Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.clarion.cantina.xyz/llms.txt

Use this file to discover all available pages before exploring further.

This guide walks you through connecting Cloudflare to Clarion and configuring Cloudflare Notifications monitors. By the end, Clarion will receive Cloudflare notification policies through one or more Cloudflare Notifications monitors, and optionally have an API token available for DNS record management and zone snapshot tools during incident response.
Estimated time: 5-10 minutes. You will need a Clarion workspace and access to the Cloudflare dashboard for the account or zones you want to monitor.

Prerequisites

  • A Clarion workspace
  • Access to Cloudflare
  • Permissions to create webhook destinations and notification policies in Cloudflare

Step 1 — Connect Cloudflare in Clarion

  1. In Clarion, go to Settings > Integrations
  2. Find Cloudflare
  3. Click Connect
This creates the Cloudflare integration in Clarion. Use the integration to save an optional API token for Clarion agent tools, and use Cloudflare Notifications monitors to generate webhook URLs and secrets for notification delivery.

Step 2 — Optional: Save a Cloudflare API token

If you want Clarion agents to use Cloudflare DNS and zone-management tools during investigations, save an API token on the Cloudflare integration.
  1. In the Cloudflare integration page in Clarion, open the API Token section
  2. In Cloudflare, go to Manage Account > Account API Tokens
  3. Create an account-owned API token
  4. Grant Zone:Read, DNS:Read, DNS:Edit, and Account Settings:Read
  5. Paste the token into Clarion
  6. Wait for Clarion to verify it, then click Save
The token should include these permissions:
  • Zone:Read
  • DNS:Read
  • DNS:Edit
  • Account Settings:Read
This token is optional for Cloudflare Notifications delivery. You only need it if you want Clarion agents to use Cloudflare API tools.
Use an account-owned token instead of a user token for shared integrations. Account-owned tokens are more durable because they are not tied to one person’s profile.

Step 3 — Add one or more Cloudflare Notifications monitors

  1. In Clarion, add a Cloudflare Notifications monitor from the Integrations page or the agent monitor setup flow
  2. Give the monitor a clear name for the Cloudflare notification policy or policy group it will receive
  3. Save the monitor
When each monitor is created, Clarion generates:
  • A Webhook URL
  • A Webhook secret
Copy both values from the monitor configuration screen. You can create multiple Cloudflare Notifications monitors when you want different Cloudflare notification policies to use different webhook destinations, secrets, or Clarion agents.
If you replace the webhook secret in Clarion later, update the same secret in Cloudflare before sending new notifications.

Step 4 — Create Cloudflare webhook destinations

In Cloudflare:
  1. Go to Notifications > Destinations > Webhooks
  2. Click Create
  3. Give the destination a name you will recognize later
  4. Paste the Webhook URL from Clarion into the destination URL field
  5. Paste the Webhook secret from Clarion into the secret field
  6. Click Save and Test
Create one Cloudflare webhook destination for each Clarion monitor you want to route separately. Each destination is what the selected notification policies will send to.

Step 5 — Create notification policies in Cloudflare

After the webhook destination exists:
  1. Go to Notifications > Add
  2. Select the notification type you want to send to Clarion
  3. Fill in the required fields for that notification
  4. When Cloudflare shows a delivery or destination section, choose the webhook destination for the Clarion monitor that should receive that policy
  5. Save the notification policy
Common notification policies to forward to Clarion include:
  • DDoS
  • Origin errors
  • Health checks
  • WAF events
  • SSL or certificate events
You can attach multiple Cloudflare notification policies to the same Clarion webhook destination, or split policies across multiple Clarion monitors by using different webhook destinations.
If a Cloudflare notification form only shows Notification email fields and does not show a webhook destination selector, Cloudflare is not offering webhook delivery for that notification in your current account.If your Cloudflare account only has Free zones, this is expected. Cloudflare Notifications webhooks are not available on a free-only account, so you will only be able to use email delivery.Cloudflare’s docs say webhook availability depends on account eligibility and the highest zone plan in the account. If the account has at least one eligible paid zone, Cloudflare may expose webhook destinations for supported notification types.

What happens next

Once configured, Clarion will:
  • Receive Cloudflare Notifications webhooks at the monitor webhook URL
  • Create alerts from supported Cloudflare notification events
  • Triage those alerts with Clarion agents
If notifications stop arriving after rotating the secret, verify that the secret stored in the Clarion monitor matches the one configured on the Cloudflare webhook destination.