# Cloudflare Page Shield Connections Retrieves Page Shield connections across Cloudflare zones for tracking third-party scripts and connections. This input collects information about all connections detected by Page Shield, including external scripts, APIs, and resources loaded on your domains. This helps identify security risks and monitor potential malicious connections. **Sync Type: Full Synchronization** ## Requirements - A Cloudflare account with access to Page Shield (Enterprise plan or add-on) - An API Token with `Zone:Read` permission - One or more zones (domains) configured in your Cloudflare account ### Creating an API Token 1. Log in to your Cloudflare dashboard 2. Navigate to **My Profile** > **API Tokens** 3. Click **Create Token** 4. Use the **Create Custom Token** option 5. Configure the token: - **Token name**: Give it a descriptive name (e.g., "Monad Page Shield") - **Permissions**: Add `Zone` > `Zone` > `Read` - **Zone Resources**: Select the specific zone(s) or "All zones" 6. Click **Continue to summary** and then **Create Token** 7. Copy the token value (you won't be able to see it again) ### Accessing Page Shield Page Shield must be enabled on your Cloudflare zones. To verify: 1. Log in to your Cloudflare dashboard 2. Select a zone and navigate to **Security** > **Page Shield** 3. Ensure Page Shield is enabled and has detected connections 4. (Optional) Note specific zone IDs for targeted monitoring ## Details Monad uses the `cron` field to run this input on specific intervals and returns all Page Shield connections matching your filters, performing a full sync of data each time. The input retrieves comprehensive connection information including: - Connection metadata (ID, timestamps, host, URL) - First page URL where connection was detected - All pages where connection was detected - Malicious classification (domain and URL reputation) - Malicious categories (if applicable) - CDN-CGI path detection The input supports filtering by connection status (active, infrequent, inactive) and can optionally exclude Cloudflare's `/cdn-cgi` internal paths. If multiple zones are configured or no specific zones are provided, the input fetches connections from all zones. ## Configuration The following configuration defines the input parameters. Each field's specifications, such as type, requirements, and descriptions, are detailed below. ### Settings | Setting | Type | Required | Description | |---------|------|----------|-------------| | `cron` | string | Yes | Cron string for scheduling the ingest of your input. Example: '0 0 * * *' for daily execution at midnight. | | `zone_ids` | array | No | Optional list of specific Cloudflare zone IDs to fetch connections from. If empty, fetches from all zones accessible by the API token. | | `status` | string | No | Filter connections by status: 'active', 'infrequent', or 'inactive'. Default: 'active' | | `exclude_cdn_cgi` | boolean | No | Exclude connections to Cloudflare /cdn-cgi paths. Default: true | | API Rate Limit | object | No | Optional limit on the connector's outbound request rate to the source API. Leave blank to use the connector's default behavior. See [API Rate Limiting](../../../guides/rate-limiting) for the field format, limits, and how to choose a value. | ### Secrets | Secret | Type | Required | Description | |--------|------|----------|-------------| | `api_token` | string | Yes | Your Cloudflare API token with Zone:Read permission | ## Rate Limits | Scope | Limit | Window | Notes | |-------|-------|--------|-------| | API Requests | 1,200 | per 5 minutes | Standard rate limit across Cloudflare API | **Headers**: `X-RateLimit-Limit`, `X-RateLimit-Remaining`, `X-RateLimit-Reset` **Source**: [Cloudflare API Rate Limits](https://developers.cloudflare.com/fundamentals/api/reference/limits/) ## Troubleshooting ### Common Issues **Issue**: `API returned success=false` with authentication error **Cause**: The API token is invalid, expired, or lacks the required permissions. **Solution**: Verify your API token is correct and has the `Zone:Read` permission. Create a new token if needed. **Issue**: No connections returned despite Page Shield being enabled **Cause**: Page Shield may not be enabled on the zones, or no connections have been detected yet. **Solution**: Verify Page Shield is enabled in **Security** > **Page Shield** on your zones. Ensure the zones have traffic and are actively monitored. **Issue**: Getting fewer connections than expected **Cause**: The status filter may be limiting results, or zone IDs may not be specified correctly. **Solution**: Check your status filter setting (default is 'active'). Try an empty zone_ids list to fetch from all zones, or verify zone IDs are formatted correctly. **Issue**: CDN-CGI paths are being excluded when you need them **Cause**: The `exclude_cdn_cgi` setting is enabled by default. **Solution**: Set `exclude_cdn_cgi` to `false` in your configuration to include `/cdn-cgi` connections. **Issue**: Rate limit exceeded errors **Cause**: Multiple integrations or manual API calls are consuming the rate limit quota. **Solution**: The input automatically handles rate limiting. If you see persistent errors, reduce the frequency of other API calls to your Cloudflare account or increase the cron interval. ## Related Articles - [Cloudflare Page Shield API Documentation](https://developers.cloudflare.com/api/resources/page_shield/subresources/connections/) - [Cloudflare Page Shield Overview](https://developers.cloudflare.com/page-shield/) - [Cloudflare API Tokens](https://developers.cloudflare.com/fundamentals/api/get-started/create-token/) - [Cloudflare API Rate Limits](https://developers.cloudflare.com/fundamentals/api/reference/limits/) ## Sample Record ```json { "id": "123e4567-e89b-12d3-a456-426614174000", "added_at": "2024-01-15T10:30:45Z", "first_seen_at": "2024-01-15T10:15:30Z", "last_seen_at": "2024-01-15T10:45:20Z", "host": "cdn.example.com", "url": "https://cdn.example.com/analytics/tracking.js", "first_page_url": "https://example.com/", "page_urls": [ "https://example.com/", "https://example.com/products", "https://example.com/contact" ], "url_contains_cdn_cgi_path": false, "domain_reported_malicious": false, "url_reported_malicious": false, "malicious_domain_categories": [], "malicious_url_categories": [] } ```