From 4361b6651c6b635b35e35ca772eccdf853244cad Mon Sep 17 00:00:00 2001 From: ausicle Date: Mon, 2 Dec 2024 09:25:07 +0000 Subject: [PATCH 1/5] Use api token instead of key. --- README.md | 21 ++++++++++++++++++++- cloudflare4ddns | 9 +++------ cloudflare6ddns | 9 +++------ 3 files changed, 26 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index ad89530..c535121 100644 --- a/README.md +++ b/README.md @@ -14,10 +14,29 @@ Each script (IPv4 and IPv6) has a configuration area. Just insert your values. First of all you need your `Cloudflare API` key. Just go to the `Cloudflare` [site](https://www.cloudflare.com/) `My Profile -> API Keys section -> Global API Key -> View`. Follow the instructions. Now you have your `API` key. Keep it safe. -The service does not allow easy retrieval of required Zone and DNS record identifiers. This is only possible through a REST API methods [List Zones](https://developers.cloudflare.com/api/operations/zones-get) and [List DNS Records](https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-list-dns-records). Using any REST client (I use [Advanced REST client](https://chrome.google.com/webstore/detail/advanced-rest-client/hgmloofddffdnphfgcellkdfbfbjeloo) for `Chrome Browser`), sending a request, you will receive the `JSON` answer with necessary Zone and DNS Record IDs. +The service does not allow easy retrieval of required Zone and DNS record identifiers. This is only possible through a REST API methods [List Zones](https://developers.cloudflare.com/api/operations/zones-get) and [List DNS Records](https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-list-dns-records). Using any REST client (I use [Advanced REST client](https://chrome.google.com/webstore/detail/advanced-rest-client/hgmloofddffdnphfgcellkdfbfbjeloo) for `Chrome Browser`, [HTTPie](https://httpie.io/app) also works, or [curl](https://curl.se)), sending a request, you will receive the `JSON` answer with necessary Zone and DNS Record IDs. Insert all variables in scripts and install in your `Mikrotik` device. +#### Get zone id with cURL +Replace `$api_token` with your [api token](https://dash.cloudflare.com/profile/api-tokens). +```shell +curl --request GET \ + --url https://api.cloudflare.com/client/v4/zones \ + --header "Authorization: Bearer $api_token" \ + --header "Content-Type: application/json" +``` + +#### Get record id with cURL +Get dns record id. Replace `$api_token` with your [api token](https://dash.cloudflare.com/profile/api-tokens). And `$zone_id` with zone id from [above](#Get-zone-id-with-cURL) +```shell +curl --request GET \ + --url https://api.cloudflare.com/client/v4/zones/$zone_id/dns_records \ + --header "Authorization: Bearer $api_token" \ + --header "Content-Type: application/json" +``` +> [!TIP] +> You can use jq to prettify json output ### Running You may add this script to system scheduler as periodically task. diff --git a/cloudflare4ddns b/cloudflare4ddns index d78db5f..4c8b087 100644 --- a/cloudflare4ddns +++ b/cloudflare4ddns @@ -7,12 +7,9 @@ :local wanif "wan1" # Cloudflare section -:local email "e-mail" -:local key "token" +:local apiToken "token" :local zoneId "zoneId" :local hostId "hostId" - -# Domain hostname :local hostName "host.yourdomain.com" # ** END OF CONFIGURE SECTION ** @@ -32,8 +29,8 @@ :log info "[Cloudflare DDNS] WAN IPv4 address for interface $wanif has been changed to $ip4new." :local url "https://api.cloudflare.com/client/v4/zones/$zoneId/dns_records/$hostId" - :local header "X-Auth-Email: $email, X-Auth-Key: $key, content-type: application/json" - :local data "{\"type\":\"A\",\"name\":\"$hostName\",\"content\":\"$ip4new\",\"ttl\":120}" + :local header "Authorization: Bearer $apiToken, Content-Type: application/json" + :local data "{\"type\":\"A\",\"name\":\"$hostName\",\"content\":\"$ip4new\"}" # :log info "[Cloudflare DDNS] URL: $url" # :log info "[Cloudflare DDNS] HEADER: $header" diff --git a/cloudflare6ddns b/cloudflare6ddns index 90fa953..cf67723 100644 --- a/cloudflare6ddns +++ b/cloudflare6ddns @@ -7,12 +7,9 @@ :local wanif "lan1" # Cloudflare section -:local email "e-mail" -:local key "token" +:local apiToken "token" :local zoneId "zoneId" :local hostId "hostId" - -# Domain hostname :local hostName "host.yourdomain.com" # ** END OF CONFIGURE SECTION ** @@ -32,8 +29,8 @@ :log info "[Cloudflare DDNS] IPv6 address for interface $wanif has been changed to $ip6new." :local url "https://api.cloudflare.com/client/v4/zones/$zoneId/dns_records/$hostId" - :local header "X-Auth-Email: $email, X-Auth-Key: $key, content-type: application/json" - :local data "{\"type\":\"AAAA\",\"name\":\"$hostName\",\"content\":\"$ip6new\",\"ttl\":120}" + :local header "Authorization: Bearer $apiToken, Content-Type: application/json" + :local data "{\"type\":\"AAAA\",\"name\":\"$hostName\",\"content\":\"$ip6new\"}" # :log info "[Cloudflare DDNS] URL: $url" # :log info "[Cloudflare DDNS] HEADER: $header" From 1c71f165b5e1fa2c80f9d71821893282b318264e Mon Sep 17 00:00:00 2001 From: ausicle Date: Mon, 2 Dec 2024 09:59:27 +0000 Subject: [PATCH 2/5] Change key to token in readme, fix typo. --- README.