Before you begin
What this does, in plain terms
Thanks for connecting your properties with Kismet. This token lets us deploy a lightweight Cloudflare Worker on your domain. The Worker reads your existing pages and adds to them — it never touches your content, database, or hosting. You can revoke it at any time by deleting the token.
Structured data
Adds Schema.org markup to your property pages so AI assistants can discover and read them.
Attribution
Adds a tracking script so you can see the bookings AI channels send your way.
AI Catalog
Helps AI agents find and read your AI Catalog so your inventory shows up.
One plan note: based on the standard traffic we see on these sites — and to make sure we can give you full coverage — we recommend upgrading to the Workers Paid plan. The usage included at the $5/mo level is usually sufficient for partners with fewer than 1,000 units in their portfolio.
Log in and open API Tokens
Go to dash.cloudflare.com and sign in. Then open Manage account → Account API Tokens (select your account if asked).
Cloudflare recommends account tokens, and so do we. If your policy prefers user tokens (My Profile → API Tokens), those work too — the steps are identical.
Click “Create Token”
The blue Create Token button is at the top-right of the page above. You land straight in the token editor with a randomly generated name — that is exactly where you want to be.
Name the token
Replace the random name with something you will recognise later, like Kismet Integration – [Your Company].
Add the account permissions
Leave the scope dropdown on Entire Account. In the “Search for permission groups…” box, add these two:
Workers ScriptsEditWorkers KV StorageEditAdd the domain permissions
Easy to missClick + Add policy. In the new policy’s scope dropdown, choose All Domains — or Specified Domains and pick the site(s) you’re connecting.
Then add these two permissions:
Workers RoutesEditDNSEditCan’t find Workers Routes or DNS? The scope dropdown is still on “Entire Account.” These two only appear under a Domains scope — this is the step most people miss.
Why DNS Edit? We use it to create staging subdomains for pre-launch testing, and for some partners Kismet-hosted booking or landing pages. All our DNS changes are additive — we never modify or remove your records, and we notify your team of anything we add.
Expiration and IP filtering
Leave Token expiration on No expiration (or your team’s standard — if it expires we’ll just ask for a fresh one). Client IP address filtering can stay empty.
Review and create
Click Review token. The summary should show two permission policies:
See only one policy? The domain permissions are missing — go back to Step 5. Otherwise create the token and copy it right away — Cloudflare shows it only once (it starts with cfat_, or cfut_ if you made a user token). Lose it? No problem, just generate a new one.
Send it to Kismet
Send us the token plus your Cloudflare Account ID (found in the dashboard sidebar). Two easy options:
Use our encrypted key drop
Paste the token and Account ID into our key drop — encrypted in transit and at rest (AES-256-GCM), and only decrypted when we deploy.
kismet.travel/key-dropOpenOne-time link by email
Prefer a one-time link from your password manager (Keeper, 1Password)? Send it to us — just never email the raw token itself.
What happens next
We take it from here
Security notes
What this token can and can’t do
The token can’t read your traffic, access SSL certificates, or modify firewall rules.
The Worker runs only on HTML page responses — never API calls, form submissions, or file downloads.
All injected content is served from kismet.travel — no third-party scripts.
Every enhanced page carries a header so you can verify our work:
X-Kismet-Injected: true