Managing API Tokens and Keys

Learn how to create API keys and tokens to manage your Cloudflare account settings.


Overview

The Cloudflare API exposes the entire Cloudflare functionality via a programmatic interface. You can manage your account settings, configure products, and develop applications using the Cloudflare API.

Using the Cloudflare API requires either an API token or API key to authenticate the source of the API request. To learn more about the authentication process, review the Cloudflare API documentation.

An API key is unique to each Cloudflare user and used only for authentication. The API key does not authorize access to accounts or zones. 

API tokens allow you to authorize access to specific Cloudflare apps, accounts, and zones with limited permissions. Each Cloudflare user can have up to 50 API tokens associated with their Cloudflare account.

API tokens are associated with the user that created them. If your Cloudflare account is invalidated or your permissions change, you will lose access to your API token.

If you manage a multi-user account, Cloudflare recommends creating a service account to issue tokens for automated production processes.

To learn more about API tokens, read our blog post.


Generate API token

To generate an API token:

1. Log in to the Cloudflare dashboard.

2. Under the My Profile dropdown, click My Profile.

3. Click the API tokens tab.

4. Click the Create Token button. You will see the Create Token screen.api_tokens.png

5. You have two configuration options to select from:

5a.Select Custom to manually set your desired token configuration. Then, proceed to Step 6.create_api_token.png

5b. Select Start with a template to choose from a list of common configurations. Choose a template, then click Use template. Then, proceed to Step 6.api_token_from_template.png

6. Select the following edit or read Permissions:

  • Account or Zone Resources: API token will include or exclude your account(s) or the domains and subdomains associated with your account(s).

7. Select the following edit or read Resources:

  • Account or Zone: API token will apply to your account(s) or the domains and subdomains associated with your account(s).

api_token_permission___zone_resources.png

8. Click Continue to summary.

9. Review the API token details, then click Create Token to finish. You will see a confirmation message with your API token.

10. Click Copy to save your API token on your computer. This token contains your secret key, so be sure to save it in a secure location.

This is the only time you will be presented with the API token secret key.

api_token_screenshot.png


Roll API token

If your API token is compromised or lost, you can either create a new token or Roll your secret key into a new one. Rolling your secret key will authorize the same access and permissions as the previous key.

To roll your API token, click Roll in the API Tokens section of the Cloudflare dashboard.

api_tokens_roll.png

Then, click Confirm to continue and you will see a new API token secret key.


View API key

To retrieve your API key:

1. Log in to the Cloudflare dashboard.

2. Under the My Profile dropdown, click My Profile.

3. Click the API tokens tab.

4. In the API keys section, choose one of two options: Global API Key or Origin CA Key. Choose the API Key that you would like to view.

The Global API Key is your main API key. The Origin CA Key is only used when creating origin certificates using the API.

5. To change your API Key, click Change. You will need to complete a Captcha before the change is applied.

api_keys_multiuseraccount.png

The Global API key does not work for the Hosting Partner API. To retrieve your Hosting Partner key (also knows as "Host API key"), review these instructionsIf you would like to become a Hosting partner, please contact our hosting partner team. 

Related resources

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Powered by Zendesk