cloudflare · elithrar · Nov 6, 2024 · Nov 6, 2024 · Nov 6, 2024 · Nov 6, 2024
@@ -57,7 +57,7 @@ if (lines) {
 		x.includes(`</docs-tag name="${tag}">`),
 	);
 
-	if (!startTag || !endTag) {
+	if (startTag === -1 || endTag === -1) {
 		throw new Error(`[GitHubCode] Unable to find a region using tag "${tag}".`);
 	}
 

@@ -8,7 +8,7 @@ title: Querying HTTP events by hostname with GraphQL
 
 In this example, we are going to use the GraphQL Analytics API to query aggregated metrics about HTTP events by hostname over a specific period of time.
 
-The following API call will request the number of visits and edge response bytes for the custom hostname `hostname.example.com` over a four day period. Be sure to replace `CLOUDFLARE_ZONE_ID` AND `API_TOKEN` with your zone ID and API credentials, and adjust the `datetime_geq` and `datetime_leq` values as needed.
+The following API call will request the number of visits and edge response bytes for the custom hostname `hostname.example.com` over a four day period. Be sure to replace `CLOUDFLARE_ZONE_TAG` and `API_TOKEN`[^1] with your zone ID and API credentials, and adjust the `datetime_geq` and `datetime_leq` values as needed.
 
 ### API Call
 
@@ -30,7 +30,7 @@ echo '{ "query":
     }
   }",
   "variables": {
-    "zoneTag": "<CLOUDFLARE_ZONE_ID>",
+    "zoneTag": "<CLOUDFLARE_ZONE_TAG>",
     "filter": {
       "datetime_geq": "2022-07-20T11:00:00Z",
       "datetime_lt": "2022-07-24T12:00:00Z",
@@ -191,3 +191,5 @@ https://api.cloudflare.com/client/v4/graphql \
   }
 }' | jq -r 'try .data.viewer.zones[].topPaths[] | "\"\(.dimensions.metric)\": \(.sum.edgeResponseBytes)"' | sort
 ```
+
+[^1]: Refer to [Configure an Analytics API token](/analytics/graphql-api/getting-started/authentication/api-token-auth/) for more information on configuration and permissions.
@@ -8,9 +8,8 @@ In this example, we are going to use the GraphQL Analytics API to retrieve logs
 
 The following API call will request logs for a single Access login event and output the requested fields. The authentication request is identified by its **Ray ID**, which you can obtain from the `403` Forbidden page shown to the user.
 
-You will need to insert your API credentials in `<EMAIL>` and `<API_KEY>` and substitute your own values for the following variables:
+You will need to insert your `<CLOUDFLARE_ACCOUNT_TAG>`, your API credentials in `<API_TOKEN>`[^1], and substitute your own values for the following variables:
 
-* `accountTag`: Your Cloudflare account ID.
 * `rayID`: A unique identifier assigned to the authentication request.
 * `datetimeStart`: The earliest event time to query (no earlier than September 16, 2022).
 * `datetimeEnd`: The latest event time to query. Be sure to specify a time range that includes the login event you are querying.
@@ -46,7 +45,7 @@ echo '{ "query":
     }
   }",
   "variables": {
-    "accountTag": "699d98642c564d2e855e9661899b7252",
+    "accountTag": "<CLOUDFLARE_ACCOUNT_TAG>",
     "rayId": "74e4ac510dfdc44f",
     "datetimeStart": "2022-09-20T14:36:38Z",
     "datetimeEnd": "2022-09-22T14:36:38Z"
@@ -103,3 +102,5 @@ Rather than filter by `cfRayId`, you may also [filter](/analytics/graphql-api/fe
 ```
 
 You can compare the query results to your Access policies to understand why a user was blocked. For example, if your application requires a valid mTLS certificate, Access blocked the request shown above because `mtlsStatus`, `mtlsCommonName`, and `mtlsCertSerialId` are empty.
+
+[^1]: Refer to [Configure an Analytics API token](/analytics/graphql-api/getting-started/authentication/api-token-auth/) for more information on configuration and permissions.
@@ -6,7 +6,7 @@ title: Querying Firewall Events with GraphQL
 
 In this example, we are going to use the GraphQL Analytics API to query for Firewall Events over a specified time period.
 
