API and Terraform
You can manage your Cloudflare Zero Trust configuration using the API or Terraform. For more information, refer to the following links:
Detailed API and Terraform examples for Cloudflare Zero Trust are available in our implementation guides and throughout the Cloudflare Zero Trust documentation.
Super Administrators can lock all settings as read-only in the Cloudflare One dashboard. Read-only mode ensures that all updates for the account are made through the API or Terraform.
To enable read-only mode:
- In Cloudflare One ↗, go to Settings > Admin controls.
- Enable Set dashboard to read-only.
All users, regardless of user permissions, will be prevented from making configuration changes through the UI.
The administrators managing policies and groups in Cloudflare Zero Trust might be different from those responsible for configuring WAF custom rules or other Cloudflare settings. You can configure scoped API tokens so that team members and automated systems can manage Cloudflare Zero Trust settings without having permission to modify other configurations in Cloudflare.
You can create a scoped API token via the dashboard or via the API. For a list of available token permissions, refer to API token permissions.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark