# Tokens ## List Tokens `user.tokens.list(TokenListParams**kwargs) -> SyncV4PagePaginationArray[Token]` **get** `/user/tokens` List all access tokens you created. ### Parameters - `direction: Optional[Literal["asc", "desc"]]` Direction to order results. - `"asc"` - `"desc"` - `page: Optional[float]` Page number of paginated results. - `per_page: Optional[float]` Maximum number of results per page. ### Returns - `class Token: …` - `id: Optional[str]` Token identifier tag. - `condition: Optional[Condition]` - `request_ip: Optional[ConditionRequestIP]` Client IP restrictions. - `in_: Optional[List[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `not_in: Optional[List[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `expires_on: Optional[datetime]` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `issued_on: Optional[datetime]` The time on which the token was created. - `last_used_on: Optional[datetime]` Last time the token was used. - `modified_on: Optional[datetime]` Last time the token was modified. - `name: Optional[str]` Token name. - `not_before: Optional[datetime]` The time before which the token MUST NOT be accepted for processing. - `policies: Optional[List[TokenPolicy]]` List of access policies assigned to the token. - `id: str` Policy identifier. - `effect: Literal["allow", "deny"]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: List[PermissionGroup]` A set of permission groups that are specified to the policy. - `id: str` Identifier of the permission group. - `meta: Optional[PermissionGroupMeta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. - `resources: Union[Dict[str, str], Dict[str, Dict[str, str]]]` A list of resource names that the policy applies to. - `Dict[str, str]` Map of simple string resource permissions - `Dict[str, Dict[str, str]]` Map of nested resource permissions - `status: Optional[Literal["active", "disabled", "expired"]]` Status of the token. - `"active"` - `"disabled"` - `"expired"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.user.tokens.list() page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "ed17574386854bf78a67040be0a770b0", "condition": { "request_ip": { "in": [ "123.123.123.0/24", "2606:4700::/32" ], "not_in": [ "123.123.123.100/24", "2606:4700:4700::/48" ] } }, "expires_on": "2020-01-01T00:00:00Z", "issued_on": "2018-07-01T05:20:00Z", "last_used_on": "2020-01-02T12:34:00Z", "modified_on": "2018-07-02T05:20:00Z", "name": "readonly token", "not_before": "2018-07-01T05:20:00Z", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "effect": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resources": { "foo": "string" } } ], "status": "active" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Token Details `user.tokens.get(strtoken_id) -> Token` **get** `/user/tokens/{token_id}` Get information about a specific token. ### Parameters - `token_id: str` Token identifier tag. ### Returns - `class Token: …` - `id: Optional[str]` Token identifier tag. - `condition: Optional[Condition]` - `request_ip: Optional[ConditionRequestIP]` Client IP restrictions. - `in_: Optional[List[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `not_in: Optional[List[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `expires_on: Optional[datetime]` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `issued_on: Optional[datetime]` The time on which the token was created. - `last_used_on: Optional[datetime]` Last time the token was used. - `modified_on: Optional[datetime]` Last time the token was modified. - `name: Optional[str]` Token name. - `not_before: Optional[datetime]` The time before which the token MUST NOT be accepted for processing. - `policies: Optional[List[TokenPolicy]]` List of access policies assigned to the token. - `id: str` Policy identifier. - `effect: Literal["allow", "deny"]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: List[PermissionGroup]` A set of permission groups that are specified to the policy. - `id: str` Identifier of the permission group. - `meta: Optional[PermissionGroupMeta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. - `resources: Union[Dict[str, str], Dict[str, Dict[str, str]]]` A list of resource names that the policy applies to. - `Dict[str, str]` Map of simple string resource permissions - `Dict[str, Dict[str, str]]` Map of nested resource permissions - `status: Optional[Literal["active", "disabled", "expired"]]` Status of the token. - `"active"` - `"disabled"` - `"expired"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) token = client.user.tokens.get( "ed17574386854bf78a67040be0a770b0", ) print(token.