Scoped API tokens
The administrators managing policies and groups in Cloudflare Access might be different from the users responsible for configuring firewall rules or other Cloudflare for Infrastructure settings. Cloudflare Access supports scoped API tokens so that team members and automated systems can manage settings specific to Access without having permission to modify other configurations in Cloudflare.
Creating a scoped API token
In the Cloudflare for Infrastructure dashboard, click the user icon in the top right and navigate to “My Profile”.
Select the API Tokens tab. The existing tokens will display.
Click Create Token.
Click Get started next to Create Custom Token.
Select Account and Access: Organizations, Identity Providers, and Groups in the drop-downs under Permissions. You can configure the token to be Read or Write in the third drop-down.
In the final section, the token can be applied to a single account or multiple if you are an administrator of multiple Cloudflare accounts.
Click Continue to summary. The next page will display the token details and instructions on how to use it.
You can review tokens created in the API Tokens tab. In this view, you can roll, revoke, or edit issued tokens.