Cloudflare Setup

Fp Switchboard supports two types of Cloudflare integration:

1. Cloudflare (Personal/Business) - Manage your own account’s DNS, Workers, KV, R2
2. Cloudflare MSP (Tenant API) - For partners managing customer accounts

Personal/Business

Personal/Business Account Setup

Create a Cloudflare API token for managing YOUR OWN account - DNS, Workers, KV, R2, and more.

1. Understand Permission Levels

   Cloudflare has three permission levels:

   Level	What It Controls
   User Level	Global settings, billing, API tokens
   Zone Level	Per-website/domain: DNS, SSL, caching, firewall
   Account Level	Shared resources: Workers, KV, R2, D1, Pages

2. Go to API Tokens

   Click your profile icon > My Profile > API Tokens.

3. Create Custom Token

   Click “Create Token” then “Create Custom Token” (not a template). Name it “Fp Switchboard - My Account”.

4. Add Zone Permissions

   For DNS and zone management:

   Zone : Zone : Read
   Zone : Zone Settings : Read
   Zone : DNS : Edit
   Zone : SSL and Certificates : Read

5. Add Account Permissions

   For Workers, KV, R2, D1:

   Account : Workers Scripts : Edit
   Account : Workers KV Storage : Edit
   Account : Workers R2 Storage : Edit
   Account : D1 : Edit
   Account : Cloudflare Pages : Edit

6. Set Resource Scope

   • Zone Resources: Include → All zones (or specific zones)
   • Account Resources: Include → Your account

7. Create and Copy Token

   Create the token and copy it immediately - it will only be shown once.

MSP/Tenant

MSP Tenant API Setup

For Cloudflare MSP/Channel Partners: Manage customer accounts, zones, and subscriptions via the Tenant API.

Caution

The Tenant API requires Cloudflare to enable your partner account. Contact partners@cloudflare.com if you don’t have access.

Terminology

Term	Meaning
Tenant	Your MSP company (the parent container)
Account	Individual customer accounts you manage
User	People with login credentials
Zone	Websites/domains within an account

Important: Token Location

Caution

The “Tenant” permission ONLY appears in User API Tokens (My Profile → API Tokens), NOT in Account API Tokens.

1. Go to User API Tokens

   Click your profile icon (top right) → My Profile → API Tokens.

2. Create Custom Token

   Click “Create Token” then “Create Custom Token”. Name it “Fp Switchboard - MSP Tenant”.

3. Add Tenant Permissions

   Account : Tenant : Edit
   Account : Account Settings : Read
   Account : Member Roles : Edit (optional)

4. Set Account Scope

   • Account Resources: Include → Specific account → [Your Tenant Account]

5. Create and Copy Token

   Create the token and copy it immediately.

Environment Variables

Cloudflare uses per-user API keys. Users enter their token when connecting in the dashboard - no platform-level environment variables needed.

Important Notes

• Use separate tokens for different purposes (principle of least privilege)
• MSP Tenant tokens should be kept separate from regular Cloudflare tokens
• Customer accounts created via Tenant API are billed to your partner account
• Documentation: https://developers.cloudflare.com/tenant/