Anybody out there got an example of using the KV API with bearer tokens? I can get stuff to work fine with the email and auth key approach, but bearer tokens always fail. I need to expose a KV to someone else and obviously do not want to provide the global API key!

"code: 10000, message: “Authentication error”

The Authorization header is constructed thus (the token below is just made up):

“Authorization”: “Bearer CFPB-pprQ8ppHg_IgIFRVx2BmPrg-T9uRu7ic9HY”

I have verified the actual bearer token is good using CURL: https://api.cloudflare.com/client/v4/user/tokens/verify

Of course, this does not tell me it is good for the purpose to which I desire to place it, i.e. KV reads and writes. The token definition has one line:

Permissions

Workers KV Storage

Edit

I can confirm that using the KV API (e.g. Read key-value pair) works with an api token (e.g. with Account - Workers KV Storage:Edit).

Authorization is as you’ve described: Authorization: Bearer <token>

Thanks, I will keep poking away

Looking at how you say your header is constructed, there is something odd about where the colon is and whether there is enough whitespace between the end of authorization and the start of bearer…

The token variant definitely works (I was playing with this yesterday), using curl to get a value from KV looks like

curl "https://api.cloudflare.com/client/v4/accounts/youraccountidhere/storage/kv/namespaces/yourknvnamespaceidhere/values/test" \
> -H "Authorization: Bearer yourtokenhere"

Thanks for the assistance. Turns out the token was getting relayed between two services and one of the services did not have "x-token` as an authorized header for OPTIONS requests; hence, it was failing. The Authorization header was actually OK (when the token actually got to it!)