English (US) Deutsch Español (España) Français (France) 日本語 한국어 한국어(대한민국) Português do Brasil 简体中文

Cloudflare Help Center

Detailed system status >

Articles in this section

Connect with the Cloudflare Community

Get answers

Managing API Tokens and Keys

  • Updated

Learn how to create API keys and tokens to manage your Cloudflare account settings.

Overview

The Cloudflare API exposes the entire Cloudflare functionality via a programmatic interface. You can manage your account settings, configure products, and develop applications using the Cloudflare API.

Using the Cloudflare API requires either an API token or API key to authenticate the source of the API request. To learn more about the authentication process, review the Cloudflare API documentation.

An API key is unique to each Cloudflare user and used only for authentication. The API key does not authorize access to accounts or zones. 

API tokens allow you to authorize access to specific Cloudflare apps, accounts, and zones with limited permissions. Each Cloudflare user can have up to 50 API tokens associated with their Cloudflare account.

API tokens are associated with the user that created them. If your Cloudflare account is invalidated or your permissions change, you will lose access to your API token.

If you manage a multi-user account, Cloudflare recommends creating a service account to issue tokens for automated production processes.

Generate API token

To generate an API token:

1. Log in to the Cloudflare dashboard.

2. Under the My Profile dropdown, click My Profile.

3. Click the API tokens tab.

4. Click the Create Token button. You will see the Create Token screen.

screenshot of API Tokens screen in Cloudflare dashboard with

5. You have two configuration options to select from:

  • Click Get Started in the Custom token section to manually set your desired token configuration. Then, proceed to Step 6.
screenshot of the create API token screen in the Cloudflare dashboard
  • Select Start with a template to choose from a list of common configurations. Choose a template, then click Use template. Then, proceed to Step 6.
screenshot of create custom token screen in Cloudflare dashboard

6. Select the following edit or read Permissions:

  • Account or Zone Resources: API token will include or exclude your account(s) or the domains and subdomains associated with your account(s).

7. Select the following edit or read Resources:

  • Account or Zone: API token will apply to your account(s) or the domains and subdomains associated with your account(s).
Old URL: https://support.cloudflare.com/hc/article_attachments/360037715152/api_token_permission___zone_resources.png Article IDs: 200167836 | Managing API Tokens and Keys

8. Click Continue to summary.

9. Review the API token details, then click Create Token to finish. You will see a confirmation message with your API token.

10. Click Copy to save your API token on your computer. This token contains your secret key, so be sure to save it in a secure location.

Screenshot of API Tokens screen in Cloudflare dashboard with the API token blurred out.

Roll API token

If your API token is compromised or lost, you can either create a new token or Roll your secret key into a new one. Rolling your secret key will authorize the same access and permissions as the previous key.

To roll your API token, click Roll in the API Tokens section of the Cloudflare dashboard.

Old URL: https://support.cloudflare.com/hc/article_attachments/360037706151/api_tokens_roll.png Article IDs: 200167836 | Managing API Tokens and Keys

Then, click Confirm to continue and you will see a new API token secret key.

View API Key

To retrieve your API key:

1. Log in to the Cloudflare dashboard.

2. Under the My Profile dropdown, click My Profile.

3. Click the API tokens tab.

4. In the API keys section, choose one of two options: Global API Key or Origin CA Key. Choose the API Key that you would like to view.

The Global API Key is your main API key. The Origin CA Key is only used when creating origin certificates using the API.

5. To change your API Key, click Change. You will need to complete a Captcha before the change is applied.

Old URL: https://support.cloudflare.com/hc/article_attachments/360029003892/api_keys_multiuseraccount.png Article IDs: 200167836 | Managing API Tokens and Keys

The Global API key does not work for the Hosting Partner API. To retrieve your Hosting Partner key (also knows as Host API key), login to your dashboard. If you would like to become a Hosting partner, please contact our hosting partner team.

Related resources

Not finding what you need?

Searching can help answer 95% of support questions. This is the quickest way to get answers.

Ask the Community Submit a request

Related articles

Not finding what you need?

Searching can help answer 95% of support questions. This is the quickest way to get answers.

Ask the Community Submit a request