OAuth allows third-party applications to access your Cloudflare account on your behalf — like when Wrangler deploys Workers or when monitoring tools read your analytics. You now have granular control over which accounts these applications can access, plus the ability to revoke access anytime.
When authorizing an OAuth application, you can now select specific accounts instead of granting access to all your accounts:
Account-by-account selection — Choose exactly which accounts the application can access
"All accounts" option — Still available for trusted tools like Wrangler This gives you precise control who can access your data.
The OAuth consent screen now shows:
What the application can access — Explicit list of permissions being requested
Who created the application — Application owner and contact information
Which accounts you're authorizing — Checkboxes for account selection
Manage authorized OAuth applications from your profile:
See all connected apps — View every OAuth application with access to your accounts
Review permissions and scope — Check what each application can do and which accounts it can access
Revoke instantly — Remove access with one click when you no longer need it To manage your OAuth applications, navigate to Profile > Access Management > Connected Applications.
These updates give you:
Granular control — Authorize apps per-account instead of all-or-nothing
Transparency — Know exactly what you're authorizing before you consent
Security — Limit blast radius by restricting access to only necessary accounts
Easy cleanup — Revoke access when applications are no longer needed
Read more about these improvements in our blog post: Improving the OAuth consent experience.
Fetched April 14, 2026