Hi everyone,
We just recently released a fix to this problem. Now if a token is granted read access to a specific zone, then you can filter the GET /zones API via the ?name= parameter. One caveat to be aware of is that this won’t work if using any other filters at the same time.
An example:
curl -X GET "https://api.cloudflare.com/client/v4/zones?name=example.com" \ -H "Authorization: Bearer <token>" \ -H "Content-Type:application/json"
Thanks for the patience here. Handling all the edge cases of the /zones call has been challenging. This API particular has many implications and combines lots of things which are challenging for supporting least privilege.