Cloudflare Setup

Fp Switchboard supports two types of Cloudflare integration:

1. Cloudflare (Personal/Business) - Manage your own account’s DNS, Workers, KV, R2
2. Cloudflare MSP (Tenant API) - For partners managing customer accounts

Personal/Business

Personal/Business Account Setup

Create a Cloudflare API token for managing YOUR OWN account - DNS, Workers, KV, R2, and more.

1. Understand Permission Levels

   Cloudflare has three permission levels:

   Level	What It Controls
   User Level	Global settings, billing, API tokens
   Zone Level	Per-website/domain: DNS, SSL, caching, firewall
   Account Level	Shared resources: Workers, KV, R2, D1, Pages

2. Go to API Tokens

   Click your profile icon > My Profile > API Tokens.

3. Create Custom Token

   Click “Create Token” then “Create Custom Token” (not a template). Name it “Fp Switchboard - My Account”.

4. Add Zone Permissions

   For DNS and zone management:

   Zone : Zone : Read
   Zone : Zone Settings : Read
   Zone : DNS : Edit
   Zone : SSL and Certificates : Read

5. Add Account Permissions

   For Workers, KV, R2, D1:

   Account : Workers Scripts : Edit
   Account : Workers KV Storage : Edit
   Account : Workers R2 Storage : Edit
   Account : D1 : Edit
   Account : Cloudflare Pages : Edit

6. Set Resource Scope

   • Zone Resources: Include → All zones (or specific zones)
   • Account Resources: Include → Your account

7. Create and Copy Token

   Create the token and copy it immediately - it will only be shown once.

MSP/Tenant

MSP Tenant API Setup

For Cloudflare MSP/Channel Partners: Manage customer accounts, zones, and subscriptions via the Tenant API.

Caution

The Tenant API requires Cloudflare to enable your partner account. Contact partners@cloudflare.com if you don’t have access.

Terminology

Term	Meaning
Tenant	Your MSP company (the parent container)
Account	Individual customer accounts you manage
User	People with login credentials
Zone	Websites/domains within an account

Important: Token Location

Caution

The “Tenant” permission ONLY appears in User API Tokens (My Profile → API Tokens), NOT in Account API Tokens.

1. Go to User API Tokens

   Click your profile icon (top right) → My Profile → API Tokens.

2. Create Custom Token

   Click “Create Token” then “Create Custom Token”. Name it “Fp Switchboard - MSP Tenant”.

3. Add Tenant Permissions

   Account : Tenant : Edit
   Account : Account Settings : Read
   Account : Member Roles : Edit (optional)

4. Set Account Scope

   • Account Resources: Include → Specific account → [Your Tenant Account]

5. Create and Copy Token

   Create the token and copy it immediately.

Environment Variables

Cloudflare uses per-user API keys. Users enter their token when connecting in the dashboard - no platform-level environment variables needed.

Important Notes

• Use separate tokens for different purposes (principle of least privilege)
• MSP Tenant tokens should be kept separate from regular Cloudflare tokens
• Customer accounts created via Tenant API are billed to your partner account
• Documentation: https://developers.cloudflare.com/tenant/

Common Issues

• “Authentication error” after entering token: The token may not have the required permissions. Verify the token has the exact permissions listed above.
• Zone not found: The token’s zone resources scope may be limited to specific zones. Set to “All zones” to access all domains.
• Tenant API not visible: The Tenant permission only appears in User API Tokens, not Account API Tokens. Go to your profile, not the account settings.
• Token vs Global API Key: Switchboard uses scoped API tokens, not the legacy Global API Key. Don’t use the Global API Key.

Testing

1. Go to your Switchboard Dashboard and navigate to Cloudflare
2. Click Connect and enter your API token
3. Click Test Connection to verify
4. Try: “List my Cloudflare zones” or “Show DNS records for [domain]”