Learn how to create API keys and tokens to manage your Cloudflare account settings.
Overview
The Cloudflare API exposes the entire Cloudflare functionality via a programmatic interface. You can manage your account settings, configure products, and develop applications using the Cloudflare API.
Using the Cloudflare API requires either an API token or API key to authenticate the source of the API request. To learn more about the authentication process, review the Cloudflare API documentation.
An API key is unique to each Cloudflare user and used only for authentication. The API key does not authorize access to accounts or zones.
API tokens allow you to authorize access to specific Cloudflare apps, accounts, and zones with limited permissions. Each Cloudflare user can have up to 50 API tokens associated with their Cloudflare account.
API tokens are associated with the user that created them. If your Cloudflare account is invalidated or your permissions change, you will lose access to your API token.
Generate API token
To generate an API token:
1. Log in to the Cloudflare dashboard.
2. Under the My Profile dropdown, click My Profile.
3. Click the API tokens tab.
4. Click the Create Token button. You will see the Create Token screen.
5. You have two configuration options to select from:
- Click Get Started in the Custom token section to manually set your desired token configuration. Then, proceed to Step 6.
- Select Start with a template to choose from a list of common configurations. Choose a template, then click Use template. Then, proceed to Step 6.
6. Select the following edit or read Permissions:
- Account or Zone Resources: API token will include or exclude your account(s) or the domains and subdomains associated with your account(s).
7. Select the following edit or read Resources:
- Account or Zone: API token will apply to your account(s) or the domains and subdomains associated with your account(s).
8. Click Continue to summary.
9. Review the API token details, then click Create Token to finish. You will see a confirmation message with your API token.
10. Click Copy to save your API token on your computer. This token contains your secret key, so be sure to save it in a secure location.
Roll API token
If your API token is compromised or lost, you can either create a new token or Roll your secret key into a new one. Rolling your secret key will authorize the same access and permissions as the previous key.
To roll your API token, click Roll in the API Tokens section of the Cloudflare dashboard.
Then, click Confirm to continue and you will see a new API token secret key.
View API Key
To retrieve your API key:
1. Log in to the Cloudflare dashboard.
2. Under the My Profile dropdown, click My Profile.
3. Click the API tokens tab.
4. In the API keys section, choose one of two options: Global API Key or Origin CA Key. Choose the API Key that you would like to view.
5. To change your API Key, click Change. You will need to complete a Captcha before the change is applied.
