I am seeking to accomplish the following and am wondering if this can be done using Cloudflare’s API or any other mechanism?
Three users involved: Domain Owner, Domain User, My Company
My Company will manage access control to DNS servers/management
Domain Owner will keep their domain at their registrar of choice, but point the domain to My Company’s DNS management tool (using nameservers?)
From here, My Company will allow the final Domain User to control the DNS management as a ‘secondary’ level of control. Ultimately, My Company (using My Company’s system) and the Domain Owner (using the Domain Owner’s Registrar’s system) can both withdraw the Domain User’s access at any time.
While the Domain User has access to the DNS records through My Company’s system, they can point the DNS records to any targets that they wish. The execution will likely happen due to the Domain Owner’s Registrar forwarding DNS requests to My Company, which would then forward the DNS requests to the Domain User’s targets, using the Cloudflare system.
This should all be done securely, avoiding malicious hijacking, man in the middle or any other form of security breach.
My Company wants to do this for multiple domains owned by multiple Domain Owners and multiple Domain Users.
I didn’t see anything in your list regarding a Cloudflare account, so I’ll take some guesses: You want all of this within your single Cloudflare account, housing many different zones (domains).
As for the API, the API is just a command line version of the dashboard. But with API Tokens, you can set permissions such as which zone (domain) the token applies to, and which settings they can change.
Hi. This looks good, though I see a limit of 50 API tokens. This is fine for our launch, but if successful, I want to be sure that we can enter into an enterprise agreement where we can manage more than 50 API tokens. We will need a new zone for each domain name, as each will have a unique user. It is possible that we will need thousands or tens of thousands zones (domains / unique users of the domains).
That’s interesting that the support document tells you about a 50 token limit, yet my API Tokens page says nothing about that, or how many tokens I have left beyond the ten I’m using.
Maybe @cloonan knows the scoop about token limits on various plans. It would seem to me that on an Enterprise plan, they’ll gladly sell you as much of anything they can that’s not already included in copious amounts.
This model only works if you are registered as Cloudflare Partner, and depends on your region - not everyone can access to the Partner API. For instance, APAC partners currently do not have access to the Partner API.