cloudflare · ranbel · Oct 30, 2025 · Oct 29, 2025 · Oct 30, 2025 · Oct 30, 2025
@@ -2264,6 +2264,7 @@
 
 # Cloudflare One nav revamp (statics)
 /cloudflare-one/access-controls/applications/http-apps/mcp-servers/mcp-portals/ /cloudflare-one/access-controls/ai-controls/mcp-portals/ 301
+/cloudflare-one/api-terraform/access-with-terraform/ /learning-paths/clientless-access/terraform/publish-apps-with-terraform/ 301
 /cloudflare-one/applications/ /cloudflare-one/access-controls/applications/http-apps/ 301
 /cloudflare-one/applications/app-launcher/ /cloudflare-one/access-controls/access-settings/app-launcher/ 301
 /cloudflare-one/applications/app-library/ /cloudflare-one/team-and-resources/app-library/ 301
@@ -2407,6 +2408,7 @@
 /cloudflare-one/policies/browser-isolation/* /cloudflare-one/remote-browser-isolation/:splat 301
 /cloudflare-one/policies/data-loss-prevention/* /cloudflare-one/data-loss-prevention/:splat 301
 /cloudflare-one/policies/gateway/* /cloudflare-one/traffic-policies/:splat 301
+/cloudflare-one/api-terraform/access-api-examples/* /api/resources/zero_trust/subresources/access/subresources/policies/ 301
 
 # Email Security new revamp (dynamics)
 /cloudflare-one/email-security/detection-settings/detection-settings/* /cloudflare-one/email-security/settings/detection-settings/:splat 301

@@ -0,0 +1,32 @@
+---
+pcx_content_type: concept
+title: API and Terraform
+sidebar:
+  order: 15
+---
+
+
+You can manage your Cloudflare Zero Trust configuration using the API or Terraform. For more information, refer to the following links:
+
+- [API reference](/api/)
+- [Terraform provider reference](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs)
+- [Terraform how-to documentation](/terraform/)
+
+Detailed API and Terraform examples for Cloudflare Zero Trust are available in our [implementation guides](/cloudflare-one/implementation-guides/) and throughout the Cloudflare Zero Trust documentation.
+
+## Set dashboard to read-only
+
+Super Administrators can lock all settings as read-only in the Cloudflare One dashboard. Read-only mode ensures that all updates for the account are made through the API or Terraform.
+
+To enable read-only mode:
+
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Settings** > **Admin controls**.
+2. Enable **Set dashboard to read-only**.
+
+All users, regardless of [user permissions](/cloudflare-one/roles-permissions/), will be prevented from making configuration changes through the UI.
+
+## Scoped API tokens
+
+The administrators managing policies and groups in Cloudflare Zero Trust might be different from those responsible for configuring WAF custom rules or other Cloudflare settings. You can configure scoped API tokens so that team members and automated systems can manage Cloudflare Zero Trust settings without having permission to modify other configurations in Cloudflare.
+
+You can create a scoped API token [via the dashboard](/fundamentals/api/get-started/create-token/) or [via the API](/fundamentals/api/how-to/create-via-api/). For a list of available token permissions, refer to [API token permissions](/fundamentals/api/reference/permissions/).