How to get zone id with zone specific api key?

The key has permission “Zone:Read” on specific zone.
Always got “… requires permission ‘com.Cloudflare.api.account.zone.list’ to list zones” from API “/client/v4/zones?name={domain name}”.

If I change “Specific zone” to “All zones”, it works, emmmmmm…

Is any other API for this? Or additional permission?

4 Likes

+1 to this issue. I believe this is a bug with the API. It’s caused a lot of grief when trying to be more secure and scope tokens to a single zone. When performing a GET on the /zones endpoint, if an account has Zones - Zones - Read permissions, the endpoint should filter all zones found in the lookup by all the zones my token has access to.

Example: Assume my account has foo.com, bar.com, and bim.com. Assume my generated token has included zones foo.com, bar.com

  • GET /zones - should return records for foo.com, bar.com
  • GET /zones?name=foo.com - should return records for foo.com
  • GET /zones?name=bim.com - should return no results, NOT an error (since the token does have valid permissions; it just didn’t find any matching records within the token’s included zones)
1 Like