BUG: Zone Detail by Name requires Zone List permission

There appears to be a missing API for Zones:

There is no way to retrieve Zone Details by name without also having the Zone List permission.

REPRO:

  1. Create a API Token with Zone.Zone:read and Zone.Zone Settings:read permissions for a specific resource.
  2. GET https://api.cloudflare.com/client/v4/zones?name=<specified resource>

RESULT:

  "success": false,
  "errors": [
    {
      "code": 0,
      "message": "Actor 'com.cloudflare.api.token.<redacted>' requires permission 'com.cloudflare.api.account.zone.list' to list zones"
    }
  ],
  "messages": [],
  "result": null
}

RESOLUTION:

Any one of the following:

  • Allow zone listings for zones that are included within a token’s permissions.
  • Enable zone detail retrieval by name.
  • Add an explicit Zone.Zone List permission to the API Token dashboard.

WORKAROUND:

Giving the API Token the Account.Account Settings:read permission appears to implicitly grant com.cloudflare.api.account.zone.list.

1 Like

Thank you for posting this, I stumbled on the same issue.

I suspect the querystring (?name=*) is just a filter. Regardless of what filters you add, you need the corresponding permissions for the API endpoint, which is https://api.cloudflare.com/client/v4/zones.

1 Like

This workaround no longer seems to work.

Does anyone have any advice on how to resolve this issue?

Thank you, digging internally for details.

1 Like

Sorry for the misinformation here.

I still think the issue describes in the original post should be resolved, but the workaround still works. The problem I’m having is the one described in Bug in list zones endpoint when using API token?.