API and Terraform
This section covers a few common use cases with the API and Terraform to manage Cloudflare One. For more information, refer to our API documentation and Terraform reference guide ↗.
Super Administrators can lock all settings as read-only in Cloudflare One. Read-only mode ensures that all updates for the account are made through the API or Terraform.
To enable read-only mode:
- In Cloudflare One ↗, go to Settings > Admin controls.
- Enable Set dashboard to read-only.
All users, regardless of user permissions, will be prevented from making configuration changes through the UI.
The administrators managing policies and groups in Cloudflare One might be different from those responsible for configuring WAF custom rules or other Cloudflare settings. You can configure scoped API tokens so that team members and automated systems can manage Cloudflare One settings without having permission to modify other configurations in Cloudflare.
You can create a scoped API token via the dashboard or via the API. For a list of available token permissions, refer to API token permissions.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark
-
