How to get zone id with zone specific api key?

The key has permission “Zone:Read” on specific zone.
Always got “… requires permission ‘’ to list zones” from API “/client/v4/zones?name={domain name}”.

If I change “Specific zone” to “All zones”, it works, emmmmmm…

Is any other API for this? Or additional permission?


+1 to this issue. I believe this is a bug with the API. It’s caused a lot of grief when trying to be more secure and scope tokens to a single zone. When performing a GET on the /zones endpoint, if an account has Zones - Zones - Read permissions, the endpoint should filter all zones found in the lookup by all the zones my token has access to.

Example: Assume my account has,, and Assume my generated token has included zones,

  • GET /zones - should return records for,
  • GET /zones? - should return records for
  • GET /zones? - should return no results, NOT an error (since the token does have valid permissions; it just didn’t find any matching records within the token’s included zones)
1 Like