Wildcard subdomains on Cloudflare with PHP and API-tokens

I have been using Cloudflare’s excellent DNS-service for managing my domains. Free SSL-certificates and anti-DDoS services are added benefits.

However, proxied wildcard subdomains are not available except on the enterprise plan. If you are reading this blog, you probably cannot afford id :-) But you can still use wildcards in their dns, but you have to manage the SSL-part your self. Laravel Forge has Let’s Encrypt-wildcard has support, but it’s limited to 50 subdomains, where Cloudflare has a limit of 1000 subdomains.

How to solve this? You can use Cloudflare’s API to update the DNS-records by your self (1000 record limit).

Let’s set this up!

PHP

Cloudflare provies a PHP sdk for developers which we can use for the time being.

composer require cloudflare/sdk

But all documentation and examples uses API-Key, which has no granualar permissions. It has full access to your account, which we do not want.

First create a API-token: My Profile > API Tokens > Create token

I am going to settle with Zone.Zone Settings, Zone.Zone, Zone.DNS and set Zone Resource > Include > Specific Zone > my-app.com

// Important: instead of using `APIKey` use `APIToken` with no email-adress.
$key = new \Cloudflare\API\Auth\APIToken('<MY API_TOKEN GOES HERE>');
$adapter = new Cloudflare\API\Adapter\Guzzle($key);

// See https://janostlund.com/2019-10-07/purge-cloudflare-cache to find zone ID.
// Listing zones with APITokens seems to be broken.
$zoneID = 'abc1234567'; 
$dns = new \Cloudflare\API\Endpoints\DNS($adapter);
if ($dns->addRecord($zoneID, "A", 'testing', '8.8.8.8', 0, true) === true) {
    echo "DNS record created.". PHP_EOL;
}