API Reference

User

Tokens

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Create Token

client.User.Tokens.New(ctx, body) (*TokenNewResponse, error)

POST/user/tokens

Create a new access token.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

Accepted Permissions (at least one required)

API Tokens Write

ParametersExpand Collapse

body TokenNewParams

Name param.Field[string]

Token name.

maxLength120

Policies param.Field[[]TokenPolicy]

List of access policies assigned to the token.

ID string

Policy identifier.

Effect TokenPolicyEffect

Allow or deny operations against the resources.

One of the following:

const TokenPolicyEffectAllow TokenPolicyEffect = "allow"

const TokenPolicyEffectDeny TokenPolicyEffect = "deny"

PermissionGroups []TokenPolicyPermissionGroup

A set of permission groups that are specified to the policy.

ID string

Identifier of the permission group.

Meta TokenPolicyPermissionGroupsMetaoptional

Attributes associated to the permission group.

Key stringoptional

Value stringoptional

Name stringoptional

Name of the permission group.

Resources TokenPolicyResourcesUnion

A list of resource names that the policy applies to.

One of the following:

type TokenPolicyResourcesIAMResourcesTypeObjectString map[string, string]

Map of simple string resource permissions

type TokenPolicyResourcesIAMResourcesTypeObjectNested map[string, map[string, string]]

Map of nested resource permissions

Condition param.Field[TokenNewParamsCondition]optional

RequestIP TokenNewParamsConditionRequestIPoptional

Client IP restrictions.

In []TokenConditionCIDRListoptional

List of IPv4/IPv6 CIDR addresses.

NotIn []TokenConditionCIDRListoptional

List of IPv4/IPv6 CIDR addresses.

ExpiresOn param.Field[Time]optional

The expiration time on or after which the JWT MUST NOT be accepted for processing.

formatdate-time

NotBefore param.Field[Time]optional

The time before which the token MUST NOT be accepted for processing.

formatdate-time

ReturnsExpand Collapse

type TokenNewResponse struct{…}

ID stringoptional

Token identifier tag.

maxLength32

Condition TokenNewResponseConditionoptional

RequestIP TokenNewResponseConditionRequestIPoptional

Client IP restrictions.

In []TokenConditionCIDRListoptional

List of IPv4/IPv6 CIDR addresses.

NotIn []TokenConditionCIDRListoptional

List of IPv4/IPv6 CIDR addresses.

ExpiresOn Timeoptional

The expiration time on or after which the JWT MUST NOT be accepted for processing.

formatdate-time

IssuedOn Timeoptional

The time on which the token was created.

formatdate-time

LastUsedOn Timeoptional

Last time the token was used.

formatdate-time

ModifiedOn Timeoptional

Last time the token was modified.

formatdate-time

Name stringoptional

Token name.

maxLength120

NotBefore Timeoptional

The time before which the token MUST NOT be accepted for processing.

formatdate-time

Policies []TokenPolicyoptional

List of access policies assigned to the token.

ID string

Policy identifier.

Effect TokenPolicyEffect

Allow or deny operations against the resources.

One of the following:

const TokenPolicyEffectAllow TokenPolicyEffect = "allow"

const TokenPolicyEffectDeny TokenPolicyEffect = "deny"

PermissionGroups []TokenPolicyPermissionGroup

A set of permission groups that are specified to the policy.

ID string

Identifier of the permission group.

Meta TokenPolicyPermissionGroupsMetaoptional

Attributes associated to the permission group.

Key stringoptional

Value stringoptional

Name stringoptional

Name of the permission group.

Resources TokenPolicyResourcesUnion

A list of resource names that the policy applies to.

One of the following:

type TokenPolicyResourcesIAMResourcesTypeObjectString map[string, string]

Map of simple string resource permissions

type TokenPolicyResourcesIAMResourcesTypeObjectNested map[string, map[string, string]]

Map of nested resource permissions

Status TokenNewResponseStatusoptional

Status of the token.

