This is super interesting. Thank you for sharing that. From this, and based on the JSON output that

This is super interesting. Thank you for sharing that. From this, and based on the JSON output that was shared... well, I just devised another possible attack which might reveal the encryption keys themselves. It's possible this mitigation technique might create a compromise in its current implementation. Given that discussing it here would be irresponsible, who should I contact, please?

RRobbBoss This is super interesting. Thank you for sharing that. From this, and based on t...

Isaac McFadyen•3/14/25, 8:54 PM

If you believe you've found a vulnerability you should report it through HackerOne.

Isaac McFadyen•3/14/25, 8:54 PM

?hackerone

SuperHelpflare•3/14/25, 8:55 PM

This discord is not for for reporting security reports. Cloudflare has a Responsible Disclosure program run through HackerOne where you can privately file reports, which will be reviewed by the appropriate teams and for which you may be eligible for bug bounties: https://hackerone.com/cloudflare

HackerOne

Cloudflare Public Bug Bounty - Bug Bounty Program | HackerOne

The Cloudflare Public Bug Bounty Bug Bounty Program enlists the help of the hacker community at HackerOne to make Cloudflare Public Bug Bounty more secure. HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited.

RobbBossOP•3/14/25, 8:56 PM

Thanks, I juuust saw that at the end of the article. haha Thank you for responding, though, truly.

I am likely to write about it, but not likely to go through the trouble of proving it out, which seems necessary to report it there. Well, thank you for that insight, regardless!

RRobbBoss Thanks, I juuust saw that at the end of the article. haha Thank you for respondi...

Isaac McFadyen•3/14/25, 10:01 PM

If you are going to publicly write about it without reporting it then that would be a security issue. If you don't end up reporting it then you should not publicly write about it.

RobbBossOP•3/14/25, 10:03 PM

No, if I write about it I'll probably share it with researcher friends. I'm not going to randomly publicly disclose security issues.

RobbBossOP•3/14/25, 10:03 PM

Thank you for the due diligence in stating that.

I also have no interest in joining HackerOne, tbh. But I respect that there's a community of people that find bugs and there are bounties and all this. I have no interest in bounties at all. I would take this to #off-topic but I gather that this is probably the end of this thread.

RRobbBoss Thank you for the due diligence in stating that. 🙂 I also have no interest in ...

Isaac McFadyen•3/14/25, 10:26 PM

It's less about bounties (although that's part of it) and more about responsible disclosure. By telling others that aren't Cloudflare, you risk them telling others themselves and eventually telling someone who is in a position to and wants to actively exploit it.

I would heavily encourage you to share through HackerOne, but if you don't want to I'd avoid sharing with anyone else regardless of whether they are friends or not.

dom•3/15/25, 10:43 AM

I have a product idea. An AI Router. Similar to AI Gateway but it would allow me to define custom routes where I can define the target llm model and settings like temp, max_tokens etc. I would then route each app llm call to the custome AI Router endpoint. I would send only the prompts (system(optional) and user prompts). All other settings, like which llm to use, requst settings would be defined at AI router level. With one setting I can turn on AI Gateway on the router.

This would allow me to quickly adapt to the fast paced landscape of llm models. I can quickly reconfigure app's functionality to use different llm's and even run tests to quickly to validate outputs.

I'm wasting a lot of time updating and refactoring app code to stay up to date with llm models. Each time I need to:

find the llm api functionality. Try to remember what it does and understand it
refactor the code to use different model because i found a better one, cheaper one or the one im using will no longer available.
test in staging, test in production

I think there is a huge opportunity here for a cloud provider to own this pipeline. A great lock in for the customer as well. Please pass the idea to your product team to further explore. Thanks!

Ddom I have a product idea. An AI Router. Similar to AI Gateway but it would allow me...

rob•3/17/25, 4:33 PM

https://x.com/G4brym/status/1901413193970299149 did u see this ?

Gabriel Massadas (@G4brym) on X

Sunday night project drop! Built a Cloudflare AI Gateway Provider for the Vercel AI SDK

Unlike other gateway products (e.g., Portkey), this one lets you keep using the official providers, so you still get all the type hints!

Try it out: npm install ai-gateway-provider

•

3/16/25, 11:20 PM

龙

龙卷风•3/17/25, 5:07 PM

I configured an AI gateway for the openrouter, but why does it always additionally call the @cf large language model when using the conversation feature?

龙

龙卷风•3/17/25, 5:08 PM

Gemini 2.0, too.

龙龙卷风 I configured an AI gateway for the openrouter, but why does it always additional...

Isaac McFadyen•3/17/25, 5:13 PM

That looks like you have Guardrails turned on (to guard input so it blocks inappropriate content)

Isaac McFadyen•3/17/25, 5:13 PM

https://developers.cloudflare.com/ai-gateway/guardrails/

IIsaac McFadyen https://developers.cloudflare.com/ai-gateway/guardrails/

龙

龙卷风•3/17/25, 5:26 PM

I see, thank you.

