Domain Registrar API Token permissions

Has anyone been successful authenticating against any of the Registrar Domains endpoints with a Bearer token and, more importantly, could they share what worked? The only attempted answer I found, if you could even call it that, was to “poke around in permissions” but I’ve confirmed the active token has every Account permission that’s available to select in the UI.

Are there permissions that must be updated via the API itself and aren’t available in the UI?

There are a lot of API permissions that are more select with the API
https://api.cloudflare.com/#permission-groups-list-permission-groups

Also, what endpoint are you trying to hit? The only API I see with registrar is
https://api.cloudflare.com/#registrar-domains-properties

Thank you for your reply! And my mistake for not including more information, yes I’ve been attempting to access the list registrar domains (the POST method) and the individual GET domain as well, both give authorization errors.
Btw thanks additionally for the api.cloudflare.com link, I’ve only been familiar with these docs which might be slightly different:
developers.cloudflare.com/api/operations/registrar-domains-get-domain

In between posting and now I did discover the /user/tokens/permission_groups endpoint and figured out how to pull them (you can’t manually add User-level API token permissions via the UI, you have to start from the API token template, which is… something) but again I found no permission listed with any references to “domain” or “registrar”?

I’d share the cURL/Postman I’ve tried against the GET domain endpoint but I think it’s pretty clear I need to add permissions to my token I just don’t quite know how/where to find what I’m missing. Interestingly, the link you shared says Auth errors should be code 10001 but this is always what returns:

{"success":false,"errors":[{"code":10000,"message":"Authentication error"}]}

I am quite new to Cloudflare so please let me know if there’s additional helpful info I could provide

That error can occur when you are using the wrong auth scheme. What headers are you using? For API token you need a header of Authorization: Bearer <TOKEN>.

Yes, I’m aware. Bearer token is the only authorization header in all successful and unsuccessful operations. In cURL this is -H "Authorization: Bearer {GENERATED_TOKEN} and in Postman it is
Screenshot 2023-01-08 at 9.08.06 PM

As stated, the token works for multiple endpoints but none of the registrar ones. That’s not an auth scheme problem or mistake as I can authenticate against permitted endpoints. This is a permissions issue and, frankly, generating tokens with proper permissions is not intuitive and barely logical in this platform so far.

It doesn’t appear that Cloudflare has release the permission IDs for Registrar read/write. So you’re stuck using the Global API key for the time being.

And even then, you are limited to GET requests unless you have an Enterprise plan.

@keithvsr I’m running into the same thing and the only clue is that it may only be available for Enterprise customers at this time.

I’m trying to learn more about what’s involved in gaining access and posted in the developers/api section about this. If you do make some headway and figure out how to get access, please let us know!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.