Skip to main content
The Security Center API provides centralized security insights, recommendations, and vulnerability assessments across your Cloudflare infrastructure.

Initialize the Security Center resource

import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env.CLOUDFLARE_API_TOKEN,
});

const securityCenter = client.securityCenter;

Insights

Manage security insights and recommendations.

List insights

Retrieve all security insights for your account. 
// Automatically fetches more pages as needed
for await (const insight of client.securityCenter.insights.list({
  account_id: '023e105f4ecef8ad9ca31a8372d0c353',
})) {
  console.log(insight.type, insight.severity);
}
account_id
string
required
Account identifier
dismissed
boolean
Filter by dismissed status
insight_class
string[]
Filter by insight class. Options may include:
  • compliance
  • misconfiguration
  • vulnerability
  • threat
insight_type
string[]
Filter by specific insight types
page
number
Page number of paginated results
per_page
number
Number of items per page (default: 20, max: 100)
product
string[]
Filter by Cloudflare product. Options may include:
  • access
  • dns
  • firewall
  • ssl
  • workers
severity
string[]
Filter by severity level. Options:
  • low
  • moderate
  • high
  • critical

Dismiss insight

Mark a security insight as dismissed. 
const result = await client.securityCenter.insights.dismiss(
  'insight_id',
  {
    account_id: '023e105f4ecef8ad9ca31a8372d0c353',
    dismissed: true,
  }
);
insight_id
string
required
Insight identifier
dismissed
boolean
required
Whether to dismiss or undismiss the insight

Use cases

Monitor security posture

Get a comprehensive view of your security posture. 
const criticalInsights = [];
const highInsights = [];

for await (const insight of client.securityCenter.insights.list({
  account_id: '023e105f4ecef8ad9ca31a8372d0c353',
  dismissed: false,
})) {
  if (insight.severity === 'critical') {
    criticalInsights.push(insight);
  } else if (insight.severity === 'high') {
    highInsights.push(insight);
  }
}

console.log(`Critical insights: ${criticalInsights.length}`);
console.log(`High severity insights: ${highInsights.length}`);

Filter by product

View security insights for a specific Cloudflare product. 
for await (const insight of client.securityCenter.insights.list({
  account_id: '023e105f4ecef8ad9ca31a8372d0c353',
  product: ['firewall', 'access'],
  dismissed: false,
})) {
  console.log(`[${insight.product}] ${insight.type}: ${insight.description}`);
}

Manage compliance insights

Track and manage compliance-related security insights. 
for await (const insight of client.securityCenter.insights.list({
  account_id: '023e105f4ecef8ad9ca31a8372d0c353',
  insight_class: ['compliance'],
  dismissed: false,
})) {
  console.log(`Compliance issue: ${insight.type}`);
  
  // Review and optionally dismiss
  if (insight.severity === 'low') {
    await client.securityCenter.insights.dismiss(
      insight.id,
      {
        account_id: '023e105f4ecef8ad9ca31a8372d0c353',
        dismissed: true,
      }
    );
  }
}

Automated security reporting

Generate automated security reports. 
interface SecurityReport {
  total: number;
  bySeverity: Record<string, number>;
  byProduct: Record<string, number>;
  dismissed: number;
}

const report: SecurityReport = {
  total: 0,
  bySeverity: {},
  byProduct: {},
  dismissed: 0,
};

for await (const insight of client.securityCenter.insights.list({
  account_id: '023e105f4ecef8ad9ca31a8372d0c353',
})) {
  report.total++;
  
  if (insight.dismissed) {
    report.dismissed++;
  }
  
  report.bySeverity[insight.severity] = 
    (report.bySeverity[insight.severity] || 0) + 1;
  
  report.byProduct[insight.product] = 
    (report.byProduct[insight.product] || 0) + 1;
}

console.log('Security Report:', JSON.stringify(report, null, 2));

Response types

InsightListResponse

Represents a security insight.
id
string
required
Insight identifier
type
string
required
Type of security insight
severity
string
required
Severity level: low, moderate, high, or critical
insight_class
string
required
Classification of the insight (e.g., compliance, misconfiguration, vulnerability, threat)
product
string
required
Cloudflare product associated with the insight
description
string
required
Detailed description of the security insight
dismissed
boolean
required
Whether the insight has been dismissed
detected_at
string
required
When the insight was first detected
updated_at
string
required
When the insight was last updated
recommendation
string
Recommended action to address the insight
impact
string
Potential impact if the insight is not addressed
affected_resources
array
List of resources affected by this insight

InsightDismissResponse

Response from dismissing an insight.
id
string
required
Insight identifier
dismissed
boolean
required
Updated dismissed status
dismissed_at
string
When the insight was dismissed

Best practices

Prioritize by severity: Focus on critical and high severity insights first to address the most pressing security concerns.
Regular reviews: Schedule regular reviews of security insights to maintain strong security posture.
Product-specific monitoring: Set up monitoring for specific products that are critical to your infrastructure.
Dismissing insights does not fix the underlying security issues. Always review and remediate before dismissing.

Build docs developers (and LLMs) love

Get started for freeTalk to us