Cloudflare tunnel privileges missing when adding to load balancer pool

I create a new tunnel and can use cloudflared to view it:

./cloudflared-linux-amd64 tunnel --origincert cert.pem info mytunnel

Your tunnel 71ac64fc-b977-4e4d-8194-0e05fb413487 does not have any active connection.

However when I try and add it to an existing load balancer pool (as described in https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/routing-to-tunnel/lb/#add-a-tunnel-to-a-load-balancer-pool):

./cloudflared-linux-amd64 tunnel --origincert cert.pem route lb tunnel-uuid load-balancer-address load-balancer-pool-id

I get:

Failed to add route: code: 1005, reason: Error from GET list_pools: Load balancer admin read privileges missing for object. 1033

I have tried creating an api key for editing the load balancer pool, however it is not clear how to supply this key to cloudflared.