Rrob https://x.com/G4brym/status/1901413193970299149 did u see this ?

dom•3/20/25, 8:16 AM

I just took a peak. Not exactly what I need. With this solution I'm still required to define target models at app level.

ring0•3/20/25, 3:51 PM

Has anyone been successful using the openai python library to call AzureOpenAI through Cloudflare Gateway?

Rring0 Has anyone been successful using the openai python library to call AzureOpenAI ...

ring0•3/20/25, 7:00 PM

figured it out. in case anyone needs this, I was missing the default_query:

client = OpenAI(
default_query={"api-version": $AZURE_OPENAI_API_VERSION)},
base_url=$api_base,
api_key=$AZURE_OPENAI_API_KEY),
)

Victor•3/21/25, 9:22 PM

I'm using custom costs but it mentions

Custom costs will appear in the logs with an underline, making it easy to identify when custom pricing has been applied.

But that is no longer the case (I haven't used custom costs before so I don't know when it disappeared).

Cloudflare Docs

Custom costs · Cloudflare AI Gateway docs

Override default or public model costs on a per-request basis.

Ddom I have a product idea. An AI Router. Similar to AI Gateway but it would allow me...

Kathy•3/26/25, 4:27 AM

thanks for the ideas - we're working on an openai compatible endpoint that will help with #2 - saving you from refactoriing the code for different models/providers. will do some thinking on the routing

VVictor I'm using [custom costs](https://developers.cloudflare.com/ai-gateway/configurat...

Kathy•3/26/25, 4:36 AM

just tested and seems to be working. what did you try?

one thing i did notice is for decimals you need to put "0.2". It can't be ".2"

donp•3/31/25, 3:20 AM

Is adding support for Elevenlabs new Speech to Text model called Scribe on the roadmap?

https://developers.cloudflare.com/ai-gateway/providers/elevenlabs/

I tried replacing "text-to-speech" with "speech-to-text", but the endpoint doesn't exist.

Scribe docs - https://elevenlabs.io/docs/capabilities/speech-to-text

Cloudflare Docs

ElevenLabs · Cloudflare AI Gateway docs

ElevenLabs offers advanced text-to-speech services, enabling high-quality voice synthesis in multiple languages.

Speech to Text | ElevenLabs Documentation

Learn how to turn spoken audio into text with ElevenLabs.

smile•3/31/25, 1:16 PM

Hi Everyone. I'm trying to integrate the cloudflare non-realtime websocket api. But I faced the following issues. The WebSocket connection is established, but after 1 or 2 messages, the event listener stops triggering. Please guide me to resolve it.

smile•3/31/25, 1:17 PM

https://developers.cloudflare.com/ai-gateway/configuration/websockets-api/non-realtime-api/

Based on this doc I have created the sample.

Cloudflare Docs

Non-realtime WebSockets API · Cloudflare AI Gateway docs

The Non-realtime WebSockets API allows you to establish persistent connections for AI requests without requiring repeated handshakes. This approach is ideal for applications that do not require real-time interactions but still benefit from reduced latency and continuous communication.

smile•3/31/25, 1:20 PM

Does this API work only with a paid account? First, I want to test a working sample for both real-time and non-real-time WebSocket APIs to evaluate their performance and reduce latency for chat completion.

Milo•3/31/25, 9:02 PM

Hi guys, I got banned from AI Bot from Cloudfare said my provider, he had the AI Bot detection on and he said he wont whitelist me its against protection. So how do I approach Cloudfare to fix this?

MMilo Hi guys, I got banned from AI Bot from Cloudfare said my provider, he had the AI...

Isaac McFadyen•3/31/25, 9:22 PM

?crossposting AI BOT banned me by mistake and my provider tells me I need to handle it with Cloudfare?

SuperHelpflare•3/31/25, 9:22 PM

Please do not post your question in multiple channels/post it multiple times per the rules at #

welcome-and-rules. It creates confusion for people trying to help you and doesn't get your issue or question solved any faster.

IIsaac McFadyen ?crossposting https://discord.com/channels/595317990191398933/135637501997809670...

Milo•3/31/25, 9:23 PM

Sorry, I was not able to find it so fast, there are many channels here

glncy•4/1/25, 7:48 AM

Hi to all. I am trying to access AI Gateway and Workers AI locally but it returning a same error. I've been stuck since yesterday about this

Thank you very much

Additional context: I tried deploying a sample worker ai on cloudflare workers. it is working thought. i am not sure what i am doing wrong

{
  "result": null,
  "success": false,
  "errors": [
    {
      "code": 7010,
      "message": "Service unavailable"
    }
  ],
  "messages": [
    
  ]
}

{
  "result": null,
  "success": false,
  "errors": [
    {
      "code": 7010,
      "message": "Service unavailable"
    }
  ],
  "messages": [
    
  ]
}

eleng•4/1/25, 9:16 AM

Hi! I’d like to use AI Gateway as a proxy for my Replicate model.

