How to push WAN IP( DDNS ), use pfSense to Cloudflare(A record), and how I fix the problem | 如何推送 WAN IP（DDNS），由 pfSense 到 Cloudflare(A record)，以及我如何解決問題

Answer: (Disclaimer: Don't do that in your company environment! if you setup on your lab, take any risks by yourself! For firewall( pfSense ) DDNS service, use Cloudflare Global API Key instead of customized permissions API Tokens, my pfSense Version is 21.05-RELEASE (arm64)
Update: find out the answer

Story begins:

I want to start to built some service/server at my home lab, so I bought a new domain name from Namecheap and link to Cloudflare, while I need to create a web service in my home lab, 99.9999999% of home users are using dynamic IP address.

Is OK, DDNS pass my home's WAN IP to Cloudflare, pieces of cake. Right?

Before actions, I get the WAN IP address from WhatIsMyIP enter A record to Cloudflare, check firewall rules (e.g. port forward, etc )correct.

Test Completed, URL A recond allow connecting to my home web server.

Time to setup pfSense DDNS

Service Type= Cloudflare
Hostname=your subnet name(e.g. godbless )
Domain Name=your domain name, my case is davidsideproject.com
Cloudflare Proxy = Uncheck
Verbose logging=check
Username = Cloudflare account login email
Password = My created limit access API key from Cloudflare before
Update: find out the answer
TTL=empty
Description= what you like to enter.

below screen cap is the wrong step, just for reference

Missing something? Just google it.....

https://community.cloudflare.com/t/api-authentication-failing/110430/10

Someone say using a global API key......

OK, for a home lab, I take this as a workaround solution.....
Maybe setup a DDNS client later.