-The following API call will request Firewall Events over a one hour period, and output the requested fields. Be sure to replace `<CLOUDFLARE_ZONE_ID>`, `<EMAIL>`, and `<API_KEY>` with your zone tag and API credentials, and adjust the `datetime_geg` and `datetime_leq` values to your liking.
+The following API call will request Firewall Events over a one hour period, and output the requested fields. Be sure to replace `<CLOUDFLARE_ZONE_TAG>`, `<EMAIL>`, and `<API_TOKEN>`[^1] with your zone tag and API credentials, and adjust the `datetime_geg` and `datetime_leq` values to your liking.
 
 ## API Call
 
@@ -34,7 +34,7 @@ echo '{ "query":
     }
   }",
   "variables": {
-    "zoneTag": "<CLOUDFLARE_ZONE_ID>",
+    "zoneTag": "<CLOUDFLARE_ZONE_TAG>",
     "filter": {
       "datetime_geq": "2022-07-24T11:00:00Z",
       "datetime_leq": "2022-07-24T12:00:00Z"
@@ -182,3 +182,5 @@ https://api.cloudflare.com/client/v4/graphql \
 #=>   "errors": null
 #=> }
 ```
+
+[^1]: Refer to [Configure an Analytics API token](/analytics/graphql-api/getting-started/authentication/api-token-auth/) for more information on configuration and permissions.
@@ -6,7 +6,7 @@ title: Querying Magic Firewall Intrusion Detection System (IDS) samples with Gra
 
 In this example, we are going to use the GraphQL Analytics API to query for IDS samples over a specified time period.
 
-The following API call will request IDS samples over a one hour period, and output the requested fields. Be sure to replace `<CLOUDFLARE_ACCOUNT_ID>`, `<EMAIL>`, and `<API_KEY>` with your account tag and API credentials, and adjust the `datetime_geg` and `datetime_leq` values to your liking.
+The following API call will request IDS samples over a one hour period, and output the requested fields. Be sure to replace `<CLOUDFLARE_ACCOUNT_TAG>` and `<API_TOKEN>`[^1] with your account tag and API credentials, and adjust the `datetime_geg` and `datetime_leq` values to your liking.
 
 ## API Call
 
@@ -31,7 +31,7 @@ echo '{ "query":
     }
   }",
   "variables": {
-    "accountTag": "<CLOUDFLARE_ACCOUNT_ID>",
+    "accountTag": "<CLOUDFLARE_ACCOUNT_TAG>",
     "filter": {
       "datetime_geq": "2023-06-20T11:00:00.000Z",
       "datetime_leq": "2023-06-20T12:00:00.000Z",
@@ -101,3 +101,5 @@ https://api.cloudflare.com/client/v4/graphql \
 #=>   "errors": null
 #=> }
 ```
+
+[^1]: Refer to [Configure an Analytics API token](/analytics/graphql-api/getting-started/authentication/api-token-auth/) for more information on configuration and permissions.
@@ -6,7 +6,7 @@ title: Querying Magic Firewall Samples with GraphQL
 
 In this example, we are going to use the GraphQL Analytics API to query for Magic Firewall Samples over a specified time period.
 
-The following API call will request Magic Firewall Samples over a one hour period, and output the requested fields. Be sure to replace `<CLOUDFLARE_ACCOUNT_ID>`, `<EMAIL>`, and `<API_KEY>` with your zone tag and API credentials, and adjust the `datetime_geg` and `datetime_leq` values to your liking.
+The following API call will request Magic Firewall Samples over a one hour period, and output the requested fields. Be sure to replace `<CLOUDFLARE_ACCOUNT_TAG>` and `<API_TOKEN>`[^1] with your zone tag and API credentials, and adjust the `datetime_geg` and `datetime_leq` values to your liking.
 