I see Replicate listed as a supported provider, and the docs mention it's “supported out of the box.” However, I don’t see any configuration options to route requests to Replicate — and in the “Connect to your applications with API Endpoints” popup, Replicate isn’t listed among the AI Platforms.

Is it currently possible to use AI Gateway as a proxy for Replicate? If so, how can I set that up?

smile•4/1/25, 1:20 PM

Hi anyone help me to resolve the issue in AI Gateway (Non streaming websocket api). The WebSocket connection is established, but after 1 or 2 messages, the event listener stops triggering. I have provided the code. Please check it out and guide me to resolve the issue.

message.txt4.26KB

Victor•4/1/25, 10:19 PM

Getting 2009 Unauthorized2009 Unauthorized consistently on every request going to any authenticated gateway (any provider/model). I rolled a new ai gateway token and azure ai tokens and manually tried them, but they're failing too. Last known good request was April 1, 2025

Victor•4/1/25, 10:20 PM

(testing with azure openai specifically - just the random one I picked) Without changing anything of the request other than the url, I swapped it to hit openai directly (without gateway) and it went through 200 OK200 OK

Isaac McFadyen•4/1/25, 10:30 PM

^ @michelle unsure if this is related to the other issue but might be worth a look at?

VVictor Getting `2009 Unauthorized` consistently on every request going to any authentic...

Isaac McFadyen•4/1/25, 10:32 PM

Mind sending your account ID?

IIsaac McFadyen Mind sending your account ID?

Victor•4/1/25, 10:32 PM

e9b82b39aa91575a2643529d24a1bf02e9b82b39aa91575a2643529d24a1bf02

Isaac McFadyen•4/1/25, 10:45 PM

For anyone following this issue, it's been escalated internally.

Eeleng Hi! I’d like to use AI Gateway as a proxy for my Replicate model. I see Replica...

Kathy•4/1/25, 10:49 PM

https://developers.cloudflare.com/ai-gateway/providers/replicate/

Cloudflare Docs

Replicate · Cloudflare AI Gateway docs

Replicate runs and fine tunes open-source models.

VVictor Getting `2009 Unauthorized` consistently on every request going to any authentic...

Kathy•4/2/25, 12:08 AM

thanks for bringing to our attention

. fixed and should be working now

Ddom I just took a peak. Not exactly what I need. With this solution I'm still requir...

rob•4/5/25, 5:54 PM

well if you wanted to talk more abut it lmk

Vladimir_dev•4/5/25, 8:04 PM

Could you tell me how long it will take for Llama 4 to be integrated?

akshay•4/6/25, 2:37 PM

Hey folks!

I'm currently exploring how to build with OpenAI's real-time API and Cloudflare. Most examples I've come across are based on WebSockets, but I'm considering using WebRTC instead due to potential performance benefits.

Does anyone have references or examples of using WebRTC in this context? Would love to learn from any prior work or suggestions. Thanks in advance!

VVladimir_dev Could you tell me how long it will take for Llama 4 to be integrated?

Kathy•4/7/25, 11:02 PM

Are you referring to Workers AI? If so, that was added yesterday https://blog.cloudflare.com/meta-llama-4-is-now-available-on-workers-ai/
there's a different channel for Workers AI workers-ai

The Cloudflare Blog

Meta Llama 4 now available on Workers AI

Llama 4 Scout 17B Instruct is now available on Workers AI: use this multimodal, Mixture of Experts AI model on Cloudflare's serverless AI platform to build next-gen AI applications. Build products that can understand images & text, accept large context, with high performance on model quality and inference latency.

Aakshay Hey folks! 👋 I'm currently exploring how to build with OpenAI's real-time API a...

Kathy•4/7/25, 11:03 PM

webRTC not yet supported in AI Gateway but will in the future. In the meantime, can check out Calls https://developers.cloudflare.com/calls/

Cloudflare Docs

Overview · Cloudflare Calls docs

Cloudflare Calls is infrastructure for real-time audio/video/data applications. It allows you to build real-time apps without worrying about scaling or regions. It can act as a selective forwarding unit (WebRTC SFU), as a fanout delivery system for broadcasting (WebRTC CDN) or anything in between.

smile•4/8/25, 4:03 AM

Hi all, I've been trying to work with the Cloudflare WebSocket API, but it isn't functioning as expected. I've reached out to the Cloudflare community and Discord for support, but unfortunately, I haven’t received any response so far.

Could someone please help me identify whether the issue lies with the Cloudflare API itself or if there's something wrong in my implementation?

Jaka•4/8/25, 5:08 AM

i have AutoRag running from yesterday. nothing seems to happen. Things appear blocked. Need help.

Bryan Chen•4/8/25, 8:40 AM

Any plan to improve the logs viewer? Currently the requests and responses are just rendered as JSON, which makes it impossible to read (due to \n\ns). I am really considering build a 3rd party viewer for it.

Original message was deleted

smile•4/9/25, 8:07 AM

Hi, Did you use Webscoker API in cloudflare?

This is super interesting. Thank you for sharing that. From this, and based on the JSON output that

Similar Threads