Cloudflare - User Guide

In this article, you will understand step by step how to easily integrate with Cloudflare


1. The user creating an API token should have Domain Administrator Read Only permissions. Otherwise the token won’t work even if the right scopes are granted to the token.

How to connect Cloudflare integration?

Step 1: Generate API token in Cloudflare

  • Log in to Cloudflare.
  • Go to "My Profile" by clicking the user icon at the top right.

  • Navigate to the "API tokens" option on the left-hand menu and then select "Create Token".

  • For a seamless experience without the need to reconnect the integration in the future, we highly recommend using the template and granting read access to all resources.
  • Select the option 'Use template' next to the 'Read all resources' option.


  • Edit the Token name field, for example: ScytaleToken.



  • Scroll down and click on "Continue to summary".

  • Click on "Create Token".

  • After generating the token, make sure to copy the token before leaving the page. 

Step 2: Login to Scytale application to connect Cloudflare

  • Click on the "Integrations" menu screen on the left-hand side.
  • Click on the Connect button under the Cloudflare icon.
  • Paste the API token that you generated in Cloudflare in step 1.
  • Connection Name - is used to differentiate between your connections.
    • For instance, if you manage multiple accounts or would like to connect multiple times to the integration. It's automatically titled (Connection 1,2,3 etc), but you can change it to a custom name to make it easier to identify.
  • Click "Connect".

✅ Click Done, Cloudflare is connected.

If you prefer not to give permissions to read all resources, you have the option to create a custom token in Cloudflare and specify the following permissions: 

  • Zone:Fraud Detection:Read

  • Zone: Config Rules:Read

  • Zone: Dynamic Redirect:Read

  • Zone: API Gateway:Read

  • Zone: HTTP DDoS Managed Ruleset:Read

  • Zone: Zone WAF:Read

  • Zone: Zone Settings:Read

  • Zone: Zone:Read

  • Zone: DNS:Read

  • Zone: Load Balancers:Read

  • Zone: Firewall Services:Read

  • Zone: SSL and Certificates:Read

  • User: Memberships:Read

  • User Details:Read

  • Account: SSL and Certificates:Read

  • Account: API Gateway:Read

  • Account: Access: SSH Auditing:Read

  • Account: Page Shield:Read

  • Account: Magic Firewall:Read

  • Account: L3/4 DDoS Managed Ruleset:Read

  • Account: Account WAF:Read

  • Account: DDoS Protection:Read

  • Account: Account Rulesets:Read

  • Account: Access: Organizations, Identity Providers, and Groups:Read

  • Account: Firewall Access Rules:Read

  • Account: Account Settings:Read