A client portal for managing Cloudflare, DNS and mail without handing over the keys
The brief: a digital agency manages dozens of client sites through Cloudflare. Their clients regularly needed to do things like update DNS records, clear the website cache, or check mail delivery logs. But giving them direct access to Cloudflare was not an option.
The problem
Cloudflare is powerful but it’s also the keys to the kingdom. One wrong click and a site goes down, DNS breaks, or security rules get wiped. The agency couldn’t hand that kind of access to clients, but they also couldn’t keep fielding every DNS change and cache clear request themselves. It was eating up support time and slowing clients down.
On top of that, third parties (freelancers, other agencies) sometimes needed access to specific areas too. There was no good way to do that without either over-sharing or becoming a bottleneck.
“We couldn’t give clients Cloudflare access, but we also couldn’t keep being the ones clearing their cache at 10pm.”
What we built
A client-facing portal that connects to Cloudflare’s API and exposes only what each user needs. No Cloudflare login required.
- DNS management with full change history. If an update breaks something you can see what changed and roll it back
- Cache clearing, dev mode toggle, and admin bypass rules. The day-to-day stuff that shouldn’t need a support ticket
- Security overview: blocks, traffic stats, firewall rules
- Transactional mail logs from two providers, with retention extended from the default 7 days up to 30 days within the platform
- Mail domain health checks covering SPF, DMARC and MX records
- Domain intelligence: registrar info, expiry dates, nameserver and mail health all in one view
- Proactive alerts for failed mail delivery, so the agency can reach out to clients before clients reach out to them
- Third-party access with scoped permissions. Give a freelancer access to DNS without giving them access to security rules
The result
Clients handle the routine stuff themselves. DNS changes, cache clears, checking whether an email actually sent. The agency’s support load dropped significantly because the requests that used to come in by email or Slack now get handled directly in the portal.
The extended mail log retention and proactive delivery alerts turned reactive support into proactive customer service. When a transactional email fails, the agency knows before the client does. And the DNS history with rollback has already saved at least one late-night panic.