Permissions too open for our API?


Im trying to add an API key that is only able to edit 1 domains zone but the only option is for all zones.

Are you able to add this option in? I’d like to be able to lock it down to only be able to edit a single DNS record but even if it was only per domain that would be a lot better than how it is now.

This is for letsencrypt/certbot with the cloudflare-dns package


Hi @adam25,

I think much of what you describe is available:

1 Like

Hey domjh,

The documentation of certbot says that they are waiting on cloudflare to allow more specific permissions here:

It seems that setting permissions to single zones does not work currently.