User Permissions and API Security


#1

I am very happy to see that the ability to create sub-users has been lowered to all customers. It is still really needed to have the ability to modify the permissions of sub-users.

I have several people I would like to grant access to be able to clear the Cloudflare Cache, but I do not want them to have full administrator access to the entire account.

The API is not really a solution to this problem for me as the security around that is very weak. Using the API completely removes the security benefit of having 2FA on your account. There is also no ability to restrict the use of the API to certain IP’s. It’s essentially a root password to your account with no additional security around it.

I would love it if Cloudflare could add the ability to limit permissions on user and API accounts. It would also be very great if you could limit API usage to specific IP’s.

Thank you!


#2

It would also be nice to have API keys that provide access only to certain features (e.g. the aforementioned cache clearing, which I could then setup CI to automatically clear the cache once a build completes successfully and the site gets updated).


#3

Bump. This is so important. The API is useless to me without additional permissions. I’m not giving an intern root API access when I want him to just be able to perform some data analytic collection.