From f862f73aaffde10814151261d21dce134d0274cb Mon Sep 17 00:00:00 2001 From: PDTeamX <8293321+ehsandeep@users.noreply.github.com> Date: Thu, 19 Feb 2026 02:16:00 +0530 Subject: [PATCH] docs: clarify Cloudflare API token permissions for asset integration - Add explicit permission table (Zone:Zone:Read, Zone:DNS:Read) - Mark API Token method as recommended for least-privilege access - Add step-by-step guidance for Create Custom Token flow - Include Zone Resources scope selection step - Add tip about minimum required permissions - Update references to current Cloudflare docs --- cloud/integrations.mdx | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/cloud/integrations.mdx b/cloud/integrations.mdx index 122c9a1..7e86520 100644 --- a/cloud/integrations.mdx +++ b/cloud/integrations.mdx @@ -1354,19 +1354,31 @@ You can integrate Cloudflare into ProjectDiscovery via one of two methods: - Go to Cloudflare Dashboard. - Under "API Keys", locate the **Global API Key** and click **View.** - Authenticate and copy the key. - - Now enter the Cloudflare account email and Global API Key copied in above step into ProjectDiscovery Cloud Platform. + - Now enter the Cloudflare account email and Global API Key copied in above step into ProjectDiscovery Cloud Platform. - Give a unique Integration name and click **Verify**. -2. **API Token** - - From the [Cloudflare dashboard ↗](https://dash.cloudflare.com/profile/api-tokens/), go to **My Profile** \> **API Tokens** for user tokens. For Account Tokens, go to **Manage Account** \> **API Tokens**. - - Select **Create Token**. - - Give required permission (follow reference 2 for details) and create token. Copy the Token - - Now enter API Token in ProjectDiscovery Cloud Platform. +2. **API Token** (Recommended) + - From the [Cloudflare dashboard ↗](https://dash.cloudflare.com/profile/api-tokens/), go to **My Profile** \> **API Tokens**. + - Select **Create Token** \> choose **Create Custom Token**. + - Set the following **read-only** permissions required for asset discovery: + + | Permission Group | Permission | Access | + |---|---|---| + | Zone | Zone | Read | + | Zone | DNS | Read | + + - Under **Zone Resources**, select **All zones** (or choose specific zones to limit scope). + - Click **Continue to summary** \> **Create Token** and copy the generated token. + - Now enter the API Token in ProjectDiscovery Cloud Platform. - Give a unique Integration name and click **Verify**. + + For least-privilege access, use a scoped **API Token** instead of the Global API Key. The two permissions above (**Zone:Read** and **DNS:Read**) are the minimum required to pull DNS and CDN assets from Cloudflare. + + References: -1. https://developers.cloudflare.com/api/keys -2. https://developers.cloudflare.com/fundamentals/api/get-started/create-token/ +1. https://developers.cloudflare.com/fundamentals/api/get-started/create-token/ +2. https://developers.cloudflare.com/fundamentals/api/reference/permissions/ ### Fastly