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index c535121..0a3d569 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # mikrotik-cloudflare-ddns-scripts -This simple scripts are designed to implement `DDNS` feature using the service [Cloudflare](https://www.cloudflare.com/). +This simple scripts are designed to implement DDNS feature using the [Cloudflare API](https://developers.cloudflare.com/api). ### Requirements and dependences @@ -12,11 +12,13 @@ Depends on [Mikrotik JSON Parser](https://github.com/Winand/mikrotik-json-parser Each script (IPv4 and IPv6) has a configuration area. Just insert your values. -First of all you need your `Cloudflare API` key. Just go to the `Cloudflare` [site](https://www.cloudflare.com/) `My Profile -> API Keys section -> Global API Key -> View`. Follow the instructions. Now you have your `API` key. Keep it safe. +First of all you need your Cloudflare API Token. Create the [Cloudflare API Token](https://dash.cloudflare.com/profile/api-tokens), with DNS edit permission for your zone. Then grab your token, and follow the instructions. Keep the API Token safe. -The service does not allow easy retrieval of required Zone and DNS record identifiers. This is only possible through a REST API methods [List Zones](https://developers.cloudflare.com/api/operations/zones-get) and [List DNS Records](https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-list-dns-records). Using any REST client (I use [Advanced REST client](https://chrome.google.com/webstore/detail/advanced-rest-client/hgmloofddffdnphfgcellkdfbfbjeloo) for `Chrome Browser`, [HTTPie](https://httpie.io/app) also works, or [curl](https://curl.se)), sending a request, you will receive the `JSON` answer with necessary Zone and DNS Record IDs. +You can go to your site's [cloudflare dashboard](https://dash.cloudflare.com) to retrieve zone id, on the URL it is `https://dash.cloudflare.com/$zone_id/$domain_name`, but DNS Record ID is only possible through REST API. -Insert all variables in scripts and install in your `Mikrotik` device. +REST API methods [List Zones](https://developers.cloudflare.com/api/operations/zones-get) and [List DNS Records](https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-list-dns-records). Using any REST client (e.g. [HTTPie](https://httpie.io/app), or [curl](https://curl.se)), sending a request, you will receive the JSON answer with necessary Zone and DNS Record IDs. + +Insert all variables in scripts and install in your RouterOS device. #### Get zone id with cURL Replace `$api_token` with your [api token](https://dash.cloudflare.com/profile/api-tokens). @@ -28,7 +30,7 @@ curl --request GET \ ``` #### Get record id with cURL -Get dns record id. Replace `$api_token` with your [api token](https://dash.cloudflare.com/profile/api-tokens). And `$zone_id` with zone id from [above](#Get-zone-id-with-cURL) +Get dns record id. Replace `$api_token` with your [api token](https://dash.cloudflare.com/profile/api-tokens). And `$zone_id` with zone id from [above](#Get-zone-id-with-cURL). ```shell curl --request GET \ --url https://api.cloudflare.com/client/v4/zones/$zone_id/dns_records \ @@ -36,7 +38,7 @@ curl --request GET \ --header "Content-Type: application/json" ``` > [!TIP] -> You can use jq to prettify json output +> You can use jq to prettify json output. ### Running You may add this script to system scheduler as periodically task. From efbffd0b4405aef1a5a7ce615030fb2b5c21f84f Mon Sep 17 00:00:00 2001 From: Phakin Kongkha Date: Fri, 27 Jun 2025 17:01:43 +0700 Subject: [PATCH 3/5] Change hostId to recordId --- cloudflare4ddns | 4 ++-- cloudflare6ddns | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cloudflare4ddns b/cloudflare4ddns index 4c8b087..14a4ec6 100644 --- a/cloudflare4ddns +++ b/cloudflare4ddns @@ -9,7 +9,7 @@ # Cloudflare section :local apiToken "token" :local zoneId "zoneId" -:local hostId "hostId" +:local recordId "recordId" :local hostName "host.yourdomain.com" # ** END OF CONFIGURE SECTION ** @@ -28,7 +28,7 @@ :log info "[Cloudflare DDNS] WAN IPv4 address for interface $wanif has been changed to $ip4new." - :local url "https://api.cloudflare.com/client/v4/zones/$zoneId/dns_records/$hostId" + :local url "https://api.cloudflare.com/client/v4/zones/$zoneId/dns_records/$recordId" :local header "Authorization: Bearer $apiToken, Content-Type: application/json" :local data "{\"type\":\"A\",\"name\":\"$hostName\",\"content\":\"$ip4new\"}" diff --git a/cloudflare6ddns b/cloudflare6ddns index cf67723..53b4a60 100644 --- a/cloudflare6ddns +++ b/cloudflare6ddns @@ -9,7 +9,7 @@ # Cloudflare section :local apiToken "token" :local zoneId "zoneId" -:local hostId "hostId" +:local recordId "recordId" :local hostName "host.yourdomain.com" # ** END OF CONFIGURE SECTION ** @@ -28,7 +28,7 @@ :log info "[Cloudflare DDNS] IPv6 address for interface $wanif has been changed to $ip6new." - :local url "https://api.cloudflare.com/client/v4/zones/$zoneId/dns_records/$hostId" + :local url "https://api.cloudflare.com/client/v4/zones/$zoneId/dns_records/$recordId" :local header "Authorization: Bearer $apiToken, Content-Type: application/json" :local data "{\"type\":\"AAAA\",\"name\":\"$hostName\",\"content\":\"$ip6new\"}" From 4bdd6a4686fc9a83408c3d956c018b68eb149ce9 Mon Sep 17 00:00:00 2001 From: Phakin Kongkha Date: Fri, 27 Jun 2025 17:09:50 +0700 Subject: [PATCH 4/5] Readme reindent, add policy requirement --- README.md | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 0a3d569..2fc5187 100644 --- a/README.md +++ b/README.md @@ -2,13 +2,13 @@ This simple scripts are designed to implement DDNS feature using the [Cloudflare API](https://developers.cloudflare.com/api). -### Requirements and dependences +## Requirements and dependences Scripts work only on `RouterOS` version 6.44 and above. Depends on [Mikrotik JSON Parser](https://github.com/Winand/mikrotik-json-parser) project installed as system script with name `JParseFunctions`. -### Configure +## Configure Each script (IPv4 and IPv6) has a configuration area. Just insert your values. @@ -20,7 +20,7 @@ REST API methods [List Zones](https://developers.cloudflare.com/api/operations/z Insert all variables in scripts and install in your RouterOS device. -#### Get zone id with cURL +### Get zone id with cURL Replace `$api_token` with your [api token](https://dash.cloudflare.com/profile/api-tokens). ```shell curl --request GET \ @@ -29,7 +29,7 @@ curl --request GET \ --header "Content-Type: application/json" ``` -#### Get record id with cURL +### Get record id with cURL Get dns record id. Replace `$api_token` with your [api token](https://dash.cloudflare.com/profile/api-tokens). And `$zone_id` with zone id from [above](#Get-zone-id-with-cURL). ```shell curl --request GET \ @@ -39,8 +39,7 @@ curl --request GET \ ``` > [!TIP] > You can use jq to prettify json output. -### Running +## Running +This script requires `read` and `test` policy. You may add this script to system scheduler as periodically task. - -#### Thanks for using. From 08e00e0c290da7efc5e10c5e64f0582bb0fe3a2f Mon Sep 17 00:00:00 2001 From: Phakin Kongkha Date: Fri, 27 Jun 2025 17:53:36 +0700 Subject: [PATCH 5/5] Change log message to avoid obfuscation --- cloudflare4ddns | 3 +-- cloudflare6ddns | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/cloudflare4ddns b/cloudflare4ddns index 14a4ec6..075ab0f 100644 --- a/cloudflare4ddns +++ b/cloudflare4ddns @@ -21,12 +21,11 @@ :if ([:len $ip4new] = 0) do={ :log error "[Cloudflare DDNS] Could not get IPv4 for interface $wanif" - :error "[Cloudflare DDNS] Could not get IPv4 for interface $wanif" } :if ($ip4new != $ip4wan) do={ - :log info "[Cloudflare DDNS] WAN IPv4 address for interface $wanif has been changed to $ip4new." + :log info "[Cloudflare DDNS] An A record for $recordId is being changed to $ip4new." :local url "https://api.cloudflare.com/client/v4/zones/$zoneId/dns_records/$recordId" :local header "Authorization: Bearer $apiToken, Content-Type: application/json" diff --git a/cloudflare6ddns b/cloudflare6ddns index 53b4a60..259e626 100644 --- a/cloudflare6ddns +++ b/cloudflare6ddns @@ -21,12 +21,11 @@ :if ([:len $ip6new] = 0) do={ :log error "[Cloudflare DDNS] Could not get IPv6 for interface $wanif" - :error "[Cloudflare DDNS] Could not get IPv6 for interface $wanif" } :if ($ip6new != $ip6wan) do={ - :log info "[Cloudflare DDNS] IPv6 address for interface $wanif has been changed to $ip6new." + :log info "[Cloudflare DDNS] An AAAA record for $hostname is being changed to $ip6new." :local url "https://api.cloudflare.com/client/v4/zones/$zoneId/dns_records/$recordId" :local header "Authorization: Bearer $apiToken, Content-Type: application/json"