Hello all,

I’ve got an an API token (Bearer token) where I can sort of validate it using curl per the example when you generate it, but I can’t seem to use it to access my employer’s CF resources using either python-cloudflare or the cli4 script.

I’ve stepped through the code for hours, finally finding the part where it sent the headers, and there appears to be nothing wrong with it. It’s of the same format as my curl request that verified my API token.

This appears to be an authorization problem, but it’s hard to troubleshoot, so I’m curious if there’s any suggestions. Here’s an example:

$ cli4 name=fooDOTcom SLASHzonesSLASH
cli4;SLASHzones - 6111 Invalid format for Authorization header
cli4;SLASHzones - 6003 Invalid request headers

My web portal user has access to this foo.com account.
$ cli4 SLASHzonesSLASH;fooDOTcomSLASHdns_records
cli4; SLASHzonesSLASH;fooDOTcom/dns_records - (6003, ‘fooDOTcom - 6003 Invalid request headers’)

The same sort of exception occurs from my own script.

What permissions should an API token have to perform this query? I assumed that read only for zones and DNS would be enough.

Thanks!

special characters replaced with spelling because CF has an aggressive URL checker

Ah, this is actually due to a bug in the way the library was calling the request/sessions object. Basically there’s some logic in there where, if auth isn’t set, it tries to pick up Basic auth from .netrc, which I had configured for anonymous FTP from back in the day. So this Authorization: Basic line was smashing my bearer token Authorization line when it merged cookies/headers. Working on a fix now.