Scoped API tokens
The administrators managing policies and groups in Cloudflare Access might be different from the users responsible for configuring WAF custom rules or other Cloudflare settings. Cloudflare Access supports scoped API tokens so that team members and automated systems can manage settings specific to Access without having permission to modify other configurations in Cloudflare.
Creating a scoped API token
-
In the Cloudflare dashboard ↗, select the user icon > My Profile.
-
Select the API Tokens tab. The existing tokens will display.
-
Select Create Token.
-
Select Get started next to Create Custom Token.
-
Select Account and Access: Organizations, Identity Providers, and Groups in the drop-downs under Permissions. You can configure the token to be Read or Write in the third drop-down.
-
In the final section, the token can be applied to a single account or multiple if you are an administrator of multiple Cloudflare accounts.
-
Select Continue to summary. The next page will display the token details and instructions on how to use it.
Review tokens
You can review tokens created in the API Tokens tab. In this view, you can roll, revoke, or edit issued tokens.