diff --git a/CHANGES b/CHANGES
index 181221edd..8ecc878d2 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1758,4 +1758,5 @@
 [4.4.3]
 * Add restart button in recovery section
 * Fix issue where memory usage was not computed correctly
+* cloudflare: support API tokens
 
diff --git a/src/dns/cloudflare.js b/src/dns/cloudflare.js
index 6e432a27b..6167aee5b 100644
--- a/src/dns/cloudflare.js
+++ b/src/dns/cloudflare.js
@@ -53,10 +53,16 @@ function createRequest(method, url, dnsConfig) {
     assert.strictEqual(typeof url, 'string');
     assert.strictEqual(typeof dnsConfig, 'object');
 
-    return superagent(method, url)
-        .set('X-Auth-Key', dnsConfig.token)
-        .set('X-Auth-Email', dnsConfig.email)
+    let request = superagent(method, url)
         .timeout(30 * 1000);
+
+    if (dnsConfig.tokenType === 'GlobalApiKey') {
+        request.set('X-Auth-Key', dnsConfig.token).set('X-Auth-Email', dnsConfig.email);
+    } else {
+        request.set('Authorization', 'Bearer ' + dnsConfig.token);
+    }
+
+    return request;
 }
 
 function getZoneByName(dnsConfig, zoneName, callback) {
@@ -273,14 +279,20 @@ function verifyDnsConfig(domainObject, callback) {
     const dnsConfig = domainObject.config,
         zoneName = domainObject.zoneName;
 
+    // token can be api token or global api key
     if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'token must be a non-empty string', { field: 'token' }));
-    if (!dnsConfig.email || typeof dnsConfig.email !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'email must be a non-empty string', { field: 'email' }));
+    if (dnsConfig.tokenType !== 'GlobalApiKey' && dnsConfig.tokenType !== 'ApiToken')  return callback(new BoxError(BoxError.BAD_FIELD, 'tokenType is required', { field: 'tokenType' }));
+
+    if (dnsConfig.tokenType === 'GlobalApiKey') {
+        if ('email' in dnsConfig && typeof dnsConfig.email !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'email must be a non-empty string', { field: 'email' }));
+    }
 
     const ip = '127.0.0.1';
 
     var credentials = {
         token: dnsConfig.token,
-        email: dnsConfig.email
+        tokenType: dnsConfig.tokenType,
+        email: dnsConfig.email || null
     };
 
     if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here