What option is there to help my users who are also CloudFlare users to setup DNS records via my SaaS?

I am designing my SaaS to do the following for my users

  1. automatically creates / edits DNS A records on their Cloudflare account to point to the DigitalOcean servers my SaaS spins up for them
  2. automatically setup the SSL for them on their Cloudflare account for the related zones / domains
  3. automatically setup the page rules for them on their Cloudflare account for the related zones / domains such as redirecting www to non-www
  4. (when the API is available for this) buys new domains thru Cloudflare API

I am unsure how to do this with Cloudflare API in my SaaS. I’m not talking about code. I’m talking about workflow.

I know that the Cloudflare end users can create API tokens but I am unsure what’s the workflow should be.

ideally, i like the end user to do it as conveniently as possible. My ideal workflow for the users is:

  1. they login to my SaaS
  2. they connect to their Cloudflare using oAuth on my SaaS which then gives my SaaS a token to their Cloudflare account
  3. using this token, the SaaS can access their DNS records via the API

Why this is ideal is because the end users need not fiddle with API tokens and stuff. but from what i asked, it seems that this is not possible as seen in Does this wrapper allow me to use oAuth instead of API key or Access Token to access API on behalf of a cloudflare user? · Issue #140 · cloudflare/python-cloudflare (github.com)

I have considered the following:

Option 1 aka the environment variable method and using the API: Ask the users to create the relevant API tokens in the same way as I did in my own account and then tell them to store the token as env variable in my SaaS the way most CI providers do it.

Option 2 aka the Cloudflare partner method: become a Cloudflare partner and somehow make it easier for my end users to use the Cloudflare related features in my SaaS. I found this Our Partnerships | Cloudflare but am unsure if this is the right answer.

Option 3 aka the Cloudflare App method: create a Cloudflare app but given that my SaaS is a Django app hosted on my own servers and Cloudflare app appears to be solely a node app. I am not sure how to integrate. Cloudflare Apps

Option 4 aka the oAuth method: setup a oAuth token and call the python wrapper for the API (see Does this wrapper allow me to use oAuth instead of API key or Access Token to access API on behalf of a cloudflare user? · Issue #140 · cloudflare/python-cloudflare · GitHub) but of course as i can tell this is not possible.

My questions are :

Which option is best for me considering, I use python to write my SaaS and I want maximum convenience and security for the endusers?

In case, the best option is 1, is option 1 aka the env var method allowed under Cloudflare terms of use?

In case, the best option is 2, is option 2 aka the Cloudflare partner method allowed under Cloudflare terms of use? and is that better for the end users? If so, how do I go about registering for it so that i can afford specifically the 4 Cloudflare automation features i mention earlier? I have looked at the registration form and it looks complicated (see attached) can help me through it to maximize my chances of success?

In case, the best option is 3, how do I get started with option 3?

In case, the best option is 4, how do I get started with option 4? I also cannot tell how to use the python wrapper with the oauth token from Cloudflare?

I have filed a business plan support ticket to ask this but i haven’t received any replies except for a response the following day asking which github repo i was referring to in my original ticket.

A business plan support costs me 200 USD per month before GST. I have already filed a separate ticket to complain about the lack of responses and have decided to post my original question here in community to get more help from a wider audience.

Not directly answering any of your specific questions, but have you looked at the Cloudflare for SaaS product? This is designed for this purpose and allows you to manage the configuration for your users - they just add a CNAME to point to your service.

https://developers.cloudflare.com/ssl/ssl-for-saas/

Cloudflare really amazing, yeah its helpful in ecommerce as well SaaS bases products. i really appreciate and working with it