Using Wrangler (Command Line Interface)
How to manage Pub/Sub with Wrangler, the Cloudflare CLI.
Wrangler is a command-line tool for building and managing Cloudflare's Developer Platform, including Cloudflare Workers ↗, R2 Storage and Cloudflare Pub/Sub.
To use Wrangler with Pub/Sub, you'll need an API Token that has permissions to both read and write for Pub/Sub. The wrangler login
flow does not issue you an API Token with valid Pub/Sub permissions.
To create an API Token that Wrangler can use:
- From the Cloudflare dashboard ↗, click on the profile icon and select My Profile.
- Under My Profile, click API Tokens.
- On the API Tokens ↗ page, click Create Token
- Choose Get Started next to Create Custom Token
- Name the token - e.g. "Pub/Sub Write Access"
- Under the Permissions heading, choose Account, select Pub/Sub from the first drop-down, and Edit as the permission.
- Click Continue to Summary at the bottom of the page, where you should see All accounts - Pub/Sub:Edit as the permission
- Click Create Token, and copy the token value.
In your terminal, configure a CLOUDFLARE_API_TOKEN
environmental variable with your Pub/Sub token. When this variable is set, wrangler
will use it to authenticate against the Cloudflare API.
Wrangler exposes two groups of commands for managing your Pub/Sub configurations:
wrangler pubsub namespace
, which manages the namespaces your brokers are grouped into.wrangler pubsub broker
for managing your individual brokers, issuing and revoking credentials, and updating your Worker integrations.
The available wrangler pubsub namespace
sub-commands include:
The available wrangler pubsub broker
sub-commands include:
To create a Namespace:
To create a Broker within a Namespace:
You can issue client credentials for a Pub/Sub Broker directly via Wrangler. Note that:
- Tokens are scoped per Broker
- You can issue multiple tokens at once
- Tokens currently allow a client to publish and/or subscribe to any topic on the Broker.
To issue a single token:
You can use --number=<NUM>
to issue multiple tokens at once, and --expiration=<DURATION>
to set an expiry (e.g. 4h
or 30d
) on the issued tokens.
To revoke one or more tokens—which will immediately prevent that token from being used to authenticate—use the revoke
sub-command and pass the unique token ID (or JTI
):
If you've found a bug with one of the wrangler pubsub [...]
commands, please file a bug on GitHub ↗, and include the version of wrangler
you're using with wrangler --version
.