Domain Connect
If you are a service provider, consider this page for information on how Cloudflare supports Domain Connect ↗ and how you can onboard your template.
Domain Connect is an open standard that allows service providers - such as email or web hosting platforms - to make it easier for their end users to configure functionality, without having to manually edit DNS records.
This is achieved with templates that close the gap between necessary configurations (required by the service provider) and necessary DNS records changes (that must happen at the authoritative DNS provider).
In practice, this means that when a user that owns example.com and has Cloudflare as their authoritative DNS provider wants to use your service, instead of having to manually update their DNS records, they will only have to authenticate themselves and the necessary changes will be applied automatically.
- Note that Cloudflare only supports the Domain Connect synchronous flow ↗.
- Domain Connect templates and tools are published on GitHub, so you must have a GitHub account and be familiar with GitHub forks and pull requests ↗.
Domain Connect templates are published and maintained on a GitHub repository.
- Create a fork of the templates repository ↗.
- Add your template. You can create a copy of one of the existing templates and edit it according to your needs.
- Refer to the Domain Connect Specification ↗ for details on the different available fields.
- If present, you must set the
syncBlockfield on your template tofalse. This means the template flow will be synchronous, which is the only option supported by Cloudflare. - You must also provide a synchronous public key domain (
syncPubKeyDomain1). When your template is in use, synchronous calls will be digitally signed.
- Make sure you follow the naming format defined by Domain Connect:
<providerId>.<serviceId>.json.
- Submit a pull request to have your template(s) added to the repository.
Once your pull request has been reviewed and merged, contact Cloudflare as specified below.
When your template is onboarded, a graphical user interface flow will be available to your end users.
Send an email to domain-connect@cloudflare.com, including the following information:
-
List of template(s) you want to onboard, with their corresponding GitHub hyperlinks.
-
A logo to be displayed as part of the Domain Connect flow. Preferably in
SVGformat. -
The default proxy status you would like Cloudflare to set for
A,AAAA, andCNAMErecords that are part of your template(s). Proxying other record types is not supported. -
(Optional) A Cloudflare account ID for you to test the flow.
If you have a DNS provider discovery ↗ automation in place and will not list new DNS providers manually, Cloudflare can initially restrict your template to be exposed to the specified account only. Once you confirm everything is working as expected, Cloudflare will publish your template on the discovery endpoint, to be picked up by your automation.
Since September, 2024, template updates are picked up by an automation.
The automation compares the template version number in Cloudflare with the authoritative source of the template on the Internet. This check runs multiple times a day. Although Cloudflare cannot guarantee when exactly each update will be picked up, the process is expected to take no longer than eight hours.
You can contact Cloudflare to opt out of the automatic updates. Once the automation is disabled, you can request template updates individually, by writing to domain-connect@cloudflare.com.
Send an email to domain-connect@cloudflare.com with the following information:
-
Detailed description of what is wrong:
- List the record(s) that the issue is related with.
- Describe what the template did.
- Describe what you expected the template to do.
-
A HAR file attachment containing the problematic update.
-
A domain that can be queried for
TXTrecords containing a public key to verify your digital signature. ↩