API returns error with code 9300: User session has expired

Hi there,

I created a new API token using the pre-configured “Read all resources” template, and a user account with Super Administrator privileges on all domains. This adds a large set of permissions – which is intended for this test token.

Afterwards, I queried the verify-endpoint:

curl "https://api.cloudflare.com/client/v4/user/tokens/verify" -H "Authorization: Bearer <TOKEN>"

{"result":{"id":"<ID>","status":"active"},"success":true,"errors":[],"messages":[{"code":10000,"message":"This API Token is valid and active","type":null}]}

So far it seems to work as expected. However, I get an 9300 authentication error for all other endpoints, e.g.

curl 'https://dash.cloudflare.com/api/v4/accounts' -H "Authorization: Bearer <TOKEN>"

{"success":false,"errors":[{"code":9300,"message":"User session has expired. Please log in again"}],"messages":[],"result":null}

Is there anything I am missing, or I can try?

Welcome to the Cloudflare Community!

You’re using the Dashboard API Endpoints when you should be using the public API Endpoints instead. The dashboard has a bunch of protections, which you’re quickly running into.


curl 'https://api.cloudflare.com/client/v4/accounts' -H "Authorization: Bearer <TOKEN>"

Some endpoints are only available through the dashboard (like registering domains except for enterprise), but the ones which are available in both are the same besides some minor differences in paths as you can see.
docs here:

1 Like

Thanks – I was copying the requests from the dashboard and reading the docs in parallel. I somehow didn’t spot the tiny difference in the domain.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.