iirc even if you're listed as a "good bot" with Cloudflare, high security settings by the CF user can still result in 403s.
No idea if CF already does this, but allowing users to generate access tokens for 3rd party services would be another way of easing access alongside their apparent URL and IP whitelisting.