What is x-Auth-Key?

Hi, i’m trying to purge cache using api, but what is x-auth-key ? where can i find it ?

tried global api key in https://dash.cloudflare.com/profile/api-tokens
and also tried created a new api token with purge cache permission.

both not work.


Use the bearer format for tokens

Authorization: Bearer <token>

1 Like

Global API key should have worked.

Can you be more specific? What was the error message?

Hi all, actually both work,

curl -X POST "https://api.cloudflare.com/client/v4/zones/:zone_id/purge_cache" \
     -H "X-Auth-Email: [email protected]" \
     -H "X-Auth-Key: global api key" \
     -H "Content-Type: application/json" \
     --data '{"purge_everything":true}'

curl -X POST "https://api.cloudflare.com/client/v4/zones/:zone_id/purge_cache" \
     -H "Authorization: Bearer api_token" \
     -H "Content-Type: application/json" \
     --data '{"purge_everything":true}'

I’m new to cloudflare, i made a stupid mistake. i copied the account id from the url, i thought it was zone id.

the error message misleads me

{"success":false,"errors":[{"code":10000,"message":"Authentication error"}]}

Makes sense, it will also show Authentication error if you don’t have access to another (potential) resource, like a zone ID you don’t own.

Authorization error should be better if you don’t have access to another resource :grinning:

Hi @df1228

welcome! Glad to hear that you managed to get it working. As a side note, my advice would be to use API tokens (scoped) instead of the global API key, as a best practice. Of course the API key is very handy if you are experimenting with the different calls.



Thanks for advice, it was used in a script after static content generated by hugo deployed to server, i set it to ENV. it’s safe on my local laptop.