Different API credentials for cache purging

We have 2 environments
stage.domain.com and prod.domain.com
We deploy code through bash script that includes API call to Cloudflare to purge cache. What we want to achieve is the following.

Staging environment is using a different API Key than production. People with access to staging environment should not be able to use the same API key to purge cache in production or do any other API calls (like delete the entire production website). Also ideally when we deploy code on staging, we don’t want to purge cache that is related to production web server.
Any ideas how to implement this?

See Restricted API keys - might not be as granular as you’re suggesting though.

Note that many API client libraries have not yet been updated to use the new authorization scheme.

If you are an Enterprise customer you can work with your account team to set up a separate org for staging with the subdomain stage.domain.com in that org with a different set of users/permissions.

For non-ENT the best way would probably be to have a different account with a separate domain (example.com instead of domain.com) for staging/test.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.