# Cloudflare Access Login Events Ingests Cloudflare Access login events using the GraphQL Analytics API. This input collects authentication events from the `accessLoginRequestsAdaptiveGroups` dataset, including successful and failed login attempts, device information, and access policy details. **Sync Type: Incremental** ## Requirements - A Cloudflare account with access to the Analytics API - An API Token with the `Account Analytics:Read` permission - Your Cloudflare Account ID ### Dynamic API Settings Data retention (`notOlderThan`), maximum query window (`maxDuration`), and maximum page size (`maxPageSize`) are queried dynamically from the Cloudflare `accessLoginRequestsAdaptiveGroups` settings endpoint at startup. These values vary by account subscription. If the settings endpoint is unreachable, the input falls back to defaults: | Setting | Default | |---------|---------| | Data retention (`notOlderThan`) | 30 days | | Max query window (`maxDuration`) | 1 hour | | Max page size (`maxPageSize`) | 10,000 | ### Creating an API Token 1. Log in to your Cloudflare dashboard 2. Navigate to **Manage Account** > **API Tokens** 3. Click **Create Token** 4. Use the **Create Custom Token** option 5. Configure the token: - **Token name**: Give it a descriptive name (e.g., "Monad Access Login Events") - **Permissions**: Add `Account` > `Account Analytics` > `Read` - **Account Resources**: Select the specific account(s) or "All accounts" 6. Click **Continue to summary** and then **Create Token** 7. Copy the token value (you won't be able to see it again) ### Finding Your Account ID 1. Log in to your Cloudflare dashboard 2. Navigate to **My Profile** > **Account Settings** 3. The Account ID is displayed at the top of the page 4. It's a 32-character alphanumeric string ## Details - **State Management**: Timestamp-based incremental sync. Stores last processed event timestamp. - **API Endpoint**: GraphQL Analytics API (`/graphql`) - **Dataset**: `accessLoginRequestsAdaptiveGroups` - **Dynamic Settings**: At startup, queries the settings endpoint to discover `maxPageSize`, `maxDuration`, and `notOlderThan` for the account. Falls back to defaults (10,000 / 1h / 30d) if unavailable. - **Pagination**: Fixed time-window pagination with `cfRayId_gt` tiebreaker. Each query covers up to `maxDuration`. On a full page, the cursor advances within the same window using the last record's `cfRayId`. On a partial page, the window advances. - **Rate Limits**: 300 requests per 5 minutes (1 RPS), enforced by the client. - **Filtering**: Optionally filter events by identity provider type using the `identity_providers` setting. ## Configuration ### Settings | Setting | Type | Required | Description | |---------|------|----------|-------------| | `account_id` | string | Yes | Cloudflare Account ID (32-character alphanumeric string) | | `backfill_start_time` | string | No | The date to start fetching data from. If not specified, no past records will be fetched. | | `identity_providers` | array | No | Optional list of identity provider types to filter events by (e.g., `nonidentity`, `onetimepin`). If empty, all events are returned. | | API Rate Limit | object | No | Optional limit on the connector's outbound request rate to the source API. Leave blank to use the connector's default behavior. See [API Rate Limiting](../../../guides/rate-limiting) for the field format, limits, and how to choose a value. | ### Secrets | Secret | Type | Required | Description | |--------|------|----------|-------------| | `api_token` | string | Yes | API Token with Account Analytics: Read permission | ## Rate Limits | Limit | Value | Notes | |-------|-------|-------| | Requests per 5 minutes | 300 | GraphQL Analytics API limit | | Max records per query | Dynamic | Determined by settings endpoint (default: 10,000) | | Max query window | Dynamic | Determined by settings endpoint (default: 1 hour) | **Headers**: `Authorization: Bearer {api_token}`, `Content-Type: application/json` **Source**: [Cloudflare GraphQL Analytics API Limits](https://developers.cloudflare.com/analytics/graphql-api/limits/) ## Troubleshooting ### Common Issues **Issue**: `GraphQL error` with authentication message **Cause**: The API token is invalid, expired, or lacks the required permissions. **Solution**: Verify your API token is correct and has the `Account Analytics: Read` permission. Create a new token if needed. **Issue**: `Account ID is required` validation error **Cause**: The Account ID field was left empty. **Solution**: Enter your Cloudflare Account ID in the settings. You can find this in your Cloudflare dashboard under My Profile > Account Settings. **Issue**: `invalid settings response` error **Cause**: The Account ID is incorrect or the API token doesn't have access to that account. **Solution**: Verify the Account ID is correct and that your API token has permissions for that specific account. **Issue**: No data returned despite having login events **Cause**: The time range may exceed your plan's data retention, or there may be no events in the time range. **Solution**: Ensure you're querying within the retention window for your account. The input queries the settings endpoint at startup to determine your account's retention limit (defaults to 30 days if unavailable). ## Related Articles - [Cloudflare GraphQL Analytics API](https://developers.cloudflare.com/analytics/graphql-api/) - [Querying Access Login Events Tutorial](https://developers.cloudflare.com/analytics/graphql-api/tutorials/querying-access-login-events/) - [Cloudflare API Tokens](https://developers.cloudflare.com/fundamentals/api/get-started/create-token/) - [GraphQL Analytics API Limits](https://developers.cloudflare.com/analytics/graphql-api/limits/) ## Sample Record ```json { "datetime": "2024-01-15T10:30:45Z", "isSuccessfulLogin": 1, "hasWarpEnabled": 0, "hasGatewayEnabled": 1, "hasExistingJWT": 0, "approvingPolicyId": "f47ac10b-58cc-4372-a567-0e02b2c3d479", "cfRayId": "8f7e6d5c4b3a2190", "ipAddress": "203.0.113.42", "userUuid": "a1b2c3d4-e5f6-4a5b-9c8d-1e2f3a4b5c6d", "identityProvider": "Okta", "country": "US", "deviceId": "b2c3d4e5-f6a7-4b5c-9d8e-2f3a4b5c6d7e", "mtlsStatus": "verified", "mtlsCertSerialId": "", "mtlsCommonName": "", "serviceTokenId": "" } ```