Cloudflare API Token Usage
This page explains exactly how Once Analytics uses your Cloudflare API token during installation.
Overview
Your API token is used only during the installation process to set up the necessary Cloudflare resources. Once installation is complete, the token is immediately discarded — we never store it on our servers.
Tip: You can delete the API token from your Cloudflare dashboard after installation completes. Once Analytics will continue to work without it.
Required permissions
When you create the API token, it needs these scopes:
| Permission | Access Level | Why It's Needed |
|---|---|---|
| D1 | Edit | Create the database for your analytics data |
| Workers Scripts | Edit | Deploy the analytics Worker |
| Zone | Read | List your domains for selection |
| Workers Routes | Edit | Connect your subdomain to the Worker |
| DNS | Edit | Create the DNS record for your subdomain |
| Access | Edit | Set up Cloudflare Access authentication (optional) |
| API Tokens | Edit | Create auto-updater token and self-delete after install |
API calls made
| Step | Action |
|---|---|
| 1 | Verify token is valid |
| 2 | List your domains |
| 3 | Create D1 database |
| 4 | Initialize database schema |
| 5 | Deploy Worker |
| 6 | Create DNS record |
| 7 | Create Worker route |
| 8 | Create Access app (if using Access) |
| 9 | Create auto-updater token (if opted in) |
| 10 | Delete installation token |
Auto-updater token
If you enable automatic updates during installation, the installer creates a separate, minimal API token that is:
- Restricted to Workers Scripts:Edit only — Cannot access your database, DNS, or other resources
- IP-restricted — Only works from our update server
- Stored encrypted — Using RSA encryption, only decryptable by our update service
This auto-updater token allows Once Analytics to deploy new Worker versions without requiring you to create a new token each time.
Note: The auto-updater token is completely optional. If you prefer, you can skip automatic updates and use manual one-time tokens when updates are available.
Installer token self-deletion
After installation completes, the installer token automatically deletes itself using the Cloudflare API. This happens because:
- You don't need it anymore after installation
- It prevents the token from being misused
- It follows the principle of least privilege
Warning: If self-deletion fails (e.g., due to a network error), you should manually delete the token from your Cloudflare API Tokens dashboard.
What we don't do
- We don't store your installation token — Used only in your browser, then self-deleted
- We don't have broad ongoing access — The optional auto-updater token can only edit Workers Scripts
- We don't read your other data — Zone:Read only lists domain names
- We don't modify existing resources — We only create new resources
Questions? Email hello@onceanalytics.com