Integrating Cloudflare Workers with the Cequence Unified API Protection (UAP) platform requires access to the Cloudflare dashboard and permissions to manage Cloudflare workers.

This integration uses a Cloudflare Worker to send Cloudflare traffic to the UAP platform for analysis. Cloudflare Workers provide a serverless execution environment. While there are several ways to deploy a Cloudflare Worker, this guide discusses Cloudflare Workers deployed in the Route mode.

This approach to the Cequence integration with Cloudflare workers does not use Cloudflare Queues. Your Cequence team can assist you in deploying a version of this integration that uses Cloudflare Queues. To confirm that your account supports Cloudflare Queues, see the Cloudflare documentation.

This integration uses the ctx.waitUntil() method to establish asynchronous communication between Cloudflare and the Cequence UAP platform, which has negligible effect on site latency. Cequence errors handle errors with the passThroughOnException method to enable silent failures for minimal site impact.

Before you start

Verify that a Cloudflare zone you can use to define a route for the Cloudflare Worker exists. You can create a Cloudflare zone by using the onboarding DNS records or by registering a new domain.
The Application must be Proxied through Cloudflare , not just DNS-managed (gray cloud icon). Full proxying ensures all API requests flow through Cloudflare Workers before reaching your origin server. Note that if your Origin application is HTTP (no TLS) or using an invalid or self-signed cert, you need to Configure encryption mode (a global setting) to Flexible.

Generating a traffic client and secret

Several Cequence components must authenticate to the Cequence UAP platform in order to transmit and receive data. Create authentication credentials in the Cequence UAP platform to enable this authentication.

1. Log in to the UAP management portal UI.
   The URL for the management portal is typically of the form https://ui.<your-tenant-name>.<domain>. Replace <your-tenant-name> with the name of your Cequence tenant organization. Replace <domain> with your domain name.
2. Select General Settings > User Management.
   The User Management pane appears.
3. Click the Clients tab.
4. Click Add New Client.
   The new client dialog box appears.
5. Type the client name in the Client Name field.
   This name is the client ID. Note the client ID for later use.
6. Enable the Traffic Management toggle.
7. (Optional) To change the token lifespan from the default of 1800 seconds, type a whole number of seconds in Token Lifespan.
8. Click Save.
   A dialog box with the client secret appears.
9. Click the blue Copy icon to copy the secret to the clipboard, then click Close.
   The client is now set up. Note the client name for future use.
   The client list appears.
10. Note the value of the client secret for later use. This value will not be shown again later on the UI for security reasons.

Use the client ID and secret you just generated in the Cloudflare configuration below as CEQUENCE_CLIENT_ID and CEQUENCE_ID_SECRET respectively.

Cloudflare Configuration

The procedures in this section configure your Cloudflare instance to work with the Cequence UAP platform.

Create a new Worker

In order to create a new Worker to integrate with Cequence, follow the steps below.

1. Log in to the Cloudflare dashboard.
2. In the left navigation bar, click Workers & Pages > KV.
   The KV page appears.
   
3. Click Create a namespace.
   The Create a namespace pane appears.
4. In Namespace Name, type in a name for the Cequence integration. This can be any arbitrary name. Let's select CEQ_KV for this integration example.
5. Click Add.
   The tabular list of namespaces updates to include CEQ_KV.
6. Click the copy to clipboard icon from the ID column to copy the namespace ID to your clipboard.
   Note this ID for later use.
7. In the left navigation bar, click Workers & Pages > Overview.
   The Overview page appears.
8. Click Create application.
   The Create an application page appears.
9. Click Create Worker.
   The worker creation page appears.
   
10. In the field for Name, type in a name for the Cequence Worker, e.g. cequence-worker-single-dev.
11. Click Deploy.
    The new Cloudflare Worker deploys and the Preview your Worker page appears.

Configure the Worker with the Cequence Integration

Follow this procedure to configure the newly created Worker with the code that Cequence provides in order to integrate with the UAP platform.

1. Click Edit code.
   The Cloudflare code window appears.
2. In the Cloudflare code window, paste the contents of the cequence-standalone-worker.js file available here.
   The file is attached to this article and is also available in the build/ directory of the zip file shared with you by your Cequence team.
3. Click Deploy.
   A confirmation dialog box appears.
4. Click Save and deploy.
   The confirmation dialog box closes and the worker deploys.

Configure Routes for the Worker

Follow this procedure to configure routes for the hosts to send traffic to the Cequence UAP platform using Cloudflare Workers. This procedure uses cq-route.com as an example host name. Use the relevant host names from your deployment instead.

1. Above the code window, click the worker name, cequence-worker-single-dev.
   The worker configuration page appears.
2. From the top horizontal menu, click Settings > Triggers.
   The triggers configuration pane appears.
3. In Routes, click the ellipsis (...) next to the cequence-worker-single-dev.cq-route.workers.dev route and select Disable route.
   A confirmation dialog box appears.
4. Click Disable.
   The confirmation dialog box closes. The default route is now disabled.
5. Click Add route.
   The Add route pane appears.
6. In Route, type in a host value, e.g. *cq-route.com/*
7. From the Zone drop-down, select cq-route.com.
8. Click Add route.
   Repeat these steps to add further routes.
9. Optionally, edit an existing route by clicking the ellipsis (...) next to an existing route and selecting Edit route.
10. From the top horizontal menu, click Settings > Variables.
    The Environment Variables page appears.
11. Click Add variable.
    Add the following environmental variables and click Deploy.
    

    Variable Name	Value	Needs changing
    CEQ_ENV	DEV	No; do not change
    CEQUENCE_AUTH_ENDPOINT	https://auth.<your-tenant-name>/auth/realms/cequence/protocol/openid-connect/token	Yes
    CEQUENCE_EDGE_ENDPOINT	https://edge.<your-tenant-name>/api-transactions	Yes
    CEQ_TOKEN_RETRY_COUNT	5	No; do not change
    CEQ_SINGLE_EVENT_RETRY_COUNT	5	No; do not change
    CEQ_INITIAL_RETRY_DELAY_SEC	0.5	No; do not change
    CEQUENCE_CLIENT_ID	client-id	Yes
    CEQUENCE_CLIENT_SECRET	type:secret	Yes

Associate Namespace Binding with the Worker

Follow this procedure to associate the newly configured Worker with the namespace created at the beginning of this guide.

1. In the Environment Variables page, scroll to KV Namespace Bindings and click Add binding.
   The KV Namespace Bindings pane appears.
2. In Variable name, type CEQ_KV.
3. From the KV Namespace drop-down, select CEQ_KV.
4. Click Deploy.

The Cloudflare Worker is now configured to integrate with the Cequence UAP platform.

To confirm successful integration, send requests to the configured routes and watch for activity on your Cequence UAP platform dashboard.

Validating the Cloudflare Configuration

1. Log in to the Cloudflare dashboard.
2. In the left navigation bar, click Workers & Pages > Overview.
3. Select the CEQ_KV worker.
   The configuration page for the worker appears.
4. From the top horizontal menu, click Logs.
   The logs pane appears.
5. Click Begin log stream.

Activity logs display in the log window.