Cloudflare API Token
Detects Cloudflare API tokens - 40-character tokens that authenticate to the Cloudflare API. Because the raw token has no distinctive prefix, this pattern gates on nearby Cloudflare context to keep false positives low.
- Type
- regex
- Engine
- universal
- Confidence
- medium
- Confidence justification
- Medium confidence: the 40-character token body is generic, so detection requires an adjacent Cloudflare context label. This cuts false positives at the cost of missing unlabelled tokens.
- Jurisdictions
- global
- Regulations
- Criminal Code Act 1995 (Cth), Computer Fraud and Abuse Act, Computer Misuse Act 1990
- Frameworks
- CIS Controls, ISO 27001, NIST CSF, SOC 2
- Data categories
- credentials, security
- Scope
- specific
- Risk rating
- 8
- Platform compatibility
- Purview: Compatible, GCP DLP: Unsupported, Macie: Unsupported, Zscaler: Compatible, Palo Alto: Unsupported, Netskope: Unsupported
Pattern
(?i)(?:cloudflare|cf[_-]?api[_-]?token|cf[_-]?token)(?:[_-]?api[_-]?token)?["'\s:=]{1,5}(?<![A-Za-z0-9_-])[A-Za-z0-9_-]{40}(?![A-Za-z0-9_-])Corroborative evidence keywords
cloudflare, cf_api_token, CLOUDFLARE_API_TOKEN, api.cloudflare.com, bearer, api token
Proximity: 300 characters
Should match
CLOUDFLARE_API_TOKEN=v1A2b3C4d5E6f7G8h9I0jK1lM2nO3pQ4rS5tU6v7— Cloudflare API token in labelled env var (context + 40 chars)cloudflare: aBcDeFgHiJkLmNoPqRsTuVwXyZ0123456789abcd— 40-char Cloudflare token with cloudflare labelcf_api_token = zZyYxXwWvVuUtTsSrRqQpPoOnNmMlLkKjJiIhHgG— cf_api_token label followed by 40-char token
Should not match
cloudflare: shorttoken123— Token too short even with Cloudflare contextaBcDeFgHiJkLmNoPqRsTuVwXyZ0123456789abcd— 40-char string with no Cloudflare context (too generic)rotate the cloudflare api token in the dashboard— Prose mention without a token value
Known false positives
- 40-char hashes or IDs appearing near the word cloudflare in documentation. Mitigation: Require the context label adjacency (already enforced) plus corroborative keywords; exclude placeholder markers.