- My goal: Running a GET request via a OpenAPI resource
- Issue: The request keeps getting blocked by cloudflare bot flight
- Steps I've taken to troubleshoot: Added retool ips to the whitelist but WAF cannot skip bot flight, the only solution would be turning it off.
- Additional info: Cloud
No idea how to fix this other then turning bot flight off for my domain which is not the best solution.
Using the rest api resource works fine it just seams to cause issues when using OpenAPI.
The schema request goes though fine, its just the resource endpoint that has issues.
Any ideas?
{
"request": {
"url": "REMOVED",
"credentials": "same-origin",
"headers": {
"Accept": "application/json",
"Content-Type": "application/json",
"Authorization": "---sanitized---"
},
"method": "GET"
},
"response": {
"data": null,
"headers": {
"accept-ch": [
"Sec-CH-UA-Bitness",
"Sec-CH-UA-Arch",
"Sec-CH-UA-Full-Version",
"Sec-CH-UA-Mobile",
"Sec-CH-UA-Model",
"Sec-CH-UA-Platform-Version",
"Sec-CH-UA-Full-Version-List",
"Sec-CH-UA-Platform",
"Sec-CH-UA",
"UA-Bitness",
"UA-Arch",
"UA-Full-Version",
"UA-Mobile",
"UA-Model",
"UA-Platform-Version",
"UA-Platform",
"UA"
],
"alt-svc": "h3=\":443\"; ma=86400",
"cache-control": [
"private",
"max-age=0",
"no-store",
"no-cache",
"must-revalidate",
"post-check=0",
"pre-check=0"
],
"cf-mitigated": "challenge",
"cf-ray": "967edd1078eff820-PDX",
"connection": "close",
"content-encoding": "gzip",
"content-type": "text/html; charset=UTF-8",
"critical-ch": [
"Sec-CH-UA-Bitness",
"Sec-CH-UA-Arch",
"Sec-CH-UA-Full-Version",
"Sec-CH-UA-Mobile",
"Sec-CH-UA-Model",
"Sec-CH-UA-Platform-Version",
"Sec-CH-UA-Full-Version-List",
"Sec-CH-UA-Platform",
"Sec-CH-UA",
"UA-Bitness",
"UA-Arch",
"UA-Full-Version",
"UA-Mobile",
"UA-Model",
"UA-Platform-Version",
"UA-Platform",
"UA"
],
"cross-origin-embedder-policy": "require-corp",
"cross-origin-opener-policy": "same-origin",
"cross-origin-resource-policy": "same-origin",
"date": [
"Thu",
"31 Jul 2025 17:37:24 GMT"
],
"expires": [
"Thu",
"01 Jan 1970 00:00:01 GMT"
],
"nel": "{\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}",
"origin-agent-cluster": "?1",
"permissions-policy": "accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()",
"referrer-policy": "same-origin",
"report-to": "{\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=e6k5GnKTH%2F%2Fnz6PfDrJgzqT3xvk%2Fgx3Ff9eDEGVir3bD%2Fh8u%2F3h%2BFlu1lxfdu1xngVyUhuP5MyvHS0uO02rlI%2FPIwPInFcIhalCsbfWLiBqqUfyjEDIk\"}]}",
"server": "cloudflare",
"server-timing": "chlray;desc=\"967edd1078eff820\"",
"transfer-encoding": "chunked",
"vary": "accept-encoding",
"x-content-type-options": "nosniff",
"x-frame-options": [
"SAMEORIGIN",
"SAMEORIGIN"
]
},
"status": 403,
"statusText": "Forbidden",
"ok": false,
"url": "REMOVED"
