Cloudflare API Token Support for Dynamic DNS

It would be really nice to be able to use a Cloudflare API Token (Domain specific for example) instead of the Global API Key for a Dynamic DNS configuration.

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi Nik,

    Is there any specific advantage to this method? The firebox will still be updating the same value in Cloudflare's system. The current configuration method is designed to make it as simple as possible to set up.

    -James Carson
    WatchGuard Customer Support

  • @james.carson said:
    Hi Nik,

    Is there any specific advantage to this method? The firebox will still be updating the same value in Cloudflare's system. The current configuration method is designed to make it as simple as possible to set up.

    Hey James,

    API Tokens can be restricted to certain domains in your Cloudflare account. So if the API Token on the WatchGuard would get compromised an attacker could only manipulate the specified domain. At this point the Global API Key would allow full access to all domains and settings on your Cloudflare account.

    Thats true but I don't think that a setup via an API Token would make this process more complicated.
    Something like an advanced or optional setting to use a API Token would be great. This way you could give us the option to use both.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Nik
    Thanks for that perspective. I've created a feature request for you, it's FBX-22534

    If you'd like to follow that request, please create a support case and mention FBX-22534 somewhere in the case -- the tech assigned the case can set this up for you.

    -James Carson
    WatchGuard Customer Support

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @DaveDave
    The best way to +1 this would be to create a support case and request to follow FBX-22534. The forums are completely detached from our feature request/bug system, so replying here won't do anything aside from letting other forum users know about it.

    Alternatively, if you can reply with a case number you've created in the past, I can copy your info into a new ticket and take care of that for you.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.