Cloudflare API to create multiple accounts (on free plan)

B

baldidiot

Active member
Joined
Jul 8, 2024
Posts
123
Reaction score
90
Trophy points
28
This is more of a "will they care" question rather than can you do it.

We're looking at setting up an API to regularly create new cloudflare accounts to use for various things - we prefer to use a separate account for each site and sometimes use it for seo redirects that we don't want associated with our main NS.

Currently we do it manually, but I think it would be faster if we can have a dev whip up something quickly that sends API calls to set them up with the correct DNS.

Would cloudflare care if we were using an API purely to set up accounts that were only ever on the free plan? Or is there a point at which they'd say "hang on, you're taking the piss here".
 
Hmm so you have an enterprise account, correct? and are able to use the cloudflare API to create additional accounts for each domain?

I wasn't aware you could create new accounts on cloudflare with API, they also have pretty strict rate limits for creating new accounts with emails, you can do about 4-6 in 5 minutes, then they force you to wait or switch IP.

I've been using puppeter for this. I have a lot of cloudflare accounts, I use a catchall to create them.
 
Do you have to have an enterprise account to use the API? I did not know that... I'm in the early investigating phase so if that's the case it may scupper the idea anyway.

Re: creating accounts via API, I was largely going by this: https://developers.cloudflare.com/tenant/how-to/manage-accounts/ - also I'm aware of people who do it (eg: I'm pretty sure LCDN creates individual accounts, otherwise they wouldn't be able to vary the NS).

The way you do it is largely what I'm doing now. Catch all and then set it up manually. It just always seems like a tedious waste of time when I'm largely doing the exact same thing each time.
 
You can abuse the DNS jacking feature to get different NS records for domains on the same account. I'm not sure if many people even know about it - but it is even more tedious than creating new accounts with emails.

If you add 100s of dummy users, I'm not sure if they'd have a problem with it or not. But with catchalls, I've been okay.

I will test out this API way and see. Thanks for share.
 
Hook said:
You can abuse the DNS jacking feature to get different NS records for domains on the same account. I'm not sure if many people even know about it - but it is even more tedious than creating new accounts with emails.
Click to expand...

This I did not know, that might be quite handy. I'm assuming you're referring to this: https://developers.cloudflare.com/dns/zone-setups/reference/nameserver-assignment/

"To prevent domain hijacking, you can no longer preset Cloudflare nameservers at your registrar before creating the respective zone in Cloudflare. If you preset your nameservers and then add the domain, your domain will be assigned a new pair of nameservers."


In terms of multiple accounts generally, we've never had an issue either, and like I say, we tend to use a different account for each site.

I was wondering if it would be different with the API though, because they'll all be linked via the API and tenant account. Ie: rather than 50 individual accounts that are unrelated, other than the fact they were set up by the same IP, you have 50 accounts set up by the same API key that belongs to a single tenant account.
 
baldidiot said:
This I did not know, that might be quite handy. I'm assuming you're referring to this: https://developers.cloudflare.com/dns/zone-setups/reference/nameserver-assignment/

"To prevent domain hijacking, you can no longer preset Cloudflare nameservers at your registrar before creating the respective zone in Cloudflare. If you preset your nameservers and then add the domain, your domain will be assigned a new pair of nameservers."


In terms of multiple accounts generally, we've never had an issue either, and like I say, we tend to use a different account for each site.

I was wondering if it would be different with the API though, because they'll all be linked via the API and tenant account. Ie: rather than 50 individual accounts that are unrelated, other than the fact they were set up by the same IP, you have 50 accounts set up by the same API key that belongs to a single tenant account.
Click to expand...
Yes I figured this out for myself by just reading the docs when I was trying to find a solution to this issue. It doesn't scale well. You can do it to about 10 domains on each account having unique, but you have to take one NS from each of the NS pairs from domains you have (on the account, so if adding 4th domain with 3 domains having unique NS, take NS1 from each of them and set NS1-3 on the new domain as one of those pairs.)

This is why it doesn't scale too well. I went back to creating them with catchall instead
 
Good info thanks both.
 
You must log in or register to reply here.
Back
Top