Invision API & Cloudflare?

[Dazz]

Hey Guys,

I've been trying to get the API to work for sometime now... My server uses ngnix which I know is not supported by Invision.  However, people have said they were able to get it to work using .htaccess converters. My server admins are looking into it, but seems that Cloudflare JSChallenge is stopping it.

From my server admins - we can see once we access the vpuniverse.com/api through a browser, the page requests an API token. Through a command line (curl), it stops on the Cloudflare verification page (JS Challenge). You may need to check on your Cloudflare account to configure it to don't check/send JS challenges to /api requests.

From what I can tell Cloudflare JS Challenge is set to "essentially off".  Would anyone happen to know what settings on the Cloudflare side are needed?

Thanks 

[Randy Calvert]

I would disable bot protection for the /api/ folder.  If that does not work, you can disable WAF entirely for it.  

[Dazz]

21 hours ago, Randy Calvert said:

I would disable bot protection for the /api/ folder.  If that does not work, you can disable WAF entirely for it.  

Do you happen to know how to go about doing this?  I've tried several different things, but none seem to work.  When I disable Cloudflare completely for the site the API does work, so the ngnix side is working correctly.  I has to be something with the Cloudflare settings that I just can't figure out.

[Randy Calvert]

I would start by creating a Configuration Rule.

And the associated behavior would be something like:

Full "off" appears to be only available now under the enterprise plan.  (That's changed since the last time I looked at it.) But it looks like it might be enough for what you need.  Once you've saved and activated the rule, you need to make sure you flush cache, etc so that any response potentially saved somewhere is cleared.  

Edited September 18 by Randy Calvert