Skip to content
Analytics
Visit Analytics on GitHub
Set theme to dark (⇧+D)

Authentication

Cloudflare separates service configuration by zone. When there are multiple accounts each with many zones, it is important to restrict GraphQL Analytics API access to only those account and zone resources that are relevant for the task at hand.

To secure access your GraphQL Analytics data, use a Cloudflare API key or token to authenticate an API request.

This table outlines the differences between Cloudflare API keys and tokens:

Authentication MethodDescription
API Keys

Unique to each Cloudflare user and used only for authentication. API keys do not authorize access to accounts or zones.

Use the Global API Key for authentication. Only use the Origin CA Key when you create origin certificates through the API.

API TokensCloudflare recommends API Tokens as the preferred way to interact with Cloudflare APIs. You can configure the scope of tokens to limit access to account and zone resources, and you can define the Cloudflare APIs to which the token authorizes access.

To find and retrieve API keys, as well as edit HTTP headers for authentication in GraphiQL, see Authenticate with a Cloudflare API key.

To create and configure GraphQL Analytics API tokens, see Configure an Analytics API token.