Stream and /accounts vs /zones API

This is in reply to some feedback here, with respect to use of the /zones API for Stream. My response here may be off-topic for that thread, hence the new thread.

When using an API token, with only the permission Account.Stream:Edit, general account details are available using the /zones API endpoint. The following will provide account ID, account email and various other things.

curl -X GET "https://api.cloudflare.com/client/v4/zones/{ZONE ID}" -H "Authorization: Bearer {TOKEN}" -H "Content-Type:application/json"

The same is not true however, when using the /accounts API endpoint. The equivalent command will produce an error, unless additional read permissions are granted to the token (I’m not sure which specifically).

curl -X GET "https://api.cloudflare.com/client/v4/accounts/{ACCOUNT ID}" -H "Authorization: Bearer {TOKEN}" -H "Content-Type:application/json"
{"success":false,"errors":[{"code":9109,"message":"Unauthorized to access requested resource"}],"messages":[],"result":null}

It’s possible I’ve missed the correct /accounts alternative. If I haven’t though, the reason I raise this, is because unless mistaken, this endpoint could be uniquely capable of providing general account details (such as subdomain / customer-{CODE}), using an API token with limited Account.Stream:Edit permissions.

Additionally, perhaps the /accounts endpoint could be modified to deliver limited data, to API tokens with that permission, for the purpose of consistency.

Thanks @Bink! Great feedback. Appreciate you taking the time to explain the plugin use case as well. We’ll think about the ideal way to provide this subdomain/code via the API.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.