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "ed17574386854bf78a67040be0a770b0", "condition": { "request_ip": { "in": [ "123.123.123.0/24", "2606:4700::/32" ], "not_in": [ "123.123.123.100/24", "2606:4700:4700::/48" ] } }, "expires_on": "2020-01-01T00:00:00Z", "issued_on": "2018-07-01T05:20:00Z", "last_used_on": "2020-01-02T12:34:00Z", "modified_on": "2018-07-02T05:20:00Z", "name": "readonly token", "not_before": "2018-07-01T05:20:00Z", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "effect": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resources": { "foo": "string" } } ], "status": "active" } } ``` ## Create Token `user.tokens.create(TokenCreateParams**kwargs) -> TokenCreateResponse` **post** `/user/tokens` Create a new access token. ### Parameters - `name: str` Token name. - `policies: Iterable[TokenPolicy]` List of access policies assigned to the token. - `id: str` Policy identifier. - `effect: Literal["allow", "deny"]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: List[PermissionGroup]` A set of permission groups that are specified to the policy. - `id: str` Identifier of the permission group. - `meta: Optional[PermissionGroupMeta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. - `resources: Union[Dict[str, str], Dict[str, Dict[str, str]]]` A list of resource names that the policy applies to. - `Dict[str, str]` Map of simple string resource permissions - `Dict[str, Dict[str, str]]` Map of nested resource permissions - `condition: Optional[Condition]` - `request_ip: Optional[ConditionRequestIP]` Client IP restrictions. - `in_: Optional[SequenceNotStr[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `not_in: Optional[SequenceNotStr[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `expires_on: Optional[Union[str, datetime]]` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `not_before: Optional[Union[str, datetime]]` The time before which the token MUST NOT be accepted for processing. ### Returns - `class TokenCreateResponse: …` - `id: Optional[str]` Token identifier tag. - `condition: Optional[Condition]` - `request_ip: Optional[ConditionRequestIP]` Client IP restrictions. - `in_: Optional[List[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `not_in: Optional[List[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `expires_on: Optional[datetime]` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `issued_on: Optional[datetime]` The time on which the token was created. - `last_used_on: Optional[datetime]` Last time the token was used. - `modified_on: Optional[datetime]` Last time the token was modified. - `name: Optional[str]` Token name. - `not_before: Optional[datetime]` The time before which the token MUST NOT be accepted for processing. - `policies: Optional[List[TokenPolicy]]` List of access policies assigned to the token. - `id: str` Policy identifier. - `effect: Literal["allow", "deny"]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: List[PermissionGroup]` A set of permission groups that are specified to the policy. - `id: str` Identifier of the permission group. - `meta: Optional[PermissionGroupMeta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. - `resources: Union[Dict[str, str], Dict[str, Dict[str, str]]]` A list of resource names that the policy applies to. - `Dict[str, str]` Map of simple string resource permissions - `Dict[str, Dict[str, str]]` Map of nested resource permissions - `status: Optional[Literal["active", "disabled", "expired"]]` Status of the token. - `"active"` - `"disabled"` - `"expired"` - `value: Optional[TokenValue]` The token value. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) token = client.user.tokens.create( name="readonly token", policies=[{ "effect": "allow", "permission_groups": [{ "id": "c8fed203ed3043cba015a93ad1616f1f" }, { "id": "82e64a83756745bbbb1c9c2701bf816b" }], "resources": { "foo": "string" }, }], ) print(token.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "ed17574386854bf78a67040be0a770b0", "condition": { "request_ip": { "in": [ "123.123.123.0/24", "2606:4700::/32" ], "not_in": [ "123.123.123.100/24", "2606:4700:4700::/48" ] } }, "expires_on": "2020-01-01T00:00:00Z", "issued_on": "2018-07-01T05:20:00Z", "last_used_on": "2020-01-02T12:34:00Z", "modified_on": "2018-07-02T05:20:00Z", "name": "readonly token", "not_before": "2018-07-01T05:20:00Z", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "effect": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resources": { "foo": "string" } } ], "status": "active", "value": "8M7wS6hCpXVc-DoRnPPY_UCWPgy8aea4Wy6kCe5T" } } ``` ## Update Token `user.tokens.update(strtoken_id, TokenUpdateParams**kwargs) -> Token` **put** `/user/tokens/{token_id}` Update an existing token. ### Parameters - `token_id: str` Token identifier tag. - `name: str` Token name. - `policies: Iterable[TokenPolicy]` List of access policies assigned to the token. - `id: str` Policy identifier. - `effect: Literal["allow", "deny"]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: List[PermissionGroup]` A set of permission groups that are specified to the policy. - `id: str` Identifier of the permission group. - `meta: Optional[PermissionGroupMeta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. - `resources: