Infrastructure

Cloudflare

Below you'll find instructions for connecting Cloudflare to Ploy via an account-owned API token. This imports your Cloudflare account's members — their identity, invite status, roles, and two-factor authentication status.

Prerequisites

  • Administrator access to your Cloudflare account, so you can create account-owned API tokens and view account members.

  • Your Cloudflare Account ID (shown on the account home page in the Cloudflare dashboard).

Set up the Cloudflare integration

1. Find your Account ID

  1. Log in to the Cloudflare dashboard at https://dash.cloudflare.com and select your account.

  2. Your Account ID is shown on the account home page. It's a 32-character string, e.g. 0123456789abcdef0123456789abcdef.

  3. Copy it — you'll paste it into Ploy in step 3.

2. Create an account API token

Ploy uses an account-owned API token (created under your account, not under a personal user profile), so the connection keeps working even if the person who set it up leaves your organisation.

  1. In the Cloudflare dashboard, go to Manage Account -> Account API Tokens.

  2. Click Create Token, then choose Create Custom Token.

  3. Give the token a name, e.g. "Ploy".

  4. Under Permissions, add exactly one permission: Account -> Account Settings -> Read. This read-only permission is all Ploy needs to list your account's members.

  5. Under Account Resources, choose Include and select your account.

  6. Leave IP filtering and TTL unset unless your security policy requires them — if you set a TTL, the integration will stop working when the token expires and you'll need to create a new one.

  7. Click Continue to summary, then Create Token.

  8. Copy the token now — Cloudflare shows it only once.

3. Connect in Ploy

  1. Go to Ploy's Integrations page: https://app.joinploy.com/integrations

  2. Select Cloudflare.

  3. Account ID — paste the Account ID from step 1.

  4. API Token — paste the API token from step 2.

  5. Click Test to verify the connection.

  6. Click Save to enable the integration.

What gets imported

  • Members — every member of your Cloudflare account, with their name, email, and invite status. Members with a pending invite are imported as inactive identities; declined invites are skipped.

  • Roles — the Cloudflare roles in use on your account, and which member holds which role.

  • Two-factor authentication — whether each active member has 2FA enabled on their Cloudflare login.

Cloudflare's API does not expose last-login times, so Ploy cannot report last activity for Cloudflare members.

Troubleshooting

"Cloudflare rejected the API token"

The token is invalid or is missing the Account Settings: Read permission. Re-check step 2, or create a new token.

"The API token is not allowed to read members of this account"

The token's Account Resources don't include the account whose ID you entered. Edit the token (or create a new one) and include the correct account.

"Cloudflare account not found"

The Account ID is wrong. Copy it again from the account home page in the Cloudflare dashboard.

"Cloudflare rate limited the request"

Cloudflare is throttling API calls. Wait a few minutes and try again; Ploy's scans automatically back off and resume.

Was this helpful?