Account owned tokens
While user tokens act on behalf of a particular user and inherit a subset of that user's permissions, account owned tokens allow you to set up durable integrations that can act as service principals with their own specific set of permissions. This approach is ideal for scenarios like CI/CD, or building integrations with external services like SEIMs where it is important that the integration continues working, even long after the user who configured the integration may have left your organization altogether. User tokens are better for ad hoc tasks like scripting, where acting as the user is ideal and durability is less of a concern.
- Log into the Cloudflare dashboard ↗.
- Go to Manage Account > Account API Tokens.
- Select Create Token and fill in the token name, permissions, and the optional expiration date for the token.
- Select Continue to summary and review the details.
- Select Create Token.
Alternatively, you can create a token using the account owned token creation API.
Refer to the blog post ↗ for more information.
Account owned tokens are generally available for all accounts. Some services may not support account owned tokens yet. Refer to the compatibility matrix below for the latest status.
| Product | Compatibility |
|---|---|
| Access | ❌ |
| Account Analytics | ❌ |
| Account Management | ✅ |
| AI Gateway | ✅ |
| AMP | ✅ |
| API Shield | ✅ |
| Argo | ✅ |
| Billing | ❌ |
| Cache | ✅ |
| Cloud Connector | ✅ |
| Configuration Rules | ✅ |
| Custom Lists | ❌ |
| Custom Pages | ✅ |
| Data Loss Prevention | ✅ |
| Digital Experience Monitoring | ✅ |
| Distributed Web | ❌ |
| DNS | Partial (Non-analytics) |
| Durable Objects | ❌ |
| Email Relay | ❌ |
| Gateway Filtering | ❌ |
| Healthchecks | ✅ |
| Hyperdrive | ❌ |
| Images | ✅ |
| Intel Data Platform | ❌ |
| Load Balancing | ❌ |
| Log Explorer | ❌ |
| Magic Network Monitoring | ✅ |
| Magic Transit | ❌ |
| Magic WAN | ❌ |
| Managed Rules | ✅ |
| Network Error Logging | ❌ |
| Page Shield | ✅ |
| Pages | ✅ |
| Pub/Sub | ❌ |
| R2 | ✅ |
| Radar | ✅ |
| Registrar | ❌ |
| Rulesets | ✅ |
| Spectrum | ❌ |
| Speed | ✅ |
| Stream | ✅ |
| Super Bot Fight Mode | ❌ |
| Trace | ✅ |
| Tunnels | ✅ |
| Turnstile | ❌ |
| Vectorize | ❌ |
| Waiting Room | ✅ |
| Workers | ✅ |
| Workers AI | ❌ |
| Workers KV | ✅ |
| Workers Observability | ❌ |
| Workers Queues | ✅ |
| Zaraz | ❌ |
| Zero Trust Client Platform | ❌ |
| Zero Trust Devices and Services | ✅ |
| Zone/Domain Management | ✅ |