EmailFlare / Guides / Cloudflare API Token
Cloudflare Setup

Creating your Cloudflare API token

EmailFlare needs a scoped Cloudflare API token to provision sending domains, verify DNS records, and deliver email through Cloudflare Email Sending. This guide walks through every step.

1

Open the API Tokens page in your Cloudflare dashboard

Sign in to dash.cloudflare.com, then click your profile avatar in the top-right corner. Select My Profile, then navigate to the API Tokens tab.

dash.cloudflare.com My Profile API Tokens

Click Create Token, then at the bottom of the template list choose Create Custom Token.

2

Name the token

Give the token a recognisable name so you can identify it later. Something like emailflare-production or emailflare-yourdomain works well.

3

Add the required permissions

Under Permissions, add each of the following rows. Use the + Add more button after each one.

Resource type Permission Access Why
Email Sending Edit Send email via Cloudflare Email Sending API
Email Security Edit Manage sending domain DKIM and security settings
Access: Users Read Read account membership for domain scoping
Account Settings Read Read account metadata
Zone Email Routing Rules Edit Create and manage routing rules for sending domains
Zone Zone Read Read zone IDs needed to provision domains
Zone DNS Edit Create DKIM and return-path DNS records automatically
💡 EmailFlare never stores your Cloudflare token beyond your own server's environment variables. It is used server-side only — your application code always authenticates using EmailFlare's own scoped API keys, not this token.
4

Set resource scope

Below the permissions table, Cloudflare will ask which resources the token applies to. Configure both sections as shown:

Account & Zone Resources
Account Resources
Include All accounts
Zone Resources
Include All zones
Tip: If you prefer to restrict the token to specific zones only (e.g. just mail.yourdomain.com), you can select individual zones instead of All zones. Just make sure every domain you add to EmailFlare falls within the selected zones.
5

Create the token and copy it

Click Continue to summary, review the permissions, then click Create Token. Cloudflare will show the token exactly once — copy it immediately and keep it somewhere secure.

⚠️ The token value is shown only once. If you close the page without copying it, you will need to delete the token and create a new one.
6

Find your Account ID

EmailFlare also needs your CF_ACCOUNT_ID. You can find this on any domain's overview page in the Cloudflare dashboard — look in the right sidebar under Account ID.

dash.cloudflare.com Select any domain Overview Account ID (right sidebar)

Alternatively, visit dash.cloudflare.com/?to=/:account — your Account ID appears in the URL as the path segment after /.

7

Add both values to your environment file

Open your .env.local (or your platform's environment settings) and set:

# .env.local CF_API_TOKEN=your_token_here CF_ACCOUNT_ID=your_account_id_here
  • The token value starts with a long random string — not a prefix like v1.
  • The Account ID is a 32-character hex string
  • Neither value should be quoted in the env file
Once these are set, start EmailFlare and open the dashboard. Add your first sending domain — EmailFlare will use the token to provision the Cloudflare subdomain, create DNS records, and return the DKIM values for you.

What's next?

Continue setting up your EmailFlare deployment.

Storage

Connect to mesahub cloud storage

Move your EmailFlare data to managed cloud SQLite. No volume management, no snapshots to orchestrate.

 Deploy

Self-hosting guide

Full guide for Docker Compose and Railway deployments with all required environment variables.

 Quickstart

Deploy in three steps

Get the full stack running with Docker Compose in under five minutes.