Union[Dict[str, str], Dict[str, Dict[str, str]]]` A list of resource names that the policy applies to. - `Dict[str, str]` Map of simple string resource permissions - `Dict[str, Dict[str, str]]` Map of nested resource permissions - `condition: Optional[Condition]` - `request_ip: Optional[ConditionRequestIP]` Client IP restrictions. - `in_: Optional[SequenceNotStr[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `not_in: Optional[SequenceNotStr[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `expires_on: Optional[Union[str, datetime]]` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `not_before: Optional[Union[str, datetime]]` The time before which the token MUST NOT be accepted for processing. - `status: Optional[Literal["active", "disabled", "expired"]]` Status of the token. - `"active"` - `"disabled"` - `"expired"` ### Returns - `class Token: …` - `id: Optional[str]` Token identifier tag. - `condition: Optional[Condition]` - `request_ip: Optional[ConditionRequestIP]` Client IP restrictions. - `in_: Optional[List[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `not_in: Optional[List[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `expires_on: Optional[datetime]` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `issued_on: Optional[datetime]` The time on which the token was created. - `last_used_on: Optional[datetime]` Last time the token was used. - `modified_on: Optional[datetime]` Last time the token was modified. - `name: Optional[str]` Token name. - `not_before: Optional[datetime]` The time before which the token MUST NOT be accepted for processing. - `policies: Optional[List[TokenPolicy]]` List of access policies assigned to the token. - `id: str` Policy identifier. - `effect: Literal["allow", "deny"]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: List[PermissionGroup]` A set of permission groups that are specified to the policy. - `id: str` Identifier of the permission group. - `meta: Optional[PermissionGroupMeta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. - `resources: Union[Dict[str, str], Dict[str, Dict[str, str]]]` A list of resource names that the policy applies to. - `Dict[str, str]` Map of simple string resource permissions - `Dict[str, Dict[str, str]]` Map of nested resource permissions - `status: Optional[Literal["active", "disabled", "expired"]]` Status of the token. - `"active"` - `"disabled"` - `"expired"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) token = client.user.tokens.update( token_id="ed17574386854bf78a67040be0a770b0", name="readonly token", policies=[{ "effect": "allow", "permission_groups": [{ "id": "c8fed203ed3043cba015a93ad1616f1f" }, { "id": "82e64a83756745bbbb1c9c2701bf816b" }], "resources": { "foo": "string" }, }], ) print(token.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "ed17574386854bf78a67040be0a770b0", "condition": { "request_ip": { "in": [ "123.123.123.0/24", "2606:4700::/32" ], "not_in": [ "123.123.123.100/24", "2606:4700:4700::/48" ] } }, "expires_on": "2020-01-01T00:00:00Z", "issued_on": "2018-07-01T05:20:00Z", "last_used_on": "2020-01-02T12:34:00Z", "modified_on": "2018-07-02T05:20:00Z", "name": "readonly token", "not_before": "2018-07-01T05:20:00Z", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "effect": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resources": { "foo": "string" } } ], "status": "active" } } ``` ## Delete Token `user.tokens.delete(strtoken_id) -> TokenDeleteResponse` **delete** `/user/tokens/{token_id}` Destroy a token. ### Parameters - `token_id: str` Token identifier tag. ### Returns - `class TokenDeleteResponse: …` - `id: str` Identifier ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) token = client.user.tokens.delete( "ed17574386854bf78a67040be0a770b0", ) print(token.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353" } } ``` ## Verify Token `user.tokens.verify() -> TokenVerifyResponse` **get** `/user/tokens/verify` Test whether a token works. ### Returns - `class TokenVerifyResponse: …` - `id: str` Token identifier tag. - `status: Literal["active", "disabled", "expired"]` Status of the token. - `"active"` - `"disabled"` - `"expired"` - `expires_on: Optional[datetime]` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `not_before: Optional[datetime]` The time before which the token MUST NOT be accepted for processing. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.user.tokens.verify() print(response.