Sign in

Automatic DNS: connect your Cloudflare account (Whitelabel Agency)

Updated Jul 3, 2026

If your domains are on Cloudflare, you can let Devani Hosting configure the DNS for your custom domains automatically — you paste one scoped API token, and from then on every custom domain you attach is pointed and secured for you, with nothing to add by hand.

This is a Whitelabel Agency feature. (If your domains aren't on Cloudflare, see *Custom domains: adding DNS records manually* instead — no token needed.)

Create the token (the right way)

The key detail that trips people up: create a User API Token, not an Account API Token. They live in different places, and the *Account* token builder has a bug ("Account tag in access policy must match tag in request URI") when you scope it to all domains. The User token works first try.

  1. In Cloudflare, click your profile icon (top-right) → My Profile → API Tokens.
  • ⚠️ Not "Account API Tokens" under an account — that's the one with the bug.
  1. Create Token → Create Custom Token.
  2. Permissions — add exactly two rows:
  • ZoneDNSEdit
  • ZoneZoneRead
  1. Zone ResourcesInclude → change the dropdown to All zones from an account → pick your account.
  • This is the "all domains" scope. It covers every domain you have now *and* any you add later.
  • (Prefer to limit it? Choose Specified zones and pick only the client domains you'll host. It works the same; you'd just update the token when you add a new domain.)
  1. Continue → Create Token → copy it.

You do not need "Entire Account" or a Global API Key — DNS:Edit + Zone:Read is all Devani uses.

Add it to Devani

  1. In your Devani dashboard go to Account → Automatic DNS (Cloudflare).
  2. Paste the token and Save. We verify it against Cloudflare and show the zones it can manage.

The token is stored encrypted and is only ever used to create the DNS records your custom domains need. Remove or replace it anytime from the same card.

What happens next

When you attach a custom domain (dashboard or API), Devani creates the routing record and the certificate-validation record in your Cloudflare zone automatically, and the domain goes live on HTTPS within a few minutes. If a record is already in the way, you'll be asked to confirm before anything is replaced — so a live domain is never repointed by surprise.

Was this helpful?

Related articles

Powered by Subido