# Tokens ## List Tokens `client.Accounts.Tokens.List(ctx, params) (*V4PagePaginationArray[Token], error)` **get** `/accounts/{account_id}/tokens` List all Account Owned API tokens created for this account. ### Parameters - `params TokenListParams` - `AccountID param.Field[string]` Path param: Account identifier tag. - `Direction param.Field[TokenListParamsDirection]` Query param: Direction to order results. - `const TokenListParamsDirectionAsc TokenListParamsDirection = "asc"` - `const TokenListParamsDirectionDesc TokenListParamsDirection = "desc"` - `Page param.Field[float64]` Query param: Page number of paginated results. - `PerPage param.Field[float64]` Query param: Maximum number of results per page. ### Returns - `type Token struct{…}` - `ID string` Token identifier tag. - `Condition TokenCondition` - `RequestIP TokenConditionRequestIP` Client IP restrictions. - `In []TokenConditionCIDRList` List of IPv4/IPv6 CIDR addresses. - `NotIn []TokenConditionCIDRList` List of IPv4/IPv6 CIDR addresses. - `ExpiresOn Time` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `IssuedOn Time` The time on which the token was created. - `LastUsedOn Time` Last time the token was used. - `ModifiedOn Time` Last time the token was modified. - `Name string` Token name. - `NotBefore Time` The time before which the token MUST NOT be accepted for processing. - `Policies []TokenPolicy` List of access policies assigned to the token. - `ID string` Policy identifier. - `Effect TokenPolicyEffect` Allow or deny operations against the resources. - `const TokenPolicyEffectAllow TokenPolicyEffect = "allow"` - `const TokenPolicyEffectDeny TokenPolicyEffect = "deny"` - `PermissionGroups []TokenPolicyPermissionGroup` A set of permission groups that are specified to the policy. - `ID string` Identifier of the permission group. - `Meta TokenPolicyPermissionGroupsMeta` Attributes associated to the permission group. - `Key string` - `Value string` - `Name string` Name of the permission group. - `Resources TokenPolicyResourcesUnion` A list of resource names that the policy applies to. - `type TokenPolicyResourcesIAMResourcesTypeObjectString map[string, string]` Map of simple string resource permissions - `type TokenPolicyResourcesIAMResourcesTypeObjectNested map[string, map[string, string]]` Map of nested resource permissions - `Status TokenStatus` Status of the token. - `const TokenStatusActive TokenStatus = "active"` - `const TokenStatusDisabled TokenStatus = "disabled"` - `const TokenStatusExpired TokenStatus = "expired"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/accounts" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.Accounts.Tokens.List(context.TODO(), accounts.TokenListParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "ed17574386854bf78a67040be0a770b0", "condition": { "request_ip": { "in": [ "123.123.123.0/24", "2606:4700::/32" ], "not_in": [ "123.123.123.100/24", "2606:4700:4700::/48" ] } }, "expires_on": "2020-01-01T00:00:00Z", "issued_on": "2018-07-01T05:20:00Z", "last_used_on": "2020-01-02T12:34:00Z", "modified_on": "2018-07-02T05:20:00Z", "name": "readonly token", "not_before": "2018-07-01T05:20:00Z", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "effect": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resources": { "foo": "string" } } ], "status": "active" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Token Details `client.Accounts.Tokens.Get(ctx, tokenID, query) (*Token, error)` **get** `/accounts/{account_id}/tokens/{token_id}` Get information about a specific Account Owned API token. ### Parameters - `tokenID string` Token identifier tag. - `query TokenGetParams` - `AccountID param.Field[string]` Account identifier tag. ### Returns - `type Token struct{…}` - `ID string` Token identifier tag. - `Condition TokenCondition` - `RequestIP TokenConditionRequestIP` Client IP restrictions. - `In []TokenConditionCIDRList` List of IPv4/IPv6 CIDR addresses. - `NotIn []TokenConditionCIDRList` List of IPv4/IPv6 CIDR addresses. - `ExpiresOn Time` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `IssuedOn Time` The time on which the token was created. - `LastUsedOn Time` Last time the token was used. - `ModifiedOn Time` Last time the token was modified. - `Name string` Token name. - `NotBefore Time` The time before which the token MUST NOT be accepted for processing. - `Policies []TokenPolicy` List of access policies assigned to the token. - `ID string` Policy identifier. - `Effect TokenPolicyEffect` Allow or deny operations against the resources. - `const TokenPolicyEffectAllow TokenPolicyEffect = "allow"` - `const TokenPolicyEffectDeny TokenPolicyEffect = "deny"` - `PermissionGroups []TokenPolicyPermissionGroup` A set of permission groups that are specified to the policy. - `ID string` Identifier