Cloudflare Setup

Creating your Cloudflare API token

EmailFlare needs a Cloudflare API token with specific Email Sending, DNS, and routing permissions. This guide walks through every step — from the API Tokens page to your .env.local file.

1

Open the API Tokens page

Go to dash.cloudflare.com/profile/api-tokens. Click Create Token and choose Create Custom Token at the bottom of the template list.

2

Name the token

Give it a descriptive name so you can identify it later — for example emailflare-deploy or emailflare-prod.

3

Add permissions

Under Permissions, add each row in the table below. For each permission, you select the resource type and the access level from dropdowns.

Permission Scope Access
Email Sending Account Edit
Email Security Account Edit
Access: Users Account Read
Account Settings Account Read
Email Routing Rules Zone Edit
Zone Zone Read
DNS Zone Edit
💡 You only need DNS Edit if EmailFlare is managing your MX records automatically. If you handle DNS manually, you can set DNS to Read instead.
4

Set the resource scope

Under Account Resources, set to your Cloudflare account. Under Zone Resources, you can either include all zones or restrict to a specific zone for the sending domain.

Account Resources
Include Your Account · yourname
Zone Resources
Include All zones from account · yourname
💡 For production, restrict Zone Resources to only the domain(s) you use for sending — this limits the blast radius if the token is ever compromised.
5

Create the token

Click Continue to summary, review the permissions, then click Create Token. Cloudflare will show you the token value once — copy it immediately.

⚠️ You will not be able to see this token value again after leaving the page. Copy it now and store it securely — a password manager is ideal.
6

Find your Account ID

Go to dash.cloudflare.com, click any domain, and look at the right sidebar under API. Your Account ID is a 32-character hex string.

💡 You can also find your Account ID in the URL when you're on the Cloudflare dashboard: dash.cloudflare.com/<account-id>/…
7

Add to your config

For Docker self-hosting, add the values to your .env.local. For Cloudflare Workers, add them to scripts/config.toml.

.env.local (Docker)

CF_API_TOKEN=your_token_value_here CF_ACCOUNT_ID=your_32_char_account_id

scripts/config.toml (Workers)

[deploy] cloudflare_api_token = "your_token_value_here" account_id = "your_32_char_account_id"
That's it. Run just worker-setup for Workers or docker compose up for Docker — EmailFlare will use these credentials for all Cloudflare API operations.

Continue setting up EmailFlare

Next steps after creating your API token.

Deploy

Deploy to Cloudflare Workers

Use your new API token to deploy EmailFlare to the edge. One-command setup with D1, KV, and the admin UI.

 API Reference

Read the API docs

The complete reference for /v1/send, authentication, templates, error codes, and troubleshooting.

 Security

Security policy

How to responsibly report vulnerabilities and the security practices that protect EmailFlare deployments.