Portal Community

Cloudflare Node

Manage Cloudflare zones, DNS records, SSL certificates, and CDN cache from BizFirst workflows.

Authentication: All operations require a Scoped API Token (NOT a Global API Key). Create tokens at Cloudflare Dashboard → My Profile → API Tokens. Use the minimum required permissions for each workflow. Rate limit: 1,200 requests per 5 minutes per token.

Operations (22 total)

Zone

5 operations

List, inspect, configure settings, and purge cache at the zone level.

DNS

8 operations

Full DNS record lifecycle: list, get, create, update, delete, batch create, import/export BIND zone files.

SSL

6 operations

Get/set SSL mode, list certificates, order new certs, and delete expired ones.

Cache

3 operations

Invalidate CDN cache by URL, by tag (Enterprise), or purge all cached assets for a zone instantly.

Required API Token Permissions

Resource GroupRequired PermissionNotes
Zone (list, get, getSettings)Zone.ReadRead-only zone access
Zone (updateSettings, purgeAll)Zone.EditModify zone configuration
DNS (list, get, export)DNS.ReadRead-only DNS access
DNS (create, update, delete, batchCreate, import)DNS.EditModify DNS records
SSL (getSettings, listCerts, getCert)SSL and Certificates.ReadRead certificate data
SSL (setMode, orderCert, deleteCert)SSL and Certificates.EditModify SSL configuration
Cache (purgeByUrl, purgeByTag, purgeAll)Cache PurgeInvalidate cached content

Connection

FieldTypeRequiredDescription
ApiTokenstringrequiredScoped Cloudflare API Token. Create at Cloudflare Dashboard → My Profile → API Tokens. Never use the Global API Key. Store in BizFirst Credentials Manager.

Rate Limits

The Cloudflare API enforces a limit of 1,200 requests per 5 minutes per API token. For bulk DNS workflows (batchCreate, import), add delays in your flow to stay within rate limits. Exceeding the limit returns HTTP 429.

Error Codes

CodeDescription
MISSING_API_TOKENThe ApiToken connection field is not configured
MISSING_ZONE_IDZoneId is required but was not provided
MISSING_TYPEDNS record Type is required but was not provided
MISSING_NAMEDNS record Name is required but was not provided
MISSING_CONTENTDNS record Content is required but was not provided
UNKNOWN_ERRORAn unexpected error occurred — check the error port output for details
UNSUPPORTED_OPERATIONThe specified resource/operation combination is not valid

Node Policies & GuardRails

PolicyEnforcement
Always use scoped API Tokens — never the Global API KeyLeast privilege per workflow; if the token is compromised, blast radius is limited
Store the API Token in BizFirst Credentials ManagerNever hardcode tokens in node configuration JSON
Verify Zone ID before destructive operationsZone ID is a 32-character hex string — a wrong ID affects the wrong domain
Prefer targeted cache purge over full purgepurgeByUrl and purgeByTag are surgical; purgeAll causes an origin load spike
DNS changes propagate via Cloudflare instantly; TTL governs resolver cachingReduce TTL before migrations to shorten propagation time
SSL mode changes affect all live traffic immediatelyAlways test on a staging zone before applying to production
Respect the 1,200 req/5 min rate limit in bulk flowsAdd a Delay node between batches in high-volume DNS workflows