of the permission group. - `Meta TokenPolicyPermissionGroupsMeta` Attributes associated to the permission group. - `Key string` - `Value string` - `Name string` Name of the permission group. - `Resources TokenPolicyResourcesUnion` A list of resource names that the policy applies to. - `type TokenPolicyResourcesIAMResourcesTypeObjectString map[string, string]` Map of simple string resource permissions - `type TokenPolicyResourcesIAMResourcesTypeObjectNested map[string, map[string, string]]` Map of nested resource permissions - `Status TokenStatus` Status of the token. - `const TokenStatusActive TokenStatus = "active"` - `const TokenStatusDisabled TokenStatus = "disabled"` - `const TokenStatusExpired TokenStatus = "expired"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/accounts" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) token, err := client.Accounts.Tokens.Get( context.TODO(), "ed17574386854bf78a67040be0a770b0", accounts.TokenGetParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", token.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "ed17574386854bf78a67040be0a770b0", "condition": { "request_ip": { "in": [ "123.123.123.0/24", "2606:4700::/32" ], "not_in": [ "123.123.123.100/24", "2606:4700:4700::/48" ] } }, "expires_on": "2020-01-01T00:00:00Z", "issued_on": "2018-07-01T05:20:00Z", "last_used_on": "2020-01-02T12:34:00Z", "modified_on": "2018-07-02T05:20:00Z", "name": "readonly token", "not_before": "2018-07-01T05:20:00Z", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "effect": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resources": { "foo": "string" } } ], "status": "active" } } ``` ## Create Token `client.Accounts.Tokens.New(ctx, params) (*TokenNewResponse, error)` **post** `/accounts/{account_id}/tokens` Create a new Account Owned API token. ### Parameters - `params TokenNewParams` - `AccountID param.Field[string]` Path param: Account identifier tag. - `Name param.Field[string]` Body param: Token name. - `Policies param.Field[[]TokenPolicy]` Body param: List of access policies assigned to the token. - `ID string` Policy identifier. - `Effect TokenPolicyEffect` Allow or deny operations against the resources. - `const TokenPolicyEffectAllow TokenPolicyEffect = "allow"` - `const TokenPolicyEffectDeny TokenPolicyEffect = "deny"` - `PermissionGroups []TokenPolicyPermissionGroup` A set of permission groups that are specified to the policy. - `ID string` Identifier of the permission group. - `Meta TokenPolicyPermissionGroupsMeta` Attributes associated to the permission group. - `Key string` - `Value string` - `Name string` Name of the permission group. - `Resources TokenPolicyResourcesUnion` A list of resource names that the policy applies to. - `type TokenPolicyResourcesIAMResourcesTypeObjectString map[string, string]` Map of simple string resource permissions - `type TokenPolicyResourcesIAMResourcesTypeObjectNested map[string, map[string, string]]` Map of nested resource permissions - `Condition param.Field[TokenNewParamsCondition]` Body param - `RequestIP TokenNewParamsConditionRequestIP` Client IP restrictions. - `In []TokenConditionCIDRList` List of IPv4/IPv6 CIDR addresses. - `NotIn []TokenConditionCIDRList` List of IPv4/IPv6 CIDR addresses. - `ExpiresOn param.Field[Time]` Body param: The expiration time on or after which the JWT MUST NOT be accepted for processing. - `NotBefore param.Field[Time]` Body param: The time before which the token MUST NOT be accepted for processing. ### Returns - `type TokenNewResponse struct{…}` - `ID string` Token identifier tag. - `Condition TokenNewResponseCondition` - `RequestIP TokenNewResponseConditionRequestIP` Client IP restrictions. - `In []TokenConditionCIDRList` List of IPv4/IPv6 CIDR addresses. - `NotIn []TokenConditionCIDRList` List of IPv4/IPv6 CIDR addresses. - `ExpiresOn Time` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `IssuedOn Time` The time on which the token was created. - `LastUsedOn Time` Last time the token was used. - `ModifiedOn Time` Last time the token was modified. - `Name string` Token name. - `NotBefore Time` The time before which the token MUST NOT be accepted for processing. - `Policies []TokenPolicy` List of access policies assigned to the token. - `ID string` Policy identifier. - `Effect TokenPolicyEffect` Allow or deny operations against the resources. - `const TokenPolicyEffectAllow TokenPolicyEffect = "allow"` - `const TokenPolicyEffectDeny TokenPolicyEffect = "deny"` - `PermissionGroups []TokenPolicyPermissionGroup` A set of permission groups that are specified to the policy. - `ID string` Identifier of the permission group. - `Meta TokenPolicyPermissionGroupsMeta` Attributes associated to the permission group. - `Key string` - `Value string` - `Name string` Name of the permission group. - `Resources TokenPolicyResourcesUnion` A list of resource names that the policy applies to. - `type TokenPolicyResourcesIAMResourcesTypeObjectString map[string, string]` Map of simple string resource permissions - `type TokenPolicyResourcesIAMResourcesTypeObjectNested map[string, map[string, string]]` Map of nested resource permissions - `Status TokenNewResponseStatus` Status of the token. - `const TokenNewResponseStatusActive TokenNewResponseStatus = "active"` - `const TokenNewResponseStatusDisabled TokenNewResponseStatus = "disabled"` - `const TokenNewResponseStatusExpired TokenNewResponseStatus = "expired"` - `Value TokenValue` The token value. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/accounts" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/shared" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) token, err := client.Accounts.Tokens.New(context.TODO(), accounts.TokenNewParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Name: cloudflare.F("readonly token"), Policies: cloudflare.F([]shared.TokenPolicyParam{shared.TokenPolicyParam{ Effect: cloudflare.F(shared.TokenPolicyEffectAllow), PermissionGroups: cloudflare.F([]shared.TokenPolicyPermissionGroupParam{shared.TokenPolicyPermissionGroupParam{ ID: cloudflare.F("c8fed203ed3043cba015a93ad1616f1f"), }, shared.TokenPolicyPermissionGroupParam{ ID: cloudflare.F("82e64a83756745bbbb1c9c2701bf816b"), }}), Resources: cloudflare.F[shared.TokenPolicyResourcesUnionParam](shared.TokenPolicyResourcesIAMResourcesTypeObjectStringParam(map[string]string{ "foo": "string", })), }}), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", token.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "ed17574386854bf78a67040be0a770b0", "condition": { "request_ip": { "in": [ "123.123.123.0/24", "2606:4700::/32" ], "not_in": [ "123.123.123.100/24", "2606:4700:4700::/48" ] } }, "expires_on": "2020-01-01T00:00:00Z", "issued_on": "2018-07-01T05:20:00Z", "last_used_on": "2020-01-02T12:34:00Z", "modified_on": "2018-07-02T05:20:00Z", "name": "readonly token", "not_before": "2018-07-01T05:20:00Z", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "effect": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resources": { "foo": "string" } } ], "status": "active", "value": "8M7wS6hCpXVc-DoRnPPY_UCWPgy8aea4Wy6kCe5T" } } ``` ## Update Token `client.Accounts.Tokens.Update(ctx, tokenID, params) (*Token, error)` **put** `/accounts/{account_id}/tokens/{token_id}` Update an existing token. ### Parameters - `tokenID string` Token identifier tag. - `params TokenUpdateParams` - `AccountID param.Field[string]` Path param: Account identifier tag. - `Token param.Field[Token]` Body param ### Returns - `type Token struct{…}` - `ID string` Token identifier tag. - `Condition TokenCondition` - `RequestIP TokenConditionRequestIP` Client IP restrictions. - `In []TokenConditionCIDRList` List of IPv4/IPv6 CIDR addresses. - `NotIn []TokenConditionCIDRList` List of IPv4/IPv6 CIDR addresses. - `ExpiresOn Time` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `IssuedOn Time` The time on which the token was created. - `LastUsedOn Time` Last time the token was used. - `ModifiedOn Time` Last time the token was modified. - `Name string` Token name. - `NotBefore Time` The time before which the token MUST NOT be accepted for processing. - `Policies []TokenPolicy` List of access policies assigned to the token. - `ID string` Policy identifier. - `Effect TokenPolicyEffect` Allow or deny operations against the resources. - `const TokenPolicyEffectAllow TokenPolicyEffect = "allow"` - `const TokenPolicyEffectDeny TokenPolicyEffect = "deny"` - `PermissionGroups []TokenPolicyPermissionGroup` A set of permission groups that are specified to the policy. - `ID string` Identifier of the permission group. - `Meta TokenPolicyPermissionGroupsMeta` Attributes associated to the permission group. - `Key string` - `Value string` - `Name string` Name of the permission group. - `Resources TokenPolicyResourcesUnion` A list of resource names that the policy applies to. - `type TokenPolicyResourcesIAMResourcesTypeObjectString map[string, string]` Map of simple string resource permissions - `type TokenPolicyResourcesIAMResourcesTypeObjectNested map[string, map[string, string]]` Map of nested resource permissions - `Status TokenStatus` Status of the token. - `const TokenStatusActive TokenStatus = "active"` - `const TokenStatusDisabled TokenStatus = "disabled"` - `const TokenStatusExpired TokenStatus = "expired"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/accounts" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/shared" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) token, err := client.Accounts.Tokens.Update( context.TODO(), "ed17574386854bf78a67040be0a770b0", accounts.TokenUpdateParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Token: shared.TokenParam{ Name: cloudflare.F("readonly token"), Policies: cloudflare.F([]shared.TokenPolicyParam{shared.TokenPolicyParam{ Effect: cloudflare.F(shared.TokenPolicyEffectAllow), PermissionGroups: cloudflare.F([]shared.TokenPolicyPermissionGroupParam{shared.TokenPolicyPermissionGroupParam{ ID: cloudflare.F("c8fed203ed3043cba015a93ad1616f1f"), }, shared.TokenPolicyPermissionGroupParam{ ID: cloudflare.F("82e64a83756745bbbb1c9c2701bf816b"), }}), Resources: cloudflare.F[shared.TokenPolicyResourcesUnionParam](shared.TokenPolicyResourcesIAMResourcesTypeObjectStringParam(map[string]string{ "foo": "string", })), }}), }, }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", token.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "ed17574386854bf78a67040be0a770b0", "condition": { "request_ip": { "in": [ "123.123.123.0/24", "2606:4700::/32" ], "not_in": [ "123.123.123.100/24", "2606:4700:4700::/48" ] } }, "expires_on": "2020-01-01T00:00:00Z", "issued_on": "2018-07-01T05:20:00Z", "last_used_on": "2020-01-02T12:34:00Z", "modified_on": "2018-07-02T05:20:00Z", "name": "readonly token", "not_before": "2018-07-01T05:20:00Z", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "effect": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resources": { "foo": "string" } } ], "status": "active" } } ``` ## Delete Token `client.Accounts.Tokens.Delete(ctx, tokenID, body) (*TokenDeleteResponse, error)` **delete** `/accounts/{account_id}/tokens/{token_id}` Destroy an Account Owned API token. ### Parameters - `tokenID string` Token identifier tag. - `body TokenDeleteParams` - `AccountID param.Field[string]` Account identifier tag. ### Returns - `type TokenDeleteResponse struct{…}` - `ID string` Identifier ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/accounts" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) token, err := client.Accounts.Tokens.Delete( context.TODO(), "ed17574386854bf78a67040be0a770b0", accounts.TokenDeleteParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", token.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353" } } ``` ## Verify Token `client.Accounts.Tokens.Verify(ctx, query) (*TokenVerifyResponse, error)` **get** `/accounts/{account_id}/tokens/verify` Test whether a token works. ### Parameters - `query TokenVerifyParams` - `AccountID param.Field[string]` Account identifier tag. ### Returns - `type TokenVerifyResponse struct{…}` - `ID string` Token identifier tag. - `Status TokenVerifyResponseStatus` Status of the token. - `const TokenVerifyResponseStatusActive TokenVerifyResponseStatus = "active"` - `const TokenVerifyResponseStatusDisabled TokenVerifyResponseStatus = "disabled"` - `const TokenVerifyResponseStatusExpired TokenVerifyResponseStatus = "expired"` - `ExpiresOn Time` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `NotBefore Time` The time before which the token MUST NOT be accepted for processing. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/accounts" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.Accounts.Tokens.Verify(context.TODO(), accounts.TokenVerifyParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "ed17574386854bf78a67040be0a770b0", "status": "active", "expires_on": "2020-01-01T00:00:00Z", "not_before": "2018-07-01T05:20:00Z" } } ``` # Permission Groups ## List Permission Groups `client.Accounts.Tokens.PermissionGroups.List(ctx, params) (*SinglePage[TokenPermissionGroupListResponse], error)` **get** `/accounts/{account_id}/tokens/permission_groups` Find all available permission groups for Account Owned API Tokens ### Parameters - `params TokenPermissionGroupListParams` - `AccountID param.Field[string]` Path param: Account identifier tag. - `Name param.Field[string]` Query param: Filter by the name of the permission group. The value must be URL-encoded. - `Scope param.Field[string]` Query param: Filter by the scope of the permission group. The value must be URL-encoded. ### Returns - `type TokenPermissionGroupListResponse struct{…}` - `ID string` Public ID. - `Name string` Permission Group Name - `Scopes []TokenPermissionGroupListResponseScope` Resources to which the Permission Group is scoped - `const TokenPermissionGroupListResponseScopeComCloudflareAPIAccount TokenPermissionGroupListResponseScope = "com.cloudflare.api.account"` - `const TokenPermissionGroupListResponseScopeComCloudflareAPIAccountZone TokenPermissionGroupListResponseScope = "com.cloudflare.api.account.zone"` - `const TokenPermissionGroupListResponseScopeComCloudflareAPIUser TokenPermissionGroupListResponseScope = "com.cloudflare.api.user"` - `const TokenPermissionGroupListResponseScopeComCloudflareEdgeR2Bucket TokenPermissionGroupListResponseScope = "com.cloudflare.edge.r2.bucket"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/accounts" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.Accounts.Tokens.PermissionGroups.List(context.TODO(), accounts.TokenPermissionGroupListParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "7cf72faf220841aabcfdfab81c43c4f6", "name": "Billing Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "9d24387c6e8544e2bc4024a03991339f", "name": "Load Balancing: Monitors and Pools Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "d2a1802cc9a34e30852f8b33869b2f3c", "name": "Load Balancing: Monitors and Pools Write", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "8b47d2786a534c08a1f94ee8f9f599ef", "name": "Workers KV Storage Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "f7f0eda5697f475c90846e879bab8666", "name": "Workers KV Storage Write", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "1a71c399035b4950a1bd1466bbe4f420", "name": "Workers Scripts Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "e086da7e2179491d91ee5f35b3ca210a", "name": "Workers Scripts Write", "scopes": [ "com.cloudflare.api.account" ] } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## List Permission Groups `client.Accounts.Tokens.PermissionGroups.Get(ctx, params) (*[]TokenPermissionGroupGetResponse, error)` **get** `/accounts/{account_id}/tokens/permission_groups` Find all available permission groups for Account Owned API Tokens ### Parameters - `params TokenPermissionGroupGetParams` - `AccountID param.Field[string]` Path param: Account identifier tag. - `Name param.Field[string]` Query param: Filter by the name of the permission group. The value must be URL-encoded. - `Scope param.Field[string]` Query param: Filter by the scope of the permission group. The value must be URL-encoded. ### Returns - `type TokenPermissionGroupGetResponseEnvelopeResult []TokenPermissionGroupGetResponse` - `ID string` Public ID. - `Name string` Permission Group Name - `Scopes []TokenPermissionGroupGetResponseScope` Resources to which the Permission Group is scoped - `const TokenPermissionGroupGetResponseScopeComCloudflareAPIAccount TokenPermissionGroupGetResponseScope = "com.cloudflare.api.account"` - `const TokenPermissionGroupGetResponseScopeComCloudflareAPIAccountZone TokenPermissionGroupGetResponseScope = "com.cloudflare.api.account.zone"` - `const TokenPermissionGroupGetResponseScopeComCloudflareAPIUser TokenPermissionGroupGetResponseScope = "com.cloudflare.api.user"` - `const TokenPermissionGroupGetResponseScopeComCloudflareEdgeR2Bucket TokenPermissionGroupGetResponseScope = "com.cloudflare.edge.r2.bucket"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/accounts" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) permissionGroups, err := client.Accounts.Tokens.PermissionGroups.Get(context.TODO(), accounts.TokenPermissionGroupGetParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", permissionGroups) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "7cf72faf220841aabcfdfab81c43c4f6", "name": "Billing Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "9d24387c6e8544e2bc4024a03991339f", "name": "Load Balancing: Monitors and Pools Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "d2a1802cc9a34e30852f8b33869b2f3c", "name": "Load Balancing: Monitors and Pools Write", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "8b47d2786a534c08a1f94ee8f9f599ef", "name": "Workers KV Storage Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "f7f0eda5697f475c90846e879bab8666", "name": "Workers KV Storage Write", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "1a71c399035b4950a1bd1466bbe4f420", "name": "Workers Scripts Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "e086da7e2179491d91ee5f35b3ca210a", "name": "Workers Scripts Write", "scopes": [ "com.cloudflare.api.account" ] } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Value ## Roll Token `client.Accounts.Tokens.Value.Update(ctx, tokenID, params) (*TokenValue, error)` **put** `/accounts/{account_id}/tokens/{token_id}/value` Roll the Account Owned API token secret. ### Parameters - `tokenID string` Token identifier tag. - `params TokenValueUpdateParams` - `AccountID param.Field[string]` Path param: Account identifier tag. - `Body param.Field[unknown]` Body param ### Returns - `type TokenValue string` The token value. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/accounts" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) tokenValue, err := client.Accounts.Tokens.Value.Update( context.TODO(), "ed17574386854bf78a67040be0a770b0", accounts.TokenValueUpdateParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Body: map[string]interface{}{ }, }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", tokenValue) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": "8M7wS6hCpXVc-DoRnPPY_UCWPgy8aea4Wy6kCe5T" } ```