Connect Your Cloudflare Analytics
Henneth reads your Cloudflare analytics to track how AI agents interact with your site. This guide walks you through creating a read-only API token and connecting it to your Henneth dashboard. Setup takes about 5 minutes.
Prerequisites
- An active Cloudflare account
- Your domain added to Cloudflare
- Access to your Henneth dashboard
Find your Zone ID
Log in to the Cloudflare dashboard and select the domain you want to connect.
On the Overview page, look at the right sidebar under API. You'll see your Zone ID — a 32-character hexadecimal string.
Click to copy this value. You'll need it in Step 3.
Create an API Token
On the same Overview page, click Get your API token in the right sidebar (below your Zone ID and Account ID).
On the API Tokens page, click Create Token.
Scroll past the templates and click Create Custom Token. Configure it with these settings:
henneth-readerLeave Client IP Address Filtering and TTL at their defaults (you can optionally configure these — see the Security section below).
Click Continue to summary, review the settings, then click Create Token.
Copy your token now
Your API token is displayed only once after creation. Copy it immediately and store it securely. If you lose it, you'll need to create a new token.
Add to Henneth
Log in to your Henneth dashboard. You'll see the Cloudflare integration card with the description "Pull AI bot crawl data from your Cloudflare zone."
Enter your credentials in the two fields:
Click Test Connection to verify your credentials are valid. Once you see the green Connection successful confirmation, click Connect to save the integration.
Verify your connection
After clicking Connect, a green Connection successful banner confirms Henneth can reach your Cloudflare analytics.
Initial data may take up to 24 hours to appear in your dashboard as we process your historical analytics. Once available, you'll see:
- AI agent traffic identified in your analytics
- Visibility scores across ChatGPT, Gemini, Perplexity, and Google AI Overviews
- Top queries where your brand appears in AI responses
Security best practices
API Tokens vs Global API Key
Cloudflare offers two types of credentials: API Tokens and the legacy Global API Key.
API Token (recommended)
- ✓Scoped to specific permissions
- ✓Limited to specific zones
- ✓Can be individually revoked
- ✓Supports IP filtering and TTL
Global API Key (avoid)
- ×Full access to everything
- ×All zones, all permissions
- ×Cannot be scoped or limited
- ×Revoking requires account password change
Never share your Global API Key
Henneth will never ask for your Global API Key. If anyone requests it, do not provide it. Always use a scoped API Token with the minimum permissions needed.
Optional hardening
IP address filtering — When creating your API token, you can restrict it to specific IP addresses. This means the token will only work when requests come from those IPs. Contact [email protected] for our current IP ranges if you want to configure this.
Token TTL (expiration) — You can set a TTL on your token so it automatically expires after a set period. When the token expires, create a new one and update it in your Henneth dashboard.
Token rotation
We recommend rotating your API token periodically, especially if team members who had access leave your organization. To rotate:
- 1.Create a new token in Cloudflare with the same permissions
- 2.Update the token in your Henneth dashboard
- 3.Click Test Connection to verify data is still flowing
- 4.Revoke the old token in Cloudflare
How Henneth stores your credentials
Your API token and Zone ID are encrypted at rest using AES-256 encryption. They are never logged in plaintext, never exposed in our UI after initial entry, and are only decrypted when making authenticated requests to the Cloudflare API on your behalf.
Next steps
- Permissions — understand exactly what Henneth can and cannot access
- Troubleshooting — fix common issues with tokens and data