I’ve got an an API token (Bearer token) where I can sort of validate it using curl per the example when you generate it, but I can’t seem to use it to access my employer’s CF resources using either python-cloudflare or the cli4 script.
I’ve stepped through the code for hours, finally finding the part where it sent the headers, and there appears to be nothing wrong with it. It’s of the same format as my curl request that verified my API token.
This appears to be an authorization problem, but it’s hard to troubleshoot, so I’m curious if there’s any suggestions. Here’s an example:
$ cli4 name=fooDOTcom SLASHzonesSLASH
cli4;SLASHzones - 6111 Invalid format for Authorization header
cli4;SLASHzones - 6003 Invalid request headers
My web portal user has access to this foo.com account.
$ cli4 SLASHzonesSLASH;fooDOTcomSLASHdns_records
cli4; SLASHzonesSLASH;fooDOTcom/dns_records - (6003, ‘fooDOTcom - 6003 Invalid request headers’)
The same sort of exception occurs from my own script.
What permissions should an API token have to perform this query? I assumed that read only for zones and DNS would be enough.