So I have an application that adds DNS records to my site, here is my js fetch:

fetch("https://api.cloudflare.com/client/v4/zones/***Zone_ID***/dns_records", {
  body: '{"type":"A","name":"example.com","content":"127.0.0.1","ttl":3600,"priority":10,"proxied":true}',
  headers: {
    "Content-Type": "application/json",
    "X-Auth-Email": "******@gmail.com",
    "X-Auth-Key": "***generated_api_key_for_this_zone***"
  },
  method: "POST"
}).then(res=>{res.json().then(r=>console.log(r))})

but it gives me a code 10000 error:

{
  success: false,
  errors: [ { code: 10000, message: 'Authentication error' } ]
}

I have tried using the global and local keys instead of the zone key, but it didn’t work. What am I doing wrong?

Have you tried the same thing as a curl?

Yes, I get the same thing with the curl command

Can you post a screenshot of that curl command with the sensitive bits blocked out?

I like screenshots because smart quotes don’t always show up when pasting code into messages here.

Are you literally trying to add “example.com”? Same failure when you use your actual domain?

no, when i use the actual domain (just the hostname) it does not work either.

Hmm…I tried example.com and it worked. It just turned into example.com.mydomain.com

Does the API work for anything with that email and auth-key?

I have only tried this and the verification thing. the verification worked.

the api key does have the right perms

API Keys don’t have permissions. That’s why it’s Global. Now it’s making sense. You’re using a token which needs a different header format. No Email, just Bearer:

 -H "Authorization: Bearer 8M7wS6hCpXVc-DoRnPPY_UCWPgy8aea4Wy6kCe5T"

wait what?

Those TLDs are highly abused by malicious users, so Cloudflare doesn’t allow automated configuration changes like that (the malicious users’ favorite method for spinning up fraudulent websites).

ohhhh.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.