# Rulesets Ingests rulesets from Cloudflare, including account-level and zone-level rule configurations. This input collects information about all rule types such as WAF rules, rate limiting rules, DDoS protection, firewall rules, and transformation rules across your Cloudflare account or specific zones. **Sync Type: Full Synchronisation** ## Requirements - A Cloudflare account with API access - An API Token with `Account Rulesets:Read` or `Zone Rulesets:Read` permission - Your Cloudflare Account ID (for account-level rulesets) or Zone IDs (for zone-level rulesets) - If neither Account ID nor Zone IDs are provided, the input will fetch rulesets from all zones in your account ### Creating an API Token 1. Log in to your Cloudflare dashboard 2. Navigate to **My Profile** > **API Tokens** 3. Click **Create Token** 4. Use the **Create Custom Token** option 5. Configure the token: - **Token name**: Give it a descriptive name (e.g., "Monad Rulesets") - **Permissions**: Add `Account` > `Rulesets` > `Read` (for account-level rulesets) or `Zone` > `Rulesets` > `Read` (for zone-level rulesets) - **Account Resources**: Select the specific account(s) or "All accounts" 6. Click **Continue to summary** and then **Create Token** 7. Copy the token value (you won't be able to see it again) ### Finding Your Account ID and Zone IDs **Account ID**: 1. Log in to your Cloudflare dashboard 2. Select the account you want to monitor 3. The Account ID is displayed in the right sidebar on the overview page 4. Alternatively, find it in the URL: `https://dash.cloudflare.com/{account_id}/...` **Zone IDs**: 1. Log in to your Cloudflare dashboard 2. Click on the domain (zone) you want 3. The Zone ID is displayed in the right sidebar on the overview page 4. Alternatively, find it in the API call responses ## Details - **State Management**: Uses deduping cron-based state management to fetch the complete inventory of rulesets on each run. Monad tracks which rulesets have been seen to avoid duplicate processing. - **Scope Options**: - Account-level rulesets: Retrieved from `/accounts/{account_id}/rulesets` - Zone-level rulesets: Retrieved from `/zones/{zone_id}/rulesets` - All zone rulesets: When no Account ID or Zone IDs are specified, fetches from all zones - **Pagination**: Cursor-based pagination with up to 50 records per page - **Rule Phases**: Retrieves rulesets across all phases including ddos_l4, ddos_l7, http_config_settings, http_request_firewall_custom, http_request_firewall_managed, http_request_transform, http_response_headers_transform, and others - **Rate Limits**: Standard Cloudflare API rate limits apply (see Rate Limits section below) ## Configuration ### Settings | Setting | Type | Required | Description | |---------|------|----------|-------------| | `account_id` | string | No | Cloudflare Account ID for account-level rulesets. | | `zone_ids` | array | No | List of specific Zone IDs for zone-level rulesets. If empty and Account ID is not specified, fetches from all zones. | | `cron` | string | Yes | Cron expression for sync schedule (e.g., `0 0 * * *` for daily) | | API Rate Limit | object | No | Optional limit on the connector's outbound request rate to the source API. Leave blank to use the connector's default behavior. See [API Rate Limiting](../../../guides/rate-limiting) for the field format, limits, and how to choose a value. | ### Secrets | Secret | Type | Required | Description | |--------|------|----------|-------------| | `api_token` | string | Yes | API Token with Account Rulesets:Read or Zone Rulesets:Read permission | ## Rate Limits | Scope | Limit | Window | Notes | |-------|-------|--------|-------| | API Requests | 1,200 | per 5 minutes | Standard rate limit across Cloudflare API | | Rulesets Endpoint | 4 | requests per second | Rate limit specific to rulesets API endpoints | **Headers**: `X-RateLimit-Limit`, `X-RateLimit-Remaining`, `X-RateLimit-Reset` **Source**: [Cloudflare API Rate Limits](https://developers.cloudflare.com/fundamentals/api/reference/limits/) ## Troubleshooting ### Common Issues **Issue**: `API returned success=false` with authentication error **Cause**: The API token is invalid, expired, or lacks the required permissions. **Solution**: Verify your API token is correct and has `Account Rulesets:Read` or `Zone Rulesets:Read` permissions. Create a new token with the proper permissions if needed. **Issue**: `No rulesets found` error **Cause**: The specified Account ID or Zone IDs don't exist, or there are no rulesets configured. **Solution**: Verify your Account ID and Zone IDs are correct in the Cloudflare dashboard. Ensure rulesets exist in the zones you're querying. **Issue**: Rate limit exceeded (429 error) **Cause**: Too many requests to the rulesets API endpoint within the rate limit window. **Solution**: Increase the cron schedule interval to reduce the frequency of syncs. The input respects the 4 RPS limit on the rulesets endpoint. **Issue**: API access not available **Cause**: Your API token lacks the required rulesets permissions. **Solution**: Create a new token with `Rulesets:Read` permissions for either accounts or zones depending on your needs. ## Related Articles - [Cloudflare Rulesets API Documentation](https://developers.cloudflare.com/api/resources/rulesets/) - [Cloudflare Rulesets Guide](https://developers.cloudflare.com/ruleset-engine/) - [Cloudflare API Tokens](https://developers.cloudflare.com/fundamentals/api/get-started/create-token/) - [Cloudflare API Rate Limits](https://developers.cloudflare.com/fundamentals/api/reference/limits/) ## Sample Record ```json { "description": "Custom WAF rules for example.com", "id": "e8c75c80-41d4-4f5f-8e3f-9d8c5f4e3b1a", "kind": "custom", "last_updated": "2024-01-15T10:30:00Z", "name": "WAF Custom Rules", "phase": "http_request_firewall_custom", "source": "firewall_custom", "version": 42 } ```