Skip to content
...
Kismet
/docs/cloudflare-setup

Setup guide · Cloudflare

Connect your Cloudflare account to Kismet

Create one Cloudflare API token and hand it to our team. Follow the shots below and you are done in about five minutes — no technical knowledge required.

~5 minutesNo code requiredAdmin access

Before you begin

What this does, in plain terms

Thanks for connecting your properties with Kismet. This token lets us deploy a lightweight Cloudflare Worker on your domain. The Worker reads your existing pages and adds to them — it never touches your content, database, or hosting. You can revoke it at any time by deleting the token.

Structured data

Adds Schema.org markup to your property pages so AI assistants can discover and read them.

Attribution

Adds a tracking script so you can see the bookings AI channels send your way.

AI Catalog

Helps AI agents find and read your AI Catalog so your inventory shows up.

You need · admin access to CloudflareTime · about 5 minutes

One plan note: based on the standard traffic we see on these sites — and to make sure we can give you full coverage — we recommend upgrading to the Workers Paid plan. The usage included at the $5/mo level is usually sufficient for partners with fewer than 1,000 units in their portfolio.

1

Log in and open API Tokens

Go to dash.cloudflare.com and sign in. Then open Manage account → Account API Tokens (select your account if asked).

Cloudflare · Account API Tokens

Cloudflare recommends account tokens, and so do we. If your policy prefers user tokens (My Profile → API Tokens), those work too — the steps are identical.

2

Click “Create Token”

The blue Create Token button is at the top-right of the page above. You land straight in the token editor with a randomly generated name — that is exactly where you want to be.

3

Name the token

Replace the random name with something you will recognise later, like Kismet Integration – [Your Company].

Token name · Permission policies
4

Add the account permissions

Leave the scope dropdown on Entire Account. In the “Search for permission groups…” box, add these two:

SearchWorkers ScriptsEdit
SearchWorkers KV StorageEdit
Entire Account · both set to Edit
5

Add the domain permissions

Easy to miss

Click + Add policy. In the new policy’s scope dropdown, choose All Domains — or Specified Domains and pick the site(s) you’re connecting.

Scope dropdown · choose All Domains

Then add these two permissions:

1 ·SearchWorkers RoutesEdit
Workers Routes · Edit
2 ·SearchDNSEdit
DNS · Edit

Can’t find Workers Routes or DNS? The scope dropdown is still on “Entire Account.” These two only appear under a Domains scope — this is the step most people miss.

Why DNS Edit? We use it to create staging subdomains for pre-launch testing, and for some partners Kismet-hosted booking or landing pages. All our DNS changes are additive — we never modify or remove your records, and we notify your team of anything we add.

6

Expiration and IP filtering

Leave Token expiration on No expiration (or your team’s standard — if it expires we’ll just ask for a fresh one). Client IP address filtering can stay empty.

7

Review and create

Click Review token. The summary should show two permission policies:

Token summary2 policies
Entire Account
Workers Scripts: EditWorkers KV Storage: Edit
All Domains (or your selected domains)
Workers Routes: EditDNS: Edit
Review · both policies present

See only one policy? The domain permissions are missing — go back to Step 5. Otherwise create the token and copy it right away — Cloudflare shows it only once (it starts with cfat_, or cfut_ if you made a user token). Lose it? No problem, just generate a new one.

8

Send it to Kismet

Send us the token plus your Cloudflare Account ID (found in the dashboard sidebar). Two easy options:

Recommended

Use our encrypted key drop

Paste the token and Account ID into our key drop — encrypted in transit and at rest (AES-256-GCM), and only decrypted when we deploy.

kismet.travel/key-dropOpen
Also fine

One-time link by email

Prefer a one-time link from your password manager (Keeper, 1Password)? Send it to us — just never email the raw token itself.

What happens next

We take it from here

01

Staging subdomain

We create a staging subdomain for safe testing.

02

Deploy the Worker

The Worker goes live on staging first — never your site.

03

Verify

We check tracking and performance end to end.

04

Coordinate cutover

We go live together, once everything checks out.

Security notes

What this token can and can’t do

The token can’t read your traffic, access SSL certificates, or modify firewall rules.

The Worker runs only on HTML page responses — never API calls, form submissions, or file downloads.

All injected content is served from kismet.travel — no third-party scripts.

Every enhanced page carries a header so you can verify our work:

X-Kismet-Injected: true

Token in hand? Drop it and you’re done.