Skip to content
Start here

Create a token

moq.relays.tokens.create(strrelay_id, TokenCreateParams**kwargs) -> TokenCreateResponse
POST/accounts/{account_id}/moq/relays/{relay_id}/tokens

Mints a new relay-scoped token and adds it to the relay’s accepted-auth registry. The token value (secret) is shown once in the response. A relay may hold up to 10 tokens; creating an 11th is rejected.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
ParametersExpand Collapse
account_id: str

Cloudflare account identifier.

relay_id: str
operations: List[Literal["publish", "subscribe"]]

Non-empty subset of the V1 roles the token is allowed to perform. Signed into the token.

One of the following:
"publish"
"subscribe"
expires_at: Optional[Union[str, datetime]]

Optional expiry (RFC 3339). Defaults to 1 year from creation; rejected if more than 1 year in the future.

formatdate-time
label: Optional[str]

Optional, customer-set label.

ReturnsExpand Collapse
class TokenCreateResponse:

A relay’s token collection, keyed on issuer type (a discriminated union). V1 ships exactly one arm (cloudflare_jwt). Clients iterate issuers, switch on type, and ignore unknown types — that contract is what makes adding or removing an arm non-breaking.

issuers: List[Issuer]
cloudflare_tokens: List[IssuerCloudflareToken]

Always present ([] when empty).

created: datetime
formatdate-time
expires: datetime

Mandatory; no more than 1 year after created.

formatdate-time
jti: str

Token identity and registry key (32 hex chars).

operations: List[Literal["publish", "subscribe"]]

Signed allowlist of what the token may do. V1 coarse roles; the array form extends to fine-grained MoQT message names later without a breaking change.

One of the following:
"publish"
"subscribe"
label: Optional[str]

Optional, customer-set.

secret: Optional[str]

The signed JWT. Present ONLY in create / auto-create responses (shown once); never returned by list, never stored.

issuer: Literal["cloudflare"]
type: Literal["cloudflare_jwt"]

Create a token

import os
from cloudflare import Cloudflare

client = Cloudflare(
    api_token=os.environ.get("CLOUDFLARE_API_TOKEN"),  # This is the default and can be omitted
)
token = client.moq.relays.tokens.create(
    relay_id="a1b2c3d4e5f67890a1b2c3d4e5f67890",
    account_id="023e105f4ecef8ad9ca31a8372d0c353",
    operations=["publish", "subscribe"],
)
print(token.issuers)
{
  "errors": [
    {
      "code": 0,
      "message": "message"
    }
  ],
  "messages": [
    {
      "code": 0,
      "message": "message"
    }
  ],
  "success": true,
  "result": {
    "issuers": [
      {
        "cloudflare_tokens": [
          {
            "created": "2019-12-27T18:11:19.117Z",
            "expires": "2019-12-27T18:11:19.117Z",
            "jti": "f3a1b2c3d4e5f67890a1b2c3d4e5f678",
            "operations": [
              "publish",
              "subscribe"
            ],
            "label": "primary-encoder",
            "secret": "eyJhbGciOiJFZDI1NTE5..."
          }
        ],
        "issuer": "cloudflare",
        "type": "cloudflare_jwt"
      }
    ]
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 0,
      "message": "message"
    }
  ],
  "messages": [
    {
      "code": 0,
      "message": "message"
    }
  ],
  "success": true,
  "result": {
    "issuers": [
      {
        "cloudflare_tokens": [
          {
            "created": "2019-12-27T18:11:19.117Z",
            "expires": "2019-12-27T18:11:19.117Z",
            "jti": "f3a1b2c3d4e5f67890a1b2c3d4e5f678",
            "operations": [
              "publish",
              "subscribe"
            ],
            "label": "primary-encoder",
            "secret": "eyJhbGciOiJFZDI1NTE5..."
          }
        ],
        "issuer": "cloudflare",
        "type": "cloudflare_jwt"
      }
    ]
  }
}