Prior to the introduction of API tokens, I had been using the the Global API key and a call to GET /client/v4/zones?name=myzone.com
to check for the existence of a given zone on my account.
Whether the specified zone existed or not, the call always returned an HTTP 200 json result. If the zone didn’t exist, the result
object was simply empty and result_info
contained properties like count=0
and total_count=0
.
Now I’m testing the same code using an API token that has been given the following permissions:
- Zone - Zone Settings - Read
- Zone - Zone - Read
- Zone - DNS - Edit
- Include: All zones
When the zone exists, everything works just like before with the Global API key. But when the zone doesn’t exist, I now get an HTTP 403 error with the following body:
{
"success":false,
"errors":[
{
"code":0,
"message":"Actor 'com.cloudflare.api.token.REDACTED' requires permission 'com.cloudflare.api.account.zone.list' to list zones"
}
],
"messages":[
],
"result":null
}
Is this a bug or working as intended? I tried adding every other zone/account related READ permission I could find to the token, but nothing seemed to help.