Cloudflare Setup Guide
Connect Cloudflare to Oskuo by creating a scoped API token so Oskuo can manage your DNS records and zones safely.
Prerequisites
- check_circle A Cloudflare account with at least one domain added
- check_circle Permission to create API tokens in your Cloudflare account
- check_circle An active Oskuo account on any plan
Connecting Cloudflare to Oskuo
- 1 Go to the Cloudflare dashboard → My Profile → API Tokens and click Create Token.
- 2 Select the "Edit zone DNS" template, or use Create Custom Token to add the exact permissions you need (e.g. Zone: Read + DNS: Edit). Optionally restrict the token to specific zones.
- 3 Click Continue to summary, then Create Token. Copy the token — it will only be shown once.
- 4 Open Settings → Connectors in Oskuo, find Cloudflare, paste the API token, and click Test & Save.
What you can do
- check_circle List, create, and get details for zones (domains)
- check_circle Delete a zone from your account
- check_circle List, create, and update DNS records
- check_circle Delete DNS records
Try it out
Here are some things you can ask Oskuo to do:
- chat_bubble "List all DNS records for example.com"
- chat_bubble "Add a CNAME for blog.example.com"
- chat_bubble "What zones do I have?"
- chat_bubble "Delete the old CNAME record for staging.example.com"
Good to know
- info Oskuo focuses on DNS management — firewall rules, WAF settings, and page rules can't be changed through Oskuo yet.
- info Cloudflare Workers and Pages deployments aren't supported — those are managed in the Cloudflare dashboard.
- info SSL certificate settings and caching rules can't be adjusted through Oskuo.
- info If your token is scoped to specific zones, Oskuo will only see those zones — not your entire account.
Keeping things secure
- lock Your API token is encrypted with AES-256-GCM before it's stored — Oskuo never keeps it in plain text.
- lock Always use scoped API tokens — never your Global API Key. Grant only the permissions Oskuo needs (Zone: Read, DNS: Edit).
- lock You can revoke or rotate your API token in Cloudflare at any time — just update the new token in Oskuo afterwards.
- lock All requests to the Cloudflare API are made over HTTPS, so your DNS data is encrypted in transit.
Troubleshooting
Authentication fails with a 401 error expand_more
The API token may be invalid or revoked. Create a new token at dash.cloudflare.com/profile/api-tokens and update it in Oskuo under Settings → Connectors.
Oskuo receives a 403 "insufficient permissions" error expand_more
The API token is missing required permissions. Edit the token in Cloudflare's API Tokens settings to add Zone: Read and DNS: Edit permissions, or create a new token using the "Edit zone DNS" template.
Zone not found — token is scoped to specific zones expand_more
If the token was scoped to specific zones, Oskuo can only see those zones. Ensure the zone in question is included in the token's scope, or create a new token with access to all zones.