Tokens

List Tokens

GET/user/tokens

Token Details

GET/user/tokens/{token_id}

Create Token

POST/user/tokens

Update Token

PUT/user/tokens/{token_id}

Delete Token

DELETE/user/tokens/{token_id}

Verify Token

GET/user/tokens/verify

ModelsExpand Collapse

TokenCreateResponse = object { id, condition, expires_on, 8 more }

id: optional string

Token identifier tag.

maxLength32

condition: optional object { request_ip }

request_ip: optional object { in, not_in }

Client IP restrictions.

in: optional array of TokenConditionCIDRList

List of IPv4/IPv6 CIDR addresses.

not_in: optional array of TokenConditionCIDRList

List of IPv4/IPv6 CIDR addresses.

expires_on: optional string

The expiration time on or after which the JWT MUST NOT be accepted for processing.

formatdate-time

issued_on: optional string

The time on which the token was created.

formatdate-time

last_used_on: optional string

Last time the token was used.

formatdate-time

modified_on: optional string

Last time the token was modified.

formatdate-time

Token name.

maxLength120

not_before: optional string

The time before which the token MUST NOT be accepted for processing.

formatdate-time

policies: optional array of TokenPolicy { id, effect, permission_groups, resources }

List of access policies assigned to the token.

id: string

Policy identifier.

effect: "allow" or "deny"

Allow or deny operations against the resources.

One of the following:

"allow"

"deny"

permission_groups: array of object { id, meta, name }

A set of permission groups that are specified to the policy.

id: string

Identifier of the permission group.

meta: optional object { key, value }

Attributes associated to the permission group.

key: optional string

value: optional string

Name of the permission group.

resources: map[string] or map[map[string]]

A list of resource names that the policy applies to.

One of the following:

IAMResourcesTypeObjectString = map[string]

Map of simple string resource permissions

IAMResourcesTypeObjectNested = map[map[string]]

Map of nested resource permissions

status: optional "active" or "disabled" or "expired"

Status of the token.

One of the following:

"active"

"disabled"

"expired"

value: optional TokenValue

The token value.

maxLength80

minLength40

TokenDeleteResponse = object { id }

id: string

Identifier

maxLength32

minLength32

TokenVerifyResponse = object { id, status, expires_on, not_before }

id: string

Token identifier tag.

maxLength32

status: "active" or "disabled" or "expired"

Status of the token.

One of the following:

"active"

"disabled"

"expired"

expires_on: optional string

The expiration time on or after which the JWT MUST NOT be accepted for processing.

formatdate-time

not_before: optional string

The time before which the token MUST NOT be accepted for processing.

formatdate-time

TokensPermission Groups

List Token Permission Groups

GET/user/tokens/permission_groups

ModelsExpand Collapse

PermissionGroupListResponse = object { id, name, scopes }

id: optional string

Public ID.

Permission Group Name

scopes: optional array of "com.cloudflare.api.account" or "com.cloudflare.api.account.zone" or "com.cloudflare.api.user" or "com.cloudflare.edge.r2.bucket"

Resources to which the Permission Group is scoped

One of the following:

"com.cloudflare.api.account"

"com.cloudflare.api.account.zone"

"com.cloudflare.api.user"

"com.cloudflare.edge.r2.bucket"

TokensValue

Roll Token

PUT/user/tokens/{token_id}/value