APITokens vs. APIKeys

The API docs state in the Getting Started section that

API Tokens provide a new way to authenticate with the Cloudflare API. They allow for scoped and permissioned access to resources and use the RFC compliant Authorization Bearer Token Header.

However, the entire documentation show examples using API Keys which require X-Auth-Key and X-Auth-Email headers.

  1. I think the docs should be updated to use the new tokens
  2. The page in the dashboard where you can manage your keys and tokens should be clear about the difference between them, and reference the docs.
  3. I think there’s a problem with the create token example - the token that is used in the request (8M7wS6hCpXVc-DoRnPPY_UCWPgy8aea4Wy6kCe5T) is identical to the one returned in the response, which is supposed to be a new token just created. Unless I misinterpreted how this API works.

It took me a while to figure this out, and the above can help people get up and running with the api more quickly.

1 Like