Scoped API Tokens

The administrators managing policies and groups in Cloudflare Access might be different from the users responsible for configuring firewall rules or other Cloudflare for Infrastructure settings. Cloudflare Access supports scoped API tokens so that team members and automated systems can manage settings specific to Access without having permission to modify other configurations in Cloudflare.

Creating a scoped API token

  1. In the Cloudflare dashboard, click the user icon in the top right and navigate to “My Profile”.

  2. Select the API Tokens tab. The existing tokens will display.

Create Token

  1. Click Create Token.

Token levels

Cloudflare Access has two tiers of API tokens: account-level and zone-level.

Account-level tokens

Account-level configuration in Access consists of details that apply to the entire account, including:

Follow the steps below to create an account-level token.

  1. In the first drop-down menu, select Account.

Create Token

  1. In the next drop-down, select Access: Organizations, Identity Providers, and Groups.

  2. You can configure the token to be Read or Write in the third drop-down.

  3. In the final section, the token can be applied to a single account or multiple if you are an administrator of multiple Cloudflare accounts.

  4. Click Continue to summary. The next page will display the token details and instructions on how to use it.

Zone-level tokens

Zone-level configuration in Access consists of details that apply to a specific zone, including:

  • The applications and policies built to protect a resource

Follow the steps below to create a zone-level token.

  1. In the first drop-down menu, select Zone.

Create Token

  1. In the next drop-down, select Access: Apps and Policies.

  2. You can configure the token to be Read or Write in the third drop-down.

  3. In the final section, the token can be applied to a single zone or All zones.

  4. Click Continue to summary. The next page will display the token details and instructions on how to use it.

Zone Token

Review tokens

You can review tokens created in the API Tokens tab. In this view, you can roll, revoke, or edit issued tokens.

View