One of the following:

const TokenNewResponseStatusActive TokenNewResponseStatus = "active"

const TokenNewResponseStatusDisabled TokenNewResponseStatus = "disabled"

const TokenNewResponseStatusExpired TokenNewResponseStatus = "expired"

Value TokenValueoptional

The token value.

maxLength80

minLength40

Create Token

Go

HTTP

TypeScript

Python

Go

Terraform

package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/option"
  "github.com/cloudflare/cloudflare-go/shared"
  "github.com/cloudflare/cloudflare-go/user"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
  )
  token, err := client.User.Tokens.New(context.TODO(), user.TokenNewParams{
    Name: cloudflare.F("readonly token"),
    Policies: cloudflare.F([]shared.TokenPolicyParam{shared.TokenPolicyParam{
      Effect: cloudflare.F(shared.TokenPolicyEffectAllow),
      PermissionGroups: cloudflare.F([]shared.TokenPolicyPermissionGroupParam{shared.TokenPolicyPermissionGroupParam{
        ID: cloudflare.F("c8fed203ed3043cba015a93ad1616f1f"),
      }, shared.TokenPolicyPermissionGroupParam{
        ID: cloudflare.F("82e64a83756745bbbb1c9c2701bf816b"),
      }}),
      Resources: cloudflare.F[shared.TokenPolicyResourcesUnionParam](shared.TokenPolicyResourcesIAMResourcesTypeObjectStringParam(map[string]string{
      "foo": "string",
      })),
    }}),
  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", token.ID)
}

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "ed17574386854bf78a67040be0a770b0",
    "condition": {
      "request_ip": {
        "in": [
          "123.123.123.0/24",
          "2606:4700::/32"
        ],
        "not_in": [
          "123.123.123.100/24",
          "2606:4700:4700::/48"
        ]
      }
    },
    "expires_on": "2020-01-01T00:00:00Z",
    "issued_on": "2018-07-01T05:20:00Z",
    "last_used_on": "2020-01-02T12:34:00Z",
    "modified_on": "2018-07-02T05:20:00Z",
    "name": "readonly token",
    "not_before": "2018-07-01T05:20:00Z",
    "policies": [
      {
        "id": "f267e341f3dd4697bd3b9f71dd96247f",
        "effect": "allow",
        "permission_groups": [
          {
            "id": "c8fed203ed3043cba015a93ad1616f1f",
            "meta": {
              "key": "key",
              "value": "value"
            },
            "name": "Zone Read"
          },
          {
            "id": "82e64a83756745bbbb1c9c2701bf816b",
            "meta": {
              "key": "key",
              "value": "value"
            },
            "name": "Magic Network Monitoring"
          }
        ],
        "resources": {
          "foo": "string"
        }
      }
    ],
    "status": "active",
    "value": "8M7wS6hCpXVc-DoRnPPY_UCWPgy8aea4Wy6kCe5T"
  }
}

Returns Examples

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "ed17574386854bf78a67040be0a770b0",
    "condition": {
      "request_ip": {
        "in": [
          "123.123.123.0/24",
          "2606:4700::/32"
        ],
        "not_in": [
          "123.123.123.100/24",
          "2606:4700:4700::/48"
        ]
      }
    },
    "expires_on": "2020-01-01T00:00:00Z",
    "issued_on": "2018-07-01T05:20:00Z",
    "last_used_on": "2020-01-02T12:34:00Z",
    "modified_on": "2018-07-02T05:20:00Z",
    "name": "readonly token",
    "not_before": "2018-07-01T05:20:00Z",
    "policies": [
      {
        "id": "f267e341f3dd4697bd3b9f71dd96247f",
        "effect": "allow",
        "permission_groups": [
          {
            "id": "c8fed203ed3043cba015a93ad1616f1f",
            "meta": {
              "key": "key",
              "value": "value"
            },
            "name": "Zone Read"
          },
          {
            "id": "82e64a83756745bbbb1c9c2701bf816b",
            "meta": {
              "key": "key",
              "value": "value"
            },
            "name": "Magic Network Monitoring"
          }
        ],
        "resources": {
          "foo": "string"
        }
      }
    ],
    "status": "active",
    "value": "8M7wS6hCpXVc-DoRnPPY_UCWPgy8aea4Wy6kCe5T"
  }
}