BUG: Zone Detail by Name requires Zone List permission

There appears to be a missing API for Zones:

There is no way to retrieve Zone Details by name without also having the Zone List permission.

REPRO:

  1. Create a API Token with Zone.Zone:read and Zone.Zone Settings:read permissions for a specific resource.
  2. GET https://api.cloudflare.com/client/v4/zones?name=<specified resource>

RESULT:

  "success": false,
  "errors": [
    {
      "code": 0,
      "message": "Actor 'com.cloudflare.api.token.<redacted>' requires permission 'com.cloudflare.api.account.zone.list' to list zones"
    }
  ],
  "messages": [],
  "result": null
}

RESOLUTION:

Any one of the following:

  • Allow zone listings for zones that are included within a token’s permissions.
  • Enable zone detail retrieval by name.
  • Add an explicit Zone.Zone List permission to the API Token dashboard.

WORKAROUND:

Giving the API Token the Account.Account Settings:read permission appears to implicitly grant com.cloudflare.api.account.zone.list.