 ## API Call
 
@@ -33,7 +33,7 @@ echo '{ "query":
     }
   }",
   "variables": {
-    "accountTag": "<CLOUDFLARE_ACCOUNT_ID>",
+    "accountTag": "<CLOUDFLARE_ACCOUNT_TAG>",
     "filter": {
       "datetime_geq": "2022-07-24T11:00:00Z",
       "datetime_leq": "2022-07-24T11:10:00Z"
@@ -106,3 +106,5 @@ https://api.cloudflare.com/client/v4/graphql \
 #=>   "errors": null
 #=> }
 ```
+
+[^1]: Refer to [Configure an Analytics API token](/analytics/graphql-api/getting-started/authentication/api-token-auth/) for more information on configuration and permissions.
@@ -8,7 +8,7 @@ products:
 
 In this example, we are going to use the GraphQL Analytics API to query for Workers Metrics over a specified time period. We can query up to one month of data for dates up to three months ago.
 
-The following API call will request a Worker script's metrics over a one day period, and output the requested fields. Be sure to replace `<CLOUDFLARE_ACCOUNT_ID>`, `<EMAIL>`, and `<API_KEY>` with your API credentials, and adjust the `datetimeStart`, `datetimeEnd`, and `scriptName` variables as needed.
+The following API call will request a Worker script's metrics over a one day period, and output the requested fields. Be sure to replace `<CLOUDFLARE_ACCOUNT_TAG>` and `<API_TOKEN>`[^1] with your API credentials, and adjust the `datetimeStart`, `datetimeEnd`, and `scriptName` variables as needed.
 
 ## API Call
 
@@ -41,7 +41,7 @@ echo '{ "query":
     }
   }",
   "variables": {
-    "accountTag": "<CLOUDFLARE_ACCOUNT_ID>",
+    "accountTag": "<CLOUDFLARE_ACCOUNT_TAG>",
     "datetimeStart": "2022-08-04T00:00:00.000Z",
     "datetimeEnd": "2022-08-04T01:00:00.000Z",
     "scriptName": "worker-subrequest-test-client"
@@ -126,3 +126,5 @@ https://api.cloudflare.com/client/v4/graphql \
 #=>   "errors": null
 #=> }
 ```
+
+[^1]: Refer to [Configure an Analytics API token](/analytics/graphql-api/getting-started/authentication/api-token-auth/) for more information on configuration and permissions.
@@ -83,18 +83,22 @@ Headers control which headers go into the Cache Key. Similar to Query String, yo
 
 When you include a header, the header value is included in the Cache Key. For example, if an HTTP request contains an HTTP header like `X-Auth-API-key: 12345`, and you include the `X-Auth-API-Key header` in your Cache Key Template, then `12345` appears in the Cache Key.
 
-To check for the presence of a header without including its actual value, use the `check_presence` option.
+In the **Check if header contains** section, you can add header names and their values to the cache key. For custom headers, values are optional, but for the following restricted headers, you must include one to three specific values:
 
-Currently, you can only exclude the `Origin` header. The `Origin` header is always included unless explicitly excluded. Including the [Origin header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin) in the Cache Key is important to enforce [CORS](https://developer.mozilla.org/en-US/docs/Glossary/CORS). Additionally, you cannot include the following headers:
-
-* Headers that have high cardinality and risk sharding the cache
   * `accept`
   * `accept-charset`
   * `accept-encoding`
   * `accept-datetime`
   * `accept-language`
   * `referer`
   * `user-agent`
+
+To check for the presence of a header without including its actual value, use the **Check presence of** option.
+
+Currently, you can only exclude the `Origin` header. The `Origin` header is always included unless explicitly excluded. Including the [Origin header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin) in the Cache Key is important to enforce [CORS](https://developer.mozilla.org/en-US/docs/Glossary/CORS).
+
+Additionally, you cannot include the following headers:
+
 * Headers that re-implement cache or proxy features
   * `connection`
   * `content-length`

@@ -9,6 +9,11 @@ Use Cache Rules to customize cache settings on Cloudflare. Cache Rules allows yo
 
 Cache Rules can be created in the [dashboard](/cache/how-to/cache-rules/create-dashboard/), via [API](/cache/how-to/cache-rules/create-api/) or [Terraform](/cache/how-to/cache-rules/terraform-example/).
 
