How the API works
Ezoic integrates with your site via an API to CloudFlare. When you install the CloudFlare app in the Ezoic User Interface - the Ezoic system obtains access to your CloudFlare account via a token system. Ezoic pulls the domain hash for the URL that Ezoic is working with and the token acts like a password, which gives the system access to be able to make changes to the DNS records. These changes are so that traffic can be routed through Ezoic at the DNS level - in accordance with the traffic percentage settings you select in Ezoic (i.e. on/off settings and percentages).
How the CloudFlare password is handled
At no time does Ezoic store your CloudFlare password. The username is stored, but as soon as the password is used to authorize/create the token for the Ezoic CloudFlare App, that password is dropped, so our system no longer has any record of the password.
What will be changed on your CloudFlare account...
Once you integrate, the system will point your DNS records to Ezoic, so we can work as a proxy for your site. We will also turn off rocket loader. This is because rocket loader will load JS scripts asynchronously and that hinders any scripts we may need to put on the page. No other changes will be made to your settings, and all will revert back if you remove integration.
If you were to uninstall the CF app in Ezoic - all the changes that the system made to your account (to let the traffic routing take place) are reversed and the account goes back to how it was before.
If your SSL setting is 'off' or 'flexible' then you don't need to do anything else, but if it's at 'full' or 'strict' you will need to upload your SSL certificate and key to Settings > Advanced > SSL Settings.
In all the years we've worked with CloudFlare, we have never had a single complaint from a publisher to CF about this integration method. It's a solid system and has the added advantage of not requiring a wait for nameserver change propagation (because the name servers stay the same - only the DNS records are adjusted).