Permissions needed for Spectrum
I am not able to see the permissions needed in order to create a Spectrum API token for creating an app. I need to asign an static IP and documentation says make sure to have IP Prefixes:Write permissions but Write does not showed up. Only Read and Edit. If I tried Edit. I got 500 error.
Your earlier post was using Spectrum to get a “static” (it’s not static, just sticky) IP address for your application. Have you now got a static IP from Cloudflare or onboarded your IP prefixes?
Hi @sjr thanks for your response.
Yes, I already got the static IP (ipv4 &ipv6) provided by Cloudflare. I am trying to create a new HTTP/HTTPS application via API so I am trying to generate a new token from the account with this permissions
Account: IP Prefix: Read and Zone: Zone settings: Write (documentation says IP Prefixes : Write but it is not showing up)
Not sure If I am missing some other additional permission
Not sure, here is says “Edit” instead of “Write”…
If this is a one off and you are admin, use your email and global API key instead of a token just to get it done.
@sjr using Global API key I got a
code 10000,
message Authentication error
Request should look like this (this doesn’t include specifying the IPs as I don’t do that)…
curl --request POST \
--url https://api.cloudflare.com/client/v4/zones/xxxxxxxx/spectrum/apps \
--header 'Content-Type: application/json' \
--header "X-Auth-Email: [email protected]" \
--header "X-Auth-Key: xxxx_global_api_key_xxxx" \
--data '{
"dns": {
"name": "a.spectrum.example.com",
"type": "CNAME"
},
"ip_firewall": true,
"origin_dns": {
"name": "origin.example.com"
},
"origin_port": 1234,
"protocol": "udp/1234",
"proxy_protocol": "simple",
"tls": "off",
"traffic_type": "direct"
}'
At the beginning I used Postman to send the request. Changing to curl I got the same message.
You definitely used these 2 headers and you are the admin for the Cloudflare account?
That should always work.
@sjr This is the instruction I am sending
curl --request POST --url “https://api.cloudflare.com/client/v4/zones/ZONEID/spectrum/apps” --header “Content-Type: application/json” --header “X-Auth-Email: EMAIL” --header “X-Auth-Key: GLOBALTOKEN” --data “{"protocol":"tcp/443","dns":{"type":"ADDRESS","name":"server.com"},"origin_direct":["tcp://X.X.X.X:443"],"ip_firewall":true,"proxy_protocol":"off","tls":"full","traffic_type":"https","edge_ips":{"type":"static","ips":["X.X.X.X","xxxx:xxxx:xx::xxx:x:xxxx"]}}”
I have super admin rights on the console. I read in the documentation (cannot find the article) that for Spectrum features user API Tokens ( i think including GLOBAL) are not allowed but account API Tokens
I created a couple more Spectrum apps a few weeks back using the curl request I posted with no problems. Try the endpoint with GET to list Spectrum apps, or any other Cloudflare API endpoint, to check that something works with your authentication at least.
I have tried two different endpoints using the GLOBALTOKEN and works well.
Now I am trying to create an app using the Account Token an I am getting
code 10002,
message Unexpected internal server error
@sjr I solved the issue.
On manage account member there is a Enable API Access setting that Enables API access by default for members of this account. This one was off. I turned on and the API token created from the account works now doing both Authorization bearer and GLOBAL token API
Really appreciate your help on this as well.
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.