I want to use an API Token to create (and delete) “SSL/TLS → Custom Hostnames” but I always receive a:
{'success': False, 'errors': [{'code': 10000, 'message': 'Authentication error'}]}
403 Client Error: Forbidden for url: https://api.cloudflare.com/client/v4/zones/.../custom_hostnames
I tried already various permisisons without success. I also checked https://api.cloudflare.com/client/v4/user/tokens/permission_groups but the json didn’t contain anything about Custom Hostnames. (The closest there is Web3 Hostnames, but that’s not the same as far as I understood)
Any Help would be much appreciated!
Can you share the API call that you are making? Sometimes that error can display if the call is being made incorrectly
Hi @Cyb3r-Jak3
I am using the example of the documentation to test things, so this one here:
https://developers.cloudflare.com/api/operations/custom-hostname-for-a-zone-create-custom-hostname
export CLOUDFLARE_API_TOKEN="abc"
export CLOUDFLARE_ZONE_IDENTIFIER="def"
curl --request POST \
--url "https://api.cloudflare.com/client/v4/zones/${CLOUDFLARE_ZONE_IDENTIFIER}/custom_hostnames" \
--header 'Content-Type: application/json' \
--header "Authorization: Bearer ${CLOUDFLARE_API_TOKEN}" \
--data '{
"custom_metadata": {
"key": "value"
},
"hostname": "app.example.com",
"ssl": {
"bundle_method": "ubiquitous",
"certificate_authority": "google",
"custom_certificate": "-----BEGIN CERTIFICATE-----\\nMIIFJDCCBAygAwIBAgIQD0ifmj/Yi5NP/2gdUySbfzANBgkqhkiG9w0BAQsFADBN\\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E...SzSHfXp5lnu/3V08I72q1QNzOCgY1XeL4GKVcj4or6cT6tX6oJH7ePPmfrBfqI/O\\nOeH8gMJ+FuwtXYEPa4hBf38M5eU5xWG7\\n-----END CERTIFICATE-----\\n",
"custom_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmG\ndtcGbg/1CGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKn\nabIRuGvBKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpid\ntnKX/a+50GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+py\nFxIXjbEIdZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pE\newooaeO2izNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABAoIBACbhTYXBZYKmYPCb\nHBR1IBlCQA2nLGf0qRuJNJZg5iEzXows/6tc8YymZkQE7nolapWsQ+upk2y5Xdp/\naxiuprIs9JzkYK8Ox0r+dlwCG1kSW+UAbX0bQ/qUqlsTvU6muVuMP8vZYHxJ3wmb\n+ufRBKztPTQ/rYWaYQcgC0RWI20HTFBMxlTAyNxYNWzX7RKFkGVVyB9RsAtmcc8g\n+j4OdosbfNoJPS0HeIfNpAznDfHKdxDk2Yc1tV6RHBrC1ynyLE9+TaflIAdo2MVv\nKLMLq51GqYKtgJFIlBRPQqKoyXdz3fGvXrTkf/WY9QNq0J1Vk5ERePZ54mN8iZB7\n9lwy/AkCgYEA6FXzosxswaJ2wQLeoYc7ceaweX/SwTvxHgXzRyJIIT0eJWgx13Wo\n/WA3Iziimsjf6qE+SI/8laxPp2A86VMaIt3Z3mJN/CqSVGw8LK2AQst+OwdPyDMu\niacE8lj/IFGC8mwNUAb9CzGU3JpU4PxxGFjS/eMtGeRXCWkK4NE+G08CgYEA1Kp9\nN2JrVlqUz+gAX+LPmE9OEMAS9WQSQsfCHGogIFDGGcNf7+uwBM7GAaSJIP01zcoe\nVAgWdzXCv3FLhsaZoJ6RyLOLay5phbu1iaTr4UNYm5WtYTzMzqh8l1+MFFDl9xDB\nvULuCIIrglM5MeS/qnSg1uMoH2oVPj9TVst/ir8CgYEAxrI7Ws9Zc4Bt70N1As+U\nlySjaEVZCMkqvHJ6TCuVZFfQoE0r0whdLdRLU2PsLFP+q7qaeZQqgBaNSKeVcDYR\n9B+nY/jOmQoPewPVsp/vQTCnE/R81spu0mp0YI6cIheT1Z9zAy322svcc43JaWB7\nmEbeqyLOP4Z4qSOcmghZBSECgYACvR9Xs0DGn+wCsW4vze/2ei77MD4OQvepPIFX\ndFZtlBy5ADcgE9z0cuVB6CiL8DbdK5kwY9pGNr8HUCI03iHkW6Zs+0L0YmihfEVe\nPG19PSzK9CaDdhD9KFZSbLyVFmWfxOt50H7YRTTiPMgjyFpfi5j2q348yVT0tEQS\nfhRqaQKBgAcWPokmJ7EbYQGeMbS7HC8eWO/RyamlnSffdCdSc7ue3zdVJxpAkQ8W\nqu80pEIF6raIQfAf8MXiiZ7auFOSnHQTXUbhCpvDLKi0Mwq3G8Pl07l+2s6dQG6T\nlv6XTQaMyf6n1yjzL+fzDrH3qXMxHMO/b13EePXpDMpY7HQpoLDi\n-----END RSA PRIVATE KEY-----\n",
"method": "http",
"settings": {
"ciphers": [
"ECDHE-RSA-AES128-GCM-SHA256",
"AES128-SHA"
],
"early_hints": "on",
"http2": "on",
"min_tls_version": "1.2",
"tls_1_3": "on"
},
"type": "dv",
"wildcard": false
}
}'
The response:
{"success":false,"errors":[{"code":10000,"message":"Authentication error"}]}
Thank you very much for taking a look!
That looks right. According to the old api docs Cloudflare API v4 Documentation you need SSL:EDIT permissions for the API token. Have you tried that one?
Hi @Cyb3r-Jak3 , Thanks for the quick reply. I didn’t try it before, so i just added the Permission Zone → SSL and Certificates → Edit yet same result.
Ah no. Sorry my bad. Yes it works with
Zone → SSL and Certificates → Edit
Thanks alot for your help!
1 Like
system
March 19, 2023, 9:56pm
7
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.
