Cloudflare — Configuration

Node Identity

Property	Value
Resources	`zone`, `dns`, `ssl`, `cache`
Total Operations	22
Auth Type	Cloudflare API Token
Output Ports	`success`, `error`

Common Properties (All Operations)

Property	Required	Description
`ApiToken`	Required	A scoped Cloudflare API Token. Generate in Cloudflare dashboard under My Profile → API Tokens. Supports expressions — use `{{ env.CF_API_TOKEN }}` to read from an environment variable. Never use the Global API Key.

Minimum token permissions: Zone read operations require Zone:Read. DNS operations require Zone:DNS:Edit. Cache purge requires Zone:Cache Purge. SSL operations require Zone:SSL and Certificates:Edit. Create a separate token per workflow to follow least-privilege principles.

zone Resource

zone/list

Property	Required	Description
`ApiToken`	Required	Cloudflare API Token with Zone:Read permission.

Returns an array of zone objects. Each object contains id, name, status, and nameservers. See Input & Output for full zone object schema.

zone/get

Property	Required	Description
`ApiToken`	Required	Cloudflare API Token.
`ZoneId`	Required	The Cloudflare Zone ID (32-character hex string). Found in the Cloudflare dashboard overview page for the domain.

zone/getSettings

Property	Required	Description
`ApiToken`	Required	Cloudflare API Token.
`ZoneId`	Required	The Cloudflare Zone ID.

Returns all zone settings as a flat object. Key settings include ssl (SSL mode), cache_level (aggressive/basic/simplified), security_level (off/low/medium/high/under_attack), and minify.

zone/updateSettings

Property	Required	Description
`ApiToken`	Required	Cloudflare API Token with Zone:Settings:Edit permission.
`ZoneId`	Required	The Cloudflare Zone ID.
`Settings`	Required	JSON object of settings to update. Each key is a setting identifier and its value is the new setting value. Example: `{"ssl": "strict", "cache_level": "aggressive"}`. Only the keys provided are changed; other settings are untouched.

zone/purgeAll

Property	Required	Description
`ApiToken`	Required	Cloudflare API Token with Zone:Cache Purge permission.
`ZoneId`	Required	The Cloudflare Zone ID.

Purges all cached assets for the zone. Assets will be re-fetched from origin on next request. Use with care in production — this causes a temporary increase in origin load.

dns Resource

dns/list

Property	Required	Description
`ApiToken`	Required	Cloudflare API Token.
`ZoneId`	Required	The Cloudflare Zone ID.

dns/get

Property	Required	Description
`ApiToken`	Required	Cloudflare API Token.
`ZoneId`	Required	The Cloudflare Zone ID.
`RecordId`	Required	The DNS record ID (32-character hex string). Obtain from a prior `dns/list` operation.

dns/create

Property	Required	Description
`ApiToken`	Required	Cloudflare API Token with Zone:DNS:Edit permission.
`ZoneId`	Required	The Cloudflare Zone ID.
`Type`	Required	DNS record type. One of: `A`, `AAAA`, `CNAME`, `MX`, `TXT`, `SRV`, `NS`.
`Name`	Required	DNS record name. Use `@` for the zone apex. Example: `api.example.com` or `@`.
`Content`	Required	Record value. For A records: an IPv4 address. For AAAA: IPv6. For CNAME: target hostname. For MX: mail server hostname. For TXT: the text string value.
`Ttl`	Optional	Time-to-live in seconds. Use `1` for automatic (Cloudflare-managed). Minimum: `60`. Default: `1` (automatic).
`Proxied`	Optional	Boolean. When `true`, traffic routes through Cloudflare's proxy (enabling CDN and DDoS protection). Only applicable to A, AAAA, and CNAME records. Default: `false`.
`Priority`	Optional	Integer priority for MX and SRV records. Lower values indicate higher priority. Required for MX records.

dns/update

Property	Required	Description
`ApiToken`	Required	Cloudflare API Token with Zone:DNS:Edit permission.
`ZoneId`	Required	The Cloudflare Zone ID.
`RecordId`	Required	ID of the DNS record to update.
`Type`	Required	DNS record type (must match original type or change intentionally).
`Name`	Required	Record name (fully qualified or zone-relative).
`Content`	Required	New record value (IP address, hostname, or text string).
`Ttl`	Optional	TTL in seconds. Use `1` for automatic.
`Proxied`	Optional	Boolean. Enable or disable Cloudflare proxying for this record.

