I find myself wanting to integrate Cloudflare with the applications behind it for automatic cache purging. The main issue I have is not wanting to give over the API key for my whole account to these apps just for purging their items from cache.
It would be good if there was a separate API key for this one purpose much like the API key for SSL certificates.
Makes sense, this feature is available since the Enterprise plan, with the multi-tenancy logic you can invite and then have different accesses to a given Organization with role-based access. In this role list, the cache purge role is doing exactly what you need.
but the issue is obviously if your people should be able to do more stuff, you essentially need to create a complete user just for the server, and then the question is whether it’s allowed to created CF users for non-human entities, like servers. and also if info of the person is needed to be entered, what to enter.
in my opinion it would be really helpful to add the ability that a user can have more seperate API keys and set permissions for those, instead of needing to create more users, see here:
It seems like a very basic requirement of any CDN / caching system to have the ability to clear caching on URLs or entire domains from an API key that has very limited (hopefully non-destructive) access.
I was quite surprised to see CF want big $ to upgrade the your plan to enterprise to get something as simple as this.
+1 This is a major security issue and makes me not use the API at all, period. I have two-factor on my own login, but I obviously can’t do that with my API key. I can’t even limit it to IP’s, so there is very little security here. The enterprise fix is completely unreachable for small organizations, just so one can be able to have what is a basic and essential feature.