Any way to create a firewall rule with an API Token?

I’m trying to create a firewall rule across several different accounts that my user is an administrator for. I was hoping that I could do this with an API Token that was defined for “all accounts” but after creating and verifying the token, I can’t find an appropriate API endpoint to use with it for creating firewall rules.

When I tried with the user endpoint I got this error json:

{"success":false,"errors":[{"code":10000,"message":"API Tokens are not supported by this API for now"}]}

  1. Is there an endpoint that would let me create and delete firewall rules using an API Token?

  2. Failing that option, does anyone know a concise way to create a firewall rule across all zones of multiple accounts without using a script that loops through each account separately?

3 Likes

I’m having the same problem.

Any solution about create/update a firewall rule with API?

Having the same issue with terraform and cloudflare when doing a waf override

eval: *terraform.EvalSequence, err: failed to create WAF override: error from makeRequest: HTTP status 501: content “{“success”:false,“errors”:[{“code”:10000,“message”:“API Tokens are not supported by this API for now”}]}\n”

Not sure if it’s same with WAF, but while I was writing a wrapper script to interface with Cloudflare Firewall at API level so can ban/unban IPs and list banned IPs at command level I found out the API Tokens are only supported with Firewall at Account level endpoint and not User level endpoint.

Apparently, Cloudflare will be eventually deprecating the Firewall User level API endpoint (which is used by my fail2ban implementation) in favour of the Firewall Account level API endpoint. The User level API endpoint doesn’t support newer CF API Tokens with restricted permissions and uses your CF Global Account API email/key credentials

1 Like