Stack Monitors
Monitor Cloudflare with Crowswatch
Monitor HTTP traffic, firewall events, DNS analytics, and performance metrics across your Cloudflare zones directly from Crowswatch.
What This Integration Provides
- Traffic analytics: requests, bandwidth, unique visitors, and response codes across your zones
- Firewall & WAF events: blocked requests, threat types, and rule matches
- DNS analytics: query volume, response types, and propagation health
- Cache performance: hit rate, miss rate, and bandwidth saved
- Worker & Pages metrics: invocation counts, CPU time, and error rates
- SSL/TLS status: certificate expiry and coverage across zones
- Rate limiting: triggered rules and mitigation counts
- Health checks: origin availability and pool status
Requirements
| Requirement | Detail |
|---|---|
| Cloudflare account | Free plan or above |
| API token | Scoped to the zones you want to monitor |
| Zone ID | One per zone (found in the Cloudflare dashboard) |
| Account ID | Found in the Cloudflare dashboard sidebar |
| Estimated setup time | ~5 minutes |
Step 1: Generate Credentials
Cloudflare uses API tokens (preferred) or a global API key.
To create an API token:
- Log in to the Cloudflare dashboard
- Go to My Profile → API Tokens
- Click Create Token
- Use the Read all resources template, or create a custom token with these permissions:
Resource Permission Zone: Analytics Read Zone: Firewall Services Read Zone: DNS Read Account: Account Analytics Read - Under Zone Resources, select the specific zones or choose All zones
- Set an optional TTL for the token
- Click Continue to summary → Create Token
- Copy the token, as it will only be shown once
Step 2: Locate Required IDs
Zone ID
- Open the Cloudflare dashboard and select the domain you want to monitor
- On the Overview page, scroll to the API section in the right-hand sidebar
- Copy the Zone ID
Account ID
- Look at the URL in the Cloudflare dashboard:
https://dash.cloudflare.com/<ACCOUNT_ID>/... - The Account ID is also visible in the Workers & Pages section sidebar
Step 3: Add Credentials to Crowswatch
Navigate to: Crowswatch → Add Service → Cloudflare
| Field | Value |
|---|---|
| API Token | The token generated in Step 1 |
| Account ID | Your Cloudflare Account ID |
| Zone ID | The Zone ID for the domain to monitor |
You can add multiple zones by repeating this process for each domain.
Available Metrics
Traffic
- Total requests (by zone, over time)
- Bandwidth served (GB)
- Unique visitors
- HTTP response code breakdown (2xx, 3xx, 4xx, 5xx)
- Requests by country
Security Events
- Firewall rule triggers
- WAF rule matches
- Bot score distribution
- Blocked vs challenged vs allowed requests
- Rate limit triggers
Cache Performance
- Cache hit rate (%)
- Cached vs uncached bandwidth
- Cache status breakdown
DNS Analytics
- Total DNS queries
- Query type breakdown (A, AAAA, CNAME, MX, TXT)
- NXDOMAIN rate
- Response time
Workers & Pages
- Worker invocations
- CPU time (ms)
- Error rate
- Script-level breakdown
SSL / TLS
- Certificate expiry dates
- Coverage per zone
- TLS version distribution
Health Checks
- Origin availability (up/degraded/down)
- Pool health status
- Failover events
Connect
- Enter your API Token, Account ID, and Zone ID in the Crowswatch form
- Click Verify to confirm the credentials are valid
- Select the metrics you want to track
- Click Connect
Crowswatch will begin pulling data immediately. The dashboard will populate within the first polling interval.
Security
- Use a scoped API token, not a Global API Key
- Grant only the permissions listed above. No write access is required
- Set a TTL on the token and rotate it periodically
- Create one token per environment (staging, production) for auditability
- Do not share tokens across integrations
Troubleshooting
No data appearing after connecting
Verify the API token has the correct permissions (Zone Analytics: Read). Confirm the Zone ID matches the domain you intend to monitor. Check that the token has not expired.
Authentication error
Ensure you copied the full token. Cloudflare tokens are not recoverable after creation. Try generating a new token if the original cannot be verified.
Partial metrics missing
Some metrics (e.g. Workers) require specific permissions in the token scope. Ensure the token includes Account Analytics: Read for account-level data.
Zone ID not accepted
Confirm the Zone ID is for a zone your account controls. The Zone ID must correspond to the account associated with the API token.

