Authentication error when requesting direct creator upload url in a Worker

I’m trying to request the direct upload url through a worker, but I keep getting an authentication error from the STREAM API

I used the Gobal API key for the bearer token and the account ID i can see on the workers page.

What am I doing wrong here?

my worker code:
async function handleRequest(request) { const init = { method: 'POST', headers: { 'Authorization': 'bearer xxxxxx' }, body:'{"maxDurationSeconds": 3600,"expiry": "2021-04-30T02:20:00Z","requireSignedURLs": false, "allowedOrigins": ["*"], "thumbnailTimestampPct": 0.568427 }' } const response = await fetch("https://api.cloudflare.com/client/v4/accounts/xxxxxxx/stream?direct_user=true", init) const jsn=await response.json() return new Response(JSON.stringify(jsn), {headers: {'Access-Control-Allow-Origin':'*'}}) }

API Tokens and API Keys are different entities. If you want to use bearer tokens, then you should first create a token with Stream privileges. You can do it from this page: https://dash.cloudflare.com/profile/api-tokens by clicking “Create Token”

If you’d like to use the Global API Key, you should pass it as part of the “X-Auth-Key” header instead of the Authorization header. In additional, if you are using the API Key, then you need to specify the account email as well. Your request should look something like this:

async function handleRequest(request) { const init = { method: 'POST', headers: { 'X-Auth-Email': 'your_email', 'X-Auth-Key': 'your_key' }, body: '{"maxDurationSeconds": 3600,"expiry": "2021-04-30T02:20:00Z","requireSignedURLs": false, "allowedOrigins": ["*"], "thumbnailTimestampPct": 0.568427 }' } const response = await fetch("https://api.cloudflare.com/client/v4/accounts/xxxxxxx/stream?direct_user=true", init) const jsn = await response.json() return new Response(JSON.stringify(jsn), { headers: { 'Access-Control-Allow-Origin': '*' } }) }

2 Likes