Cloudflare Integration Guide

The access layer behind the rest of the product, and usually the first real production step in 301.st.

Why This Is Required

301.st does not host your DNS or proxy your traffic. It reads zones from Cloudflare and pushes redirect rules back as Cloudflare Workers. Without the connection, the Domains and Redirects tabs stay empty — there is nothing to read from and nowhere to deploy to.

Once connected, your Cloudflare zones appear as domains in 301.st within a few seconds. From there you can group them into projects, attach sites, and create redirects — every change syncs back to Cloudflare automatically.

How We Simplified This

Most CF integrations make you figure out 5-6 different API token permissions yourself (Zone Read, Zone DNS Edit, Workers Scripts Edit, and so on). We need just two — a small "bootstrap" token — and we generate every working token after that automatically.

You also do not have to copy your Account ID and token separately. On the Cloudflare "Test this token" screen, just copy the whole curl command and paste it into our form. We extract both pieces for you.

What Connecting Cloudflare Gives You

  • Automatic zone discovery — your domains appear in the Domains tab within seconds of sync.
  • Health data per domain — SSL status, expiry dates, DNS verification, registrar info.
  • Redirect deployment — rules created in 301.st are pushed to Cloudflare Workers without leaving the UI.
  • TDS edge execution — Smart Shield and SmartLink rules run on Cloudflare's network, not on our servers.

Before You Connect

  • A Cloudflare account that owns the zones you want to manage (Free tier is enough).
  • About 3 minutes to create the bootstrap API token — we walk you through it inside the drawer.
  • A rough idea of which zones should appear after sync, so you can confirm the connection worked.

Quick Connect

  1. Open Integrations → click Add Cloudflare. The drawer opens on the Instructions tab.
  2. In the Cloudflare dashboard, create a token named 301.st Bootstrap with two permissions: Account Settings: Read and API Tokens: Edit.
  3. On the "Test this token" screen, copy the entire curl command. Switch to the Connect tab in 301.st and paste it — Account ID and token are extracted automatically.
  4. Click Save & verify token. Within a few seconds you should see your zones in the Domains tab — we created the working scoped tokens for you in the background.

FAQ

Why does the bootstrap token need "API Tokens: Edit"?

So we can create the actual scoped tokens we need (Zone Read, Zone DNS Edit, Workers Scripts Edit) without you having to manage 6+ permission rows by hand. The bootstrap token itself does not push redirects — it only provisions the tokens that do.

Can I connect more than one Cloudflare account?

Yes. Each connected account is its own integration. Useful for agencies managing multiple clients' Cloudflare accounts side by side.

What if I revoke the token in Cloudflare?

The next sync fails and the integration shows an error in the Integrations tab. Create a new bootstrap token in Cloudflare and update it via Integrations → click the failing one → Edit.

Do I need Cloudflare to use 301.st at all?

For the core features, yes. Domain sync, redirect deployment, and TDS execution all run through Cloudflare. Namecheap/NameSilo integrations add visibility into domains hosted elsewhere, but they do not deploy redirects.

Related Guides

Getting started Domain management Redirects TDS rules