Skip to content
Cloudflare Docs
DirectoryAPISDKsChangelog

Hostname validation

Before Cloudflare can proxy traffic through a custom hostname, we need to verify your customer's ownership of that hostname.

Options

If minimizing downtime is more important to you, refer to our pre-validation methods.

If ease of use for your customers is more important, review our real-time validation methods.

Hostname validation and certificate validation

Hostname validation and certificate validation use different tokens and API fields.

  • ownership_verification and ownership_verification_http validate hostname ownership and affect the custom hostname status.
  • ssl.validation_records validates certificate issuance and affects ssl.status.

For production traffic, the hostname should have status: active, ssl.status: active, and DNS that points to your SaaS target.

Limitations

Custom hostnames using another CDN are not compatible with Cloudflare for SaaS. Since Cloudflare must be able to validate your customer's ownership of the hostname you add, if their usage of another CDN obfuscates their DNS records, hostname validation will fail.

Migrate a hostname from another SaaS provider

If you are onboarding a hostname that is currently active on another Cloudflare for SaaS provider, follow these steps to minimize downtime:

  1. Create the custom hostname on your zone and complete pre-validation so it reaches status: active before the DNS change.
  2. Issue and validate the certificate (using TXT or Delegated DCV) so ssl.status reaches active.
  3. Ask your customer to update their DNS CNAME to point to your SaaS target.
  4. Confirm traffic has switched to your zone. The previous provider can then delete their custom hostname.