DDNS token setup

I’m trying to generate a token so that I can update the DNS records for one of my domains (DDNS). Here are my settings:

When I run the sync, I get the following error from cloudflare:

"{"success":false,"errors":[{"code":0,"message":"Actor 'com.cloudflare.api.token.xxxxxxxxxx' requires permission 'com.cloudflare.api.account.zone.list' to list zones"}],"messages":[],"result":null}"

Actor 'com.cloudflare.api.token.xxxxxxxxxx' requires permission 'com.cloudflare.api.account.zone.list' to list zones

I tested this out with the global key and the script works, so not sure why this token setting isn’t working.

I also tried including all zones in case that would make a difference, but still got the same error.