+:::note
+Rules can be versioned. Refer to the [Version Management](/version-management/) documentation for more information.
+:::
+
+
 ## Rules templates
 
 <Render file="rules-templates" product="rules" />

@@ -178,7 +178,17 @@ Define the request components used to define a [custom cache key](/cache/how-to/
 Enterprise customers have these additional options for custom cache keys:
 
 * In the **Query string** section, you can select **All query string parameters**, **All query string parameters except** and enter an exception, **No query parameters except** and enter the parameters, or **Ignore query string** (also available for pay-as-you-go customers).
-* In the **Headers** section, you can include headers names and their values, check the presence of another header, and **Include origin header**.
+* In the **Headers** section, you can specify header names along with their values. For custom headers, values are optional; however, for the following restricted headers, you must include one to three specific values:
+
+  * `accept`
+  * `accept-charset`
+  * `accept-encoding`
+  * `accept-datetime`
+  * `accept-language`
+  * `referer`
+  * `user-agent`
+
+  To check for a header's presense wihtout including its value, use the **Check presence of** option. You can also choose whether to **Include origin header**.
 * In the **Cookie** section, you can include cookie names and their values, and check for the presence of another cookie.
 * In the **Host** section, you can select **Use original host** and **Resolved host**. In the **User** section, you can select **Device type**, **Country**, and **Language**.
 

@@ -10,4 +10,8 @@ Cloudflare's Instant Purge ensures that updates to your content are reflected im
 
 <DirectoryListing />
 
+:::note
+If versioning is active on your zone and multiple environments are configured, you can select the specific environment you want to purge. For more details, refer to the [Version Management](/version-management/) documentation.
+:::
+
 <FeatureTable id="cache.purge_cache" />
@@ -15,6 +15,10 @@ Purging everything instantly clears all resources from your CDN cache in all Clo
 3. Under **Purge Cache**, select **Purge Everything**. A warning window appears.
 4. If you agree, select **Purge Everything**.
 
+:::note
+When purging everything for a non-production cache environment, all files for that specific cache environment will be purged. However, when purging everything for the production environment, all files will be purged across all environments.
+:::
+
 ## Resulting cache status
 
 Purge Everything invalidates the resource, resulting in the `CF-Cache-Status` header indicating [`EXPIRED`](/cache/concepts/cache-responses/#expired) for subsequent requests.
@@ -26,6 +26,7 @@ Cloudflare Zero Trust logs are stored for a varying period of time based on the
 | **Network logs** | 24 hours | 30 days | 24 hours | 30 days | 30 days |
 | **HTTP logs** | 24 hours | 30 days | 24 hours | 30 days | 30 days |
 | **DEX logs** | 7 days | 7 days | 7 days | 7 days | 7 days |
+| **Device posture logs** | 30 days | 30 days | 30 days | 30 days | 30 days |
 
 <a name="footnote-1"><sup>1</sup></a> Enterprise users on per query plans cannot store DNS logs via Cloudflare.
 You can still export logs via [Logpush](/cloudflare-one/insights/logs/logpush/).

@@ -20,7 +20,7 @@ To set up Email Security (formerly Area 1) for Gmail:
   - **Domain**: Enter the domain you want to set up BCC from Google.
   - **Configured As**: Select Hops, enter `2`.
   - **Forwarding To**: Enter `google.com`.
-  - **Outbound TLS**: Select Forward all messages over TLS.
+  - **Outbound TLS**: Select **Forward all messages over TLS**.
   - **Quarantine policy**: Ensure no policy is selected.
 5. Select **Publish Domain**.
 

