New API tokens

Now that API tokens is available for everybody (yay!)…

Is there a way to create a token for full access to a specific zone? I’m not seeing a way to add token permission for certain parts of the dashboard, such as minification. I ask because WP Fastest Cache uses the API to set certain features and purge the cache.

I believe this can be done by skimming through api.cloudflare.com to see where each feature fits, but it would be nice to not have to go on a fishing expedition to find out what all access a specific app needs to work with a zone.

3 Likes

Shouldnt that be one of those two choices?

It is, but it’s not working. The app provides very little feedback on why it’s not working. It may be checking a bunch of things. I guess I’ll have to dig through the code or ask the author.

1 Like

You mean creating that token isnt working or using the token isnt? The former seems to work for me.

Using the token. I’ve looked through the code and can’t figure out which permission isn’t set. It’s saying “Invalid Header”. Isn’t the API syntax identical for Global API as it is for the Token API?

1 Like

Nope, instead of the two X-Auth headers you’d have to use the Authorization header.

2 Likes

Check out the example it shows when creating the token

curl -X GET "https://api.cloudflare.com/client/v4/user/tokens/verify" \
     -H "Authorization: Bearer [TOKEN]" \
     -H "Content-Type:application/json"
2 Likes

Yes, the “Purge Cache”, etc. function itself.

Here’s the source:
https://pastebin.com/hqmWYdiM

For the token, I’ve enabled Edit for Zone:Zone Settings, Zone:Zone, and Zone:Cache Purge
All for a specific Zone.

2 Likes

That code does not use Authorization.

1 Like

I get it…I think. So it no longer requires the email address either. It’s just using new syntax, as the blog post explained near the bottom when they talked about the new RFC Authorization Bearer standard.

Does this mean that if I use the new syntax with my Global API key that it will also work? Just wondering if devs can migrate to the new syntax and not break anything.

1 Like

Yes, the credentials are different now when using a token compared to the global key. But the overall call should be the same, I’d expect.

1 Like

Not working…yet:

ProBrain:~ scott$ curl -X POST "https://api.cloudflare.com/client/v4/zones/0d9bc5dc1b351ac7c262cd398a57dbad/purge_cache" -H "Authorization: Bearer MY_GLOBAL_API_KEY" -H "Content-Type: application/json" --data '{"purge_everything":true}'

{“success”:false,“errors”:[{“code”:6003,“message”:“Invalid request headers”,“error_chain”:[{“code”:6111,“message”:"InvalidPrProBrPProPrPP

1 Like

With Authorization you need to use a token, the global key wont work.

1 Like

Ok. So existing code that’s designed for Global API can’t be modified to accommodate both. Devs will need to either switch over to tokens, or give users the option to use one or the other.

1 Like

I guess it can be modified, but thats what needs to happen. It needs to get modified :slight_smile:

In short, the global key uses the X-Auth headers, tokens use Authorization.

4 Likes

yup that’s how goes for now :slight_smile:

For my own scripts, I just modify it so it can support either cf global or token api methods.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.