For Workes & Pages, what is the name of the domain?
n/a
What is the error number?
9109
What is the error message?
Unauthorized to access requested resource
What is the issue or error you’re encountering
Unable to reliably verify account IDs
What steps have you taken to resolve the issue?
I am developing an application to automatically update WAF custom IP lists. To do so, the user has to supply the account ID. I am looking for a convenient way like /users/token/verify to verify the account ID, but couldn’t find anything good. The closet one I could find is /accounts/{account_id}, but this would lead to Unauthorized to access requested resource (9109) unless the token has additional permissions.
Interestingly, I learned that such an error message actually indicates that the account ID is valid, for otherwise the server will give other errors such as Invalid account identifier (9109) (the same error code but a different message), Invalid account identifier (7003) or Could not route to ... perhaps your object identifier is invalid? (7003). However, relying on checking the exact error messages is fragile.
In any case, I wonder if there’s a simple and reliable way to verify account IDs?
What are the steps to reproduce the issue?
- Create an API token without the permission to view account details.
- Run the following:
curl --request GET \ --url https://api.cloudflare.com/client/v4/accounts/{account_id}/ \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer {api_token}'