@@ -136,6 +136,138 @@ await env.NAMESPACE.put(key, value, {
 });
 ```
 
+### Limits to KV writes to the same key
+
+Workers KV has a maximum of 1 write to the same key per second. Writes made to the same key within 1 second will cause rate limiting (`429`) errors to be thrown.
+
+You should not write more than once per second to the same key. Consider consolidating your writes to a key within a Worker invocation to a single write, or wait at least 1 second between writes.
+
+The following example serves as a demonstration of how multiple writes to the same key may return errors by forcing concurrent writes within a single Worker invocation. This is not a pattern that should be used in production.
+
+```typescript
+export default {
+	async fetch(request, env, ctx): Promise<Response> {
+		// Rest of code omitted
+		const key = "common-key";
+		const parallelWritesCount = 20;
+
+		// Helper function to attempt a write to KV and handle errors
+		const attemptWrite = async (i: number) => {
+			try {
+				await env. YOUR_KV_NAMESPACE.put(key, `Write attempt #${i}`);
+				return { attempt: i, success: true };
+			} catch (error) {
+				// An error may be thrown if a write to the same key is made within 1 second with a message. For example:
+				// error: {
+				//	"message": "KV PUT failed: 429 Too Many Requests"
+				// }
+
+				return {
+					attempt: i,
+					success: false,
+					error: { message: (error as Error).message },
+				};
+			}
+		};
+
+		// Send all requests in parallel and collect results
+		const results = await Promise.all(
+			Array.from({ length: parallelWritesCount }, (_, i) =>
+				attemptWrite(i + 1),
+			),
+		);
+		// Results will look like:
+		// [
+		// 	  {
+		// 		  "attempt": 1,
+		// 		  "success": true
+		// 	  },
+		//    {
+		// 		  "attempt": 2,
+		// 		  "success": false,
+		// 		  "error": {
+		// 			  "message": "KV PUT failed: 429 Too Many Requests"
+		// 		  }
+		// 	  },
+		// 	  ...
+		// ]
+
+		return new Response(JSON.stringify(results), {
+			headers: { "Content-Type": "application/json" },
+		});
+	},
+};
+```
+
+To handle these errors, we recommend implementing a retry logic, with exponential backoff. Here is a simple approach to add retries to the above code.
+
+```typescript
+export default {
+	async fetch(request, env, ctx): Promise<Response> {
+		// Rest of code omitted
+		const key = "common-key";
+		const parallelWritesCount = 20;
+
+		// Helper function to attempt a write to KV with retries
+		const attemptWrite = async (i: number) => {
+			return await retryWithBackoff(async () => {
+				await env.YOUR_KV_NAMESPACE.put(key, `Write attempt #${i}`);
+				return { attempt: i, success: true };
+			});
+		};
+
+		// Send all requests in parallel and collect results
+		const results = await Promise.all(
+			Array.from({ length: parallelWritesCount }, (_, i) =>
+				attemptWrite(i + 1),
+			),
+		);
+
+		return new Response(JSON.stringify(results), {
+			headers: { "Content-Type": "application/json" },
+		});
+	},
+};
+
+async function retryWithBackoff(
+	fn: Function,
+	maxAttempts = 5,
+	initialDelay = 1000,
+) {
+	let attempts = 0;
+	let delay = initialDelay;
+
+	while (attempts < maxAttempts) {
+		try {
+			// Attempt the function
+			return await fn();
+		} catch (error) {
+			// Check if the error is a rate limit error
+			if (
+				(error as Error).message.includes(
+					"KV PUT failed: 429 Too Many Requests",
+				)
+			) {
+				attempts++;
+				if (attempts >= maxAttempts) {
+					throw new Error("Max retry attempts reached");
+				}
+
+				// Wait for the backoff period
+				console.warn(`Attempt ${attempts} failed. Retrying in ${delay} ms...`);
+				await new Promise((resolve) => setTimeout(resolve, delay));
+
+				// Exponential backoff
+				delay *= 2;
+			} else {
+				// If it's a different error, rethrow it
+				throw error;
+			}
+		}
+	}
+}
+```
+
 ## Other methods to access KV
 
 You can also [write key-value pairs from the command line with Wrangler](/kv/reference/kv-commands/#create) and [write data via the API](/api/operations/workers-kv-namespace-write-key-value-pair-with-metadata).