Configuring Dynamic DNS on OPNsense

In Cloudflare:

Go to My Profile > API Tokens and hit "Create Token"
Find "Edit zone DNS" and click "Use template"
Edit the token name if desired (I used "OPNSense DDNS")
Permissions should be set to "Zone" - "DNS" - "Edit".
Zone Resources should be set to "Include" - "Specific zone" - [the zone you want OPNsense to update]
Leave the rest as it is and hit "Continue to summary"
If it looks good, hit "Create Token"
Feel free to copy the provided test code and paste it into your terminal to test it if you want.
Copy the token. I saved mine in my password manager since this is the only time you can see it.

In OPNsense:

Go to Services > Dynamic DNS > Settings > General settings
Check "Enable"
Set interval (I used 360 seconds which works out to 10x per hour)
Set backend to "ddclient" (if you don't have this, you need to enable the plugin at System > Firmware > Plugins and install os-ddclient using the "+" icon)
Click the "Accounts" tab at top and then hit the orange "+" to add a new account
Check "Enabled"
Enter a description (like "Cloudflare")
Set "Service" to "Cloudflare"
Leave "Username" blank
Paste your API token into the "Password" field
Enter your zone into the "Zone" field (this should match the zone you chose at Cloudflare, like domain.com)
Enter the hostname(s) you want updated into the "Hostname(s)" field (the actual subdomain or domain, like subdomain.domain.com)
Set "Check ip method" to "Interface"
Set "Interface to Monitor" to "WAN"
Check "Force SSL"
Save