Restricted API keys


#35

+1

API key restricted to only one or more sites would be a big step forward (or, if simpler, a different API key for every site)


#36

Another +1 from me.

The ability to generate keys which are scoped to either specific actions and / or Zones would be a huge step forwards.

Our particular use case allows users to link up their CF account so they can have 1-click deploy of a Workers script, but storing a Global API key which could potentially modify anything in their entire account makes us pretty uneasy.


#37

I just recently had my talk with the CF Team and while I cant really talk about the contents the people there seem fairly great and I think I can really look forward to this.


#38

I too, would like to sign up for the beta (I have been following this thread for a few months now).

My use‑case is clearing the  cache when my CI infrastructure finishes building my website and deploys it, so that the changed files can be updated (I cache static HTML in Cloudflare’s edge).


#39

Looking forward to seeing this - it’s a reason we’ve held off on commercial use, as automation is such a big part of our processes.

I’m hoping that at a minimum, it permits per-domain, feature level access.

Is there a timeline for GA?


#40

+1

The ability to create restricted api keys would be realy good. If any beta testing help is needed I would be more than welcome to help.


#41

We need this as well. If there’s a private beta, an invite would be appreciated! Our use case has already been mentioned here - we want to purge cache when assets change, that’s it.

At a minimum, the feature should allow us to create an API key and specify “Allow to purge_cache in zone 123”. It should work as a restriction to my user account, that is, it’s still me who is doing the request, I’m just limited in what I can do. This means I can create an API key even for a zone which belongs to a different account (to which I have been invited to).

It would be great (but not essential) if I could (in no particular order):

  • see the last time the API key was used
  • regenerate the key’s value without having to create a new key (and specify the all permissions again)
  • temporarily disable the key
  • make the key usable only from a set of IP addresses
  • see a log of actions performed by the key over time

@g2theg I’m happy to answer any questions you might have over email.


#42

+1

My basic use case is to dynamically update an a / aaa record.


#43

I’m interested in restricted use API keys. I use Amazon’s IAM feature for this purpose when delegating AWS tasks.


#44

+1

Occassionally need to purge cached files via API, but concerned about use of global API key for this… a read only scope would be useful too.


#45

+1

My use case would be to lock down a key to only allow DNS changes for one of my domains, preferably just specific records. Locking it down to specific features for a single domain would be a very good start though. :slight_smile:


#46

+1 from me on this.
My use case is to be able to create a restricted (read-only) API key for monitoring and analytics tool (Datadog) to use. If/when this is available for beta test I’d appreciate an invite.

Thank you.


#47

+1. Bumping this again


#48

+1 It would be great to have restricted API keys


#49

Adding our +1 and a request for beta access if it becomes available.


#50

Exact same concerns as OP here!

+1

Is there already an update to this issue?


#51

Really looking forward to this one. My requirement would be to create a limited scope token that can complete ACME DNS challenge for a single domain :slight_smile:


#52

On that note, it would be cool if we could create templates or share links (like Cloudflareworkers.com) containing the combination of scopes needed for an API key. This would be great for automated tools (like ACME v2 clients) to prompt the user to enter a key with a link that would allow creating a key with the exact necessary scopes needed.

I am also interested in the beta :slight_smile:


#53

API key is well working on google crome web browser but not working on Mozilla Firefox web browser why? just guide me how can i use this software.


#54

This has nothing to do with this topic. Please open an specific Thread for this problem, or use the search.