I’m trying to send an HTTP request in n8n to the following endpoint:
https://evo2.abc.com/message/sendText/whatsapp_test
But instead of the expected API response, I get a 403 Forbidden with Cloudflare’s “Just a moment…” challenge page (the HTML with __cf_chl_* tokens).
It looks like Cloudflare is blocking my request because it doesn’t pass the JS/cookie challenge. The message also shows “Forbidden – perhaps check your credentials?” but I believe it’s not credentials-related, rather Cloudflare protection.
What I’ve tried / considered:
-
Checked my request headers → all seem fine.
-
Confirmed the API works when called from a browser (so only server-side requests fail).
-
From Cloudflare docs, I see I might need to either:
-
Use CF Access headers (
CF-Access-Client-Id/CF-Access-Client-Secret) if this is behind Cloudflare Access. -
Or whitelist the endpoint (
/message/sendText/whatsapp_test) in Cloudflare to bypass the managed challenge. -
Or proxy the request through a Cloudflare Worker.
-
Question:
Has anyone integrated n8n with an API that’s behind Cloudflare protection? What’s the recommended way to handle this? Would whitelisting this specific endpoint in Cloudflare be enough for n8n to work, or should I go the CF Access header / Worker proxy route?
Thanks in advance 