Added support for cloudflare API tokens. Do not provide a login if using one. The token must have permissions for All zones - Zone:Read, DNS:Edit.

ddclient

@@ -443,6 +443,7 @@ my %variables = (
 	'cloudflare-common-defaults'       => {
 		'server'	      => setv(T_FQDNP,  1, 0, 1, 'api.cloudflare.com/client/v4', undef),
 		'zone'                => setv(T_FQDN,   1, 0, 1, '',                  undef),
+		'login'               => setv(T_LOGIN,  0, 0, 1, 'token',             undef),
 		'static'              => setv(T_BOOL,   0, 1, 1, 0,                   undef),
 		'wildcard'            => setv(T_BOOL,   0, 1, 1, 0,                   undef),
 		'mx'	              => setv(T_OFQDN,  0, 1, 1, '',                  undef),
@@ -4524,23 +4525,29 @@ The 'cloudflare' protocol is used by DNS service offered by www.cloudflare.com.
 Configuration variables applicable to the 'cloudflare' protocol are:
   protocol=cloudflare          ##
   server=fqdn.of.service       ## defaults to api.cloudflare.com/client/v4
-  login=service-login          ## login name and password  registered with the service
+  login=service-login          ## login name if using global key
-  password=service-password    ##
+  password=service-password    ## global key, or api token with at least the permissions "All zones - Zone:Read, DNS:Edit"
   fully.qualified.host         ## the host registered with the service.
 
 Example ${program}.conf file entries:
-  ## single host update
+  ## single host update using global key
   protocol=cloudflare,                                         \\
   zone=dns.zone,                                               \\
   login=my-cloudflare.com-login,                               \\
-  password=my-cloudflare.com-secure-token                      \\
+  password=my-cloudflare.com-global-key                        \\
+  myhost.com
+
+  ## single host update using api token
+  protocol=cloudflare,                                         \\
+  zone=dns.zone,                                               \\
+  password=my-cloudflare.com-api-token                         \\
   myhost.com
 
   ## multiple host update to the custom DNS service
   protocol=cloudflare,                                         \\
   zone=dns.zone,                                               \\
   login=my-cloudflare.com-login,                               \\
-  password=my-cloudflare.com-secure-token                      \\
+  password=my-cloudflare.com-global-key                        \\
   my-toplevel-domain.com,my-other-domain.com
 EoEXAMPLE
 }
@@ -4560,9 +4567,13 @@ sub nic_cloudflare_update {
 		my $key   = $hosts[0];
 		my $ip    = $config{$key}{'wantip'};
 
-		my $headers = "X-Auth-Email: $config{$key}{'login'}\n";
+    my $headers = "Content-Type: application/json\n";
-		$headers .= "X-Auth-Key: $config{$key}{'password'}\n";
+    if ($config{$key}{'login'} eq 'token') {
-		$headers .= "Content-Type: application/json";
+      $headers .= "Authorization: Bearer $config{$key}{'password'}";
+    } else {
+      $headers .= "X-Auth-Email: $config{$key}{'login'}\n";
+      $headers .= "X-Auth-Key: $config{$key}{'password'}";
+    }
 
 		# FQDNs
 		for my $domain (@hosts) {

sample-etc_ddclient.conf

@@ -210,8 +210,8 @@ ssl=yes					# use ssl-support.  Works with
 #protocol=cloudflare,        \
 #zone=domain.tld,            \
 #ttl=1,                      \
-#login=your-login-email,     \
+#login=your-login-email,     \ # if using global key
-#password=APIKey             \
+#password=APIKey             \ # if using an api token it must have permissions "All zones - Zone:Read, DNS:Edit" 
 #domain.tld,my.domain.tld
 
 ##