Skip to content
Cloudflare API
Start here
API Reference
Accounts

Tokens

List Tokens
accounts.tokens.list(TokenListParams**kwargs) -> SyncV4PagePaginationArray[Token]
GET/accounts/{account_id}/tokens
Token Details
accounts.tokens.get(strtoken_id, TokenGetParams**kwargs) -> Token
GET/accounts/{account_id}/tokens/{token_id}
Create Token
accounts.tokens.create(TokenCreateParams**kwargs) -> TokenCreateResponse
POST/accounts/{account_id}/tokens
Update Token
accounts.tokens.update(strtoken_id, TokenUpdateParams**kwargs) -> Token
PUT/accounts/{account_id}/tokens/{token_id}
Delete Token
accounts.tokens.delete(strtoken_id, TokenDeleteParams**kwargs) -> TokenDeleteResponse
DELETE/accounts/{account_id}/tokens/{token_id}
Verify Token
accounts.tokens.verify(TokenVerifyParams**kwargs) -> TokenVerifyResponse
GET/accounts/{account_id}/tokens/verify
ModelsExpand Collapse
class TokenCreateResponse:
id: Optional[str]

Token identifier tag.

maxLength32
condition: Optional[Condition]
request_ip: Optional[ConditionRequestIP]

Client IP restrictions.

in_: Optional[List[TokenConditionCIDRList]]

List of IPv4/IPv6 CIDR addresses.

not_in: Optional[List[TokenConditionCIDRList]]

List of IPv4/IPv6 CIDR addresses.

expires_on: Optional[datetime]

The expiration time on or after which the JWT MUST NOT be accepted for processing.

formatdate-time
issued_on: Optional[datetime]

The time on which the token was created.

formatdate-time
last_used_on: Optional[datetime]

Last time the token was used.

formatdate-time
modified_on: Optional[datetime]

Last time the token was modified.

formatdate-time
name: Optional[str]

Token name.

maxLength120
not_before: Optional[datetime]

The time before which the token MUST NOT be accepted for processing.

formatdate-time
policies: Optional[List[TokenPolicy]]

List of access policies assigned to the token.

id: str

Policy identifier.

effect: Literal["allow", "deny"]

Allow or deny operations against the resources.

One of the following:
"allow"
"deny"
permission_groups: List[PermissionGroup]

A set of permission groups that are specified to the policy.

id: str

Identifier of the permission group.

meta: Optional[PermissionGroupMeta]

Attributes associated to the permission group.

key: Optional[str]
value: Optional[str]
name: Optional[str]

Name of the permission group.

resources: Union[Dict[str, str], Dict[str, Dict[str, str]]]

A list of resource names that the policy applies to.

One of the following:
Dict[str, str]

Map of simple string resource permissions

Dict[str, Dict[str, str]]

Map of nested resource permissions

status: Optional[Literal["active", "disabled", "expired"]]

Status of the token.

One of the following:
"active"
"disabled"
"expired"
value: Optional[TokenValue]

The token value.

maxLength80
minLength40
class TokenDeleteResponse:
id: str

Identifier

maxLength32
minLength32
class TokenVerifyResponse:
id: str

Token identifier tag.

maxLength32
status: Literal["active", "disabled", "expired"]

Status of the token.

One of the following:
"active"
"disabled"
"expired"
expires_on: Optional[datetime]

The expiration time on or after which the JWT MUST NOT be accepted for processing.

formatdate-time
not_before: Optional[datetime]

The time before which the token MUST NOT be accepted for processing.

formatdate-time

TokensPermission Groups

List Permission Groups
accounts.tokens.permission_groups.list(PermissionGroupListParams**kwargs) -> SyncSinglePage[PermissionGroupListResponse]
GET/accounts/{account_id}/tokens/permission_groups
List Permission Groups
accounts.tokens.permission_groups.get(PermissionGroupGetParams**kwargs) -> PermissionGroupGetResponse
GET/accounts/{account_id}/tokens/permission_groups
ModelsExpand Collapse
class PermissionGroupListResponse:
id: Optional[str]

Public ID.

name: Optional[str]

Permission Group Name

scopes: Optional[List[Literal["com.cloudflare.api.account", "com.cloudflare.api.account.zone", "com.cloudflare.api.user", "com.cloudflare.edge.r2.bucket"]]]

Resources to which the Permission Group is scoped

One of the following:
"com.cloudflare.api.account"
"com.cloudflare.api.account.zone"
"com.cloudflare.api.user"
"com.cloudflare.edge.r2.bucket"
List[PermissionGroupGetResponseItem]
id: Optional[str]

Public ID.

name: Optional[str]

Permission Group Name

scopes: Optional[List[Literal["com.cloudflare.api.account", "com.cloudflare.api.account.zone", "com.cloudflare.api.user", "com.cloudflare.edge.r2.bucket"]]]

Resources to which the Permission Group is scoped

One of the following:
"com.cloudflare.api.account"
"com.cloudflare.api.account.zone"
"com.cloudflare.api.user"
"com.cloudflare.edge.r2.bucket"

TokensValue

Roll Token
accounts.tokens.value.update(strtoken_id, ValueUpdateParams**kwargs) -> TokenValue
PUT/accounts/{account_id}/tokens/{token_id}/value