Skip to main content
Start free

Docs

Protected endpoints

If your n8n or app sits behind a firewall or Cloudflare Access, here's how to let NoCrash through — and only NoCrash.

When you need this

If anyone on the public internet can reach your n8n or app, you don’t need this page — NoCrash already reaches it. You need this only when you’ve locked your endpoint behind a firewall, a WAF, or Cloudflare Access, so NoCrash’s checks get turned away at the door.

There are two ways to let us in. Use whichever matches how you’ve locked things down.

Option 1 — allow our IP address

NoCrash always reaches out from one stable address. Allow it through your firewall and our checks get in; nothing else changes.

Our address:

35.174.76.135

Add it as an allowed source for inbound HTTPS (port 443) on your firewall or WAF. If your endpoint is behind Cloudflare, add it under Security → WAF → IP Access Rules with the action set to Allow.

This address is stable. If it ever needs to change, we’ll tell you in advance.

Option 2 — Cloudflare Access service token

If you protect your endpoint with Cloudflare Access, the cleaner approach is to issue NoCrash a service token. You stay in control: you create it, you can revoke it any time, and it only opens the one door you point it at.

You do this in Cloudflare:

  1. In the Cloudflare Zero Trust dashboard, go to Access → Service Auth and create a service token. Name it something you’ll recognize, like nocrash.
  2. Cloudflare shows you a Client ID and a Client Secret. The secret is shown once — copy both now.
  3. Add an Access policy on the application that protects your endpoint that allows that service token.

Then in NoCrash:

  1. Open the connection for that endpoint and paste the Client ID and Client Secret into the Cloudflare Access fields.
  2. Save.

From then on, NoCrash sends those credentials with every check (as the CF-Access-Client-Id and CF-Access-Client-Secret headers Cloudflare expects), and Cloudflare lets us through. Your secret is stored encrypted and never shown back to you in full. Revoke the token in Cloudflare any time to cut off access instantly.

If your access token expires

A Cloudflare Access service token (or any bearer token you give NoCrash) can expire or be rotated. When that happens, Cloudflare starts turning our checks away, and the endpoint behind it would otherwise go quiet.

You don’t have to track the expiry. The moment your token stops working, NoCrash tells you — on the connection, in your daily brief, and through your alerts — with a one-tap link to update it. Monitoring never silently stops; you issue a fresh token in Cloudflare, paste it in, and we’re back through the door.

Which should I use?

  • Just a firewall or WAF? Allow our IP address — it’s the quickest.
  • Cloudflare Access? Use a service token. It’s scoped to one application and you can revoke it on your own.