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "ed17574386854bf78a67040be0a770b0", "status": "active", "expires_on": "2020-01-01T00:00:00Z", "not_before": "2018-07-01T05:20:00Z" } } ``` ## Domain Types ### Token Create Response - `class TokenCreateResponse: …` - `id: Optional[str]` Token identifier tag. - `condition: Optional[Condition]` - `request_ip: Optional[ConditionRequestIP]` Client IP restrictions. - `in_: Optional[List[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `not_in: Optional[List[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `expires_on: Optional[datetime]` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `issued_on: Optional[datetime]` The time on which the token was created. - `last_used_on: Optional[datetime]` Last time the token was used. - `modified_on: Optional[datetime]` Last time the token was modified. - `name: Optional[str]` Token name. - `not_before: Optional[datetime]` The time before which the token MUST NOT be accepted for processing. - `policies: Optional[List[TokenPolicy]]` List of access policies assigned to the token. - `id: str` Policy identifier. - `effect: Literal["allow", "deny"]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: List[PermissionGroup]` A set of permission groups that are specified to the policy. - `id: str` Identifier of the permission group. - `meta: Optional[PermissionGroupMeta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. - `resources: Union[Dict[str, str], Dict[str, Dict[str, str]]]` A list of resource names that the policy applies to. - `Dict[str, str]` Map of simple string resource permissions - `Dict[str, Dict[str, str]]` Map of nested resource permissions - `status: Optional[Literal["active", "disabled", "expired"]]` Status of the token. - `"active"` - `"disabled"` - `"expired"` - `value: Optional[TokenValue]` The token value. ### Token Delete Response - `class TokenDeleteResponse: …` - `id: str` Identifier ### Token Verify Response - `class TokenVerifyResponse: …` - `id: str` Token identifier tag. - `status: Literal["active", "disabled", "expired"]` Status of the token. - `"active"` - `"disabled"` - `"expired"` - `expires_on: Optional[datetime]` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `not_before: Optional[datetime]` The time before which the token MUST NOT be accepted for processing. # Permission Groups ## List Token Permission Groups `user.tokens.permission_groups.list(PermissionGroupListParams**kwargs) -> SyncSinglePage[PermissionGroupListResponse]` **get** `/user/tokens/permission_groups` Find all available permission groups for API Tokens ### Parameters - `name: Optional[str]` Filter by the name of the permission group. The value must be URL-encoded. - `scope: Optional[str]` Filter by the scope of the permission group. The value must be URL-encoded. ### Returns - `class PermissionGroupListResponse: …` - `id: Optional[str]` Public ID. - `name: Optional[str]` Permission Group Name - `scopes: Optional[List[Literal["com.cloudflare.api.account", "com.cloudflare.api.account.zone", "com.cloudflare.api.user", "com.cloudflare.edge.r2.bucket"]]]` Resources to which the Permission Group is scoped - `"com.cloudflare.api.account"` - `"com.cloudflare.api.account.zone"` - `"com.cloudflare.api.user"` - `"com.cloudflare.edge.r2.bucket"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.user.tokens.permission_groups.list() page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "7cf72faf220841aabcfdfab81c43c4f6", "name": "Billing Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "9d24387c6e8544e2bc4024a03991339f", "name": "Load Balancing: Monitors and Pools Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "d2a1802cc9a34e30852f8b33869b2f3c", "name": "Load Balancing: Monitors and Pools Write", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "8b47d2786a534c08a1f94ee8f9f599ef", "name": "Workers KV Storage Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "f7f0eda5697f475c90846e879bab8666", "name": "Workers KV Storage Write", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "1a71c399035b4950a1bd1466bbe4f420", "name": "Workers Scripts Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "e086da7e2179491d91ee5f35b3ca210a", "name": "Workers Scripts Write", "scopes": [ "com.cloudflare.api.account" ] } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Domain Types ### Permission Group List Response - `class PermissionGroupListResponse: …` - `id: Optional[str]` Public ID. - `name: Optional[str]` Permission Group Name - `scopes: Optional[List[Literal["com.cloudflare.api.account", "com.cloudflare.api.account.zone", "com.cloudflare.api.user", "com.cloudflare.edge.r2.bucket"]]]` Resources to which the Permission Group is scoped - `"com.cloudflare.api.account"` - `"com.cloudflare.api.account.zone"` - `"com.cloudflare.api.user"` - `"com.cloudflare.edge.r2.bucket"` # Value ## Roll Token `user.tokens.value.update(strtoken_id, ValueUpdateParams**kwargs) -> TokenValue` **put** `/user/tokens/{token_id}/value` Roll the token secret. ### Parameters - `token_id: str` Token identifier tag. - `body: object` ### Returns - `str` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) token_value = client.user.tokens.value.update( token_id="ed17574386854bf78a67040be0a770b0", body={}, ) print(token_value) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": "8M7wS6hCpXVc-DoRnPPY_UCWPgy8aea4Wy6kCe5T" } ```