Getting Started & Onboarding Platform Integrations Item Master & Product Management Inventory & Pricing Updates Listings & Cross-posting Orders & Fulfillment Settings & Administration Troubleshooting All Categories
Troubleshooting

Handling Cloudflare Blocks

If you have Cloudflare enabled on your Magento or WooCommerce store, it may block OneCart from accessing your store's API. Learn how to resolve this so your orders and inventory can sync properly.

Help Article Last updated Feb 12, 2026 3 min read

What is happening?

Cloudflare is a popular web security and CDN service. When enabled on your store, it can sometimes identify OneCart’s server as a bot and block our API requests. This means:

  • Orders will not sync from your store to OneCart
  • Inventory updates will not be pushed to your store
  • Listing imports will not work

When OneCart detects this block, we automatically deactivate your shop in OneCart to stop unnecessary retries, and send you an email notification.

How to fix it

You have two options:

Option 1: Create a Cloudflare WAF bypass rule (Free)

This is the recommended approach. You’ll create a firewall rule that allows OneCart’s API traffic through while keeping Cloudflare protection for your regular website visitors.

For Magento stores:

  1. Log in to your Cloudflare dashboard
  2. Select your domain
  3. Go to Security > WAF > Custom Rules
  4. Click Create rule
  5. Set the rule name to something like “Allow OneCart API”
  6. Under When incoming requests match…, set:
    • Field: URI Path
    • Operator: starts with
    • Value: /rest/V1/
  7. Set the action to Skip (bypass all remaining rules)
  8. Click Deploy

For WooCommerce stores:

Follow the same steps above, but use these values:

  • Value: /wp-json/wc/

Important: This WAF bypass rule applies to all traffic hitting these API paths, not just OneCart. Any bot, crawler, or attacker traffic targeting these endpoints will also bypass Cloudflare’s protection. This is generally acceptable because API endpoints require authentication (API keys/tokens) to return any data, but you should be aware that Cloudflare will no longer filter requests to these paths.

Option 2: Dedicated IP address ($99 USD/month)

If you prefer to keep Cloudflare’s full protection active on all paths including your API, OneCart can provision a dedicated IP address for your specific shop. This gives you a fixed IP that you can whitelist in Cloudflare.

What’s included:

  • A dedicated static IP address assigned to your shop
  • Up to 10,000 API requests per month
  • Full Cloudflare compatibility

To request a dedicated IP, contact us at hello@lachmann-tech.com.

After resolving the block

Once you’ve applied one of the fixes above, you need to reactivate your shop in OneCart. See our guide: Reactivating a Disabled Shop for step-by-step instructions.

Why doesn’t OneCart have a fixed IP address?

For security and reliability reasons, OneCart uses dynamic cloud infrastructure that does not have a single fixed IP address. This is standard practice for modern cloud applications and ensures better uptime and security for all our customers.

The Cloudflare WAF bypass rule (Option 1) is the simplest and most effective solution — it allows API traffic through while maintaining your store’s security for regular visitors.

Need help?

If you’re unsure how to configure Cloudflare, reply to the notification email or contact us at hello@lachmann-tech.com and we’ll walk you through it.

Was this helpful?

Contact our support team if you need more assistance.

Contact Support
Browse Help

Find more answers in our help center.

Back to Help Center
Solutions
Free Tools
Help Categories
Ecommerce Platforms
ERP Integrations
Logistics
Popular Integrations
Recent Help Articles
Helpful Resources
Recent Articles
Company
Selected Partner Pages
Privacy Policy Terms of Service SLA

Copyright © 2018 - 2025 Lachmann Technologies Pte. Ltd.