Cloudflare API Token Setup for demo.everydayoffice.au

Quick Fix: Use the Edit Zone DNS Template

1. Go to: https://dash.cloudflare.com/profile/api-tokens
2. Click Create Token
3. Find and click Use template next to Edit zone DNS
4. Under Zone Resources:
   • Change from "All zones" to:
   • Include → Specific zone → Select everydayoffice.au
5. Click Continue to summary
6. Click Create Token
7. Copy the token (you won't see it again!)
8. Paste it into /rmm-psa-platform/.env as CLOUDFLARE_API_TOKEN=<your-token>

What This Template Includes

The "Edit zone DNS" template automatically grants:

• ✅ Zone → DNS → Edit
• ✅ Zone → Zone → Read

This is exactly what we need to:

• List DNS records in everydayoffice.au
• Create/update/delete DNS records for demo.everydayoffice.au
• Won't affect the main website (apex zone records remain untouched)

Verify It Works

After updating .env, run:

cd devops/cloudflare
./check_cf_token.sh --write-check

Expected output:

[OK] Token active
[OK] Zone ID: ...
[OK] DNS read access confirmed
[OK] DNS write confirmed (created and deleted cf-permission-check-...)

Common Issues

• Authentication error: Token not copied correctly or has extra spaces
• HTTP 403: Wrong permissions (not using the template, or custom token missing DNS:Edit)
• Zone not found: Token scoped to wrong account or zone name mismatch