Learn how to create API keys and tokens to manage your Cloudflare account settings.
Overview
The Cloudflare API exposes the entire Cloudflare functionality via a programmatic interface. You can manage your account settings, configure products, and develop applications using the Cloudflare API.
Using the Cloudflare API requires either an API token or API key to authenticate the source of the API request. To learn more about the authentication process, review the Cloudflare API documentation.
An API key is unique to each Cloudflare user and used only for authentication. The API key does not authorize access to accounts or zones.
API tokens allow you to authorize access to specific Cloudflare apps, accounts, and zones with limited permissions. Each Cloudflare user can have up to 50 API tokens associated with their Cloudflare account.
API tokens are associated with the user that created them. If your Cloudflare account is invalidated or your permissions change, you will lose access to your API token.
Creating API tokens
Refer to Creating API tokens for information on this topic.
Roll API token
Refer to Roll API token for information on this topic.
View API Key
To retrieve your API key:
1. Log in to the Cloudflare dashboard.
2. Under the My Profile dropdown, click My Profile.
3. Click the API tokens tab.
4. In the API keys section, choose one of two options: Global API Key or Origin CA Key. Choose the API Key that you would like to view.
5. To change your API Key, click Change. You will need to complete a Captcha before the change is applied.
Troubleshooting API Tokens
- The token itself is not verified
You can ensure the token has been verified by running the following curl and confirm the response returns "status": "active".
#CURL (example) curl -X GET "https://api.cloudflare.com/client/v4/user/tokens/verify" \ -H "Authorization: Bearer" \ -H "Content-Type:application/json" #Response (example) { "success": true, "errors": [], "messages": [], "result": { "id": "f267e341f3dd4697bd3b9f71dd96247f", "status": "active", "not_before": "2018-07-01T05:20:00Z", "expires_on": "2020-01-01T00:00:00Z" }
- The token has incorrect permissions
Send us a screenshot of the permissions you have set up so that we can verify that the permission has been correctly set.
- Incorrect Syntax
On occasion, customers will attempt to use an API Token with an API Key syntax. Ensure you are using the Bearer option, rather than the Email and API key pair.
curl -X GET "https://api.cloudflare.com/client/v4/user/tokens?page=1&per_page=20&direction=desc" \ -H "Authorization: Bearer 8M7wS6hCpXVc-DoRnPPY_UCWPgy8aea4Wy6kCe5T"
- Incorrect User Permissions when attempting to create Token
You cannot create a token for yourself exceeding the permission granted to you on your account. For example, if you have been granted an Admin (Read only) role, you would need your Super Administrator to update your role so that you could create a token for yourself.