your Cloudflare dashboard.
Issue: No data returned despite having access requests Cause: The backfill start time may be set to a future date, or there may not be any access events in the specified time range. Solution: Verify the backfill start time is set correctly or leave it empty to fetch all available events.
Issue: Rate limit exceeded errors Cause: Multiple integrations or manual API calls are consuming the rate limit quota. Solution: The input automatically handles rate limiting. If you see persistent errors, reduce the frequency of other API calls to your Cloudflare account.
Related Articles
- Cloudflare Zero Trust Access API Documentation
- Cloudflare API Tokens
- Cloudflare API Rate Limits
- Zero Trust Access Overview
Sample Record
{
"action": "login",
"allowed": true,
"app_domain": "test.example.com/admin",
"app_uid": "df7e2w5f-02b7-4d9d-af26-8d1988fca630",
"connection": "saml",
"created_at": "2014-01-01T05:20:00.12345Z",
"ip_address": "198.41.129.166",
"ray_id": "187d944c61940c77",
"user_email": "user@example.com"
}