dns/delete

Property	Required	Description
`ApiToken`	Required	Cloudflare API Token with Zone:DNS:Edit permission.
`ZoneId`	Required	The Cloudflare Zone ID.
`RecordId`	Required	ID of the DNS record to permanently delete.

dns/batchCreate

Property	Required	Description
`ApiToken`	Required	Cloudflare API Token with Zone:DNS:Edit permission.
`ZoneId`	Required	The Cloudflare Zone ID.
`Records`	Required	JSON array of record objects. Each object follows the same shape as `dns/create`: `type`, `name`, `content`, and optionally `ttl`, `proxied`, `priority`.

dns/import

Property	Required	Description
`ApiToken`	Required	Cloudflare API Token with Zone:DNS:Edit permission.
`ZoneId`	Required	The Cloudflare Zone ID.
`File`	Required	The BIND zone file content as a plain string (RFC 1035 format). Typically read from a file node or passed as a workflow variable. Cloudflare parses the zone file and creates all valid records it contains.

dns/export

Property	Required	Description
`ApiToken`	Required	Cloudflare API Token.
`ZoneId`	Required	The Cloudflare Zone ID.

Returns the full DNS zone as a BIND-format zone file string. Store the output in a variable or pass to a file write node to create a backup.

ssl Resource

ssl/getSettings

Property	Required	Description
`ApiToken`	Required	Cloudflare API Token.
`ZoneId`	Required	The Cloudflare Zone ID.

Returns current SSL mode, certificate type, minimum TLS version (e.g. 1.2), and related HTTPS settings.

ssl/setMode

Property	Required	Description
`ApiToken`	Required	Cloudflare API Token with Zone:SSL and Certificates:Edit permission.
`ZoneId`	Required	The Cloudflare Zone ID.
`Mode`	Required	SSL mode. One of: `off` (no HTTPS), `flexible` (HTTPS to Cloudflare, HTTP to origin), `full` (HTTPS to origin, any cert), `strict` (HTTPS to origin, valid cert required). Recommended: `strict`.

ssl/listCerts

Property	Required	Description
`ApiToken`	Required	Cloudflare API Token.
`ZoneId`	Required	The Cloudflare Zone ID.

ssl/getCert

Property	Required	Description
`ApiToken`	Required	Cloudflare API Token.
`ZoneId`	Required	The Cloudflare Zone ID.
`CertificateId`	Required	The SSL certificate ID. Obtain from a prior `ssl/listCerts` operation.

ssl/orderCert

Property	Required	Description
`ApiToken`	Required	Cloudflare API Token with Zone:SSL and Certificates:Edit permission.
`ZoneId`	Required	The Cloudflare Zone ID.
`Type`	Required	Certificate type. One of: `dedicated_custom` (custom hostname SSL), `universal` (Cloudflare-managed universal SSL).

ssl/deleteCert

Property	Required	Description
`ApiToken`	Required	Cloudflare API Token with Zone:SSL and Certificates:Edit permission.
`ZoneId`	Required	The Cloudflare Zone ID.
`CertificateId`	Required	The SSL certificate ID to delete.

cache Resource

cache/purgeByUrl

Property	Required	Description
`ApiToken`	Required	Cloudflare API Token with Zone:Cache Purge permission.
`ZoneId`	Required	The Cloudflare Zone ID.
`Urls`	Required	JSON array of fully-qualified URLs to purge from cache. Maximum 30 URLs per call. Example: `["https://example.com/page1", "https://example.com/assets/app.js"]`. URL matching is exact — include the protocol and any query strings if applicable.

cache/purgeByTag

Property	Required	Description
`ApiToken`	Required	Cloudflare API Token with Zone:Cache Purge permission.
`ZoneId`	Required	The Cloudflare Zone ID.
`Tags`	Required	JSON array of cache tag strings. Tags are set on origin responses via the `Cache-Tag` response header. Example: `["product-123", "category-shoes"]`. Requires Cloudflare Enterprise plan.

cache/purgeAll

Property	Required	Description
`ApiToken`	Required	Cloudflare API Token with Zone:Cache Purge permission.
`ZoneId`	Required	The Cloudflare Zone ID whose entire cache will be purged.

Immediately invalidates all cached assets for the zone. Use cache/purgeByUrl for surgical purges to minimise origin load impact.

Passing credentials securely: Store the Cloudflare API Token in BizFirst environment variables (e.g. CF_API_TOKEN) and reference it with {{ env.CF_API_TOKEN }} in the ApiToken field. Never hard-code tokens in workflow node configurations.