Menu

#25 Required Cloudflare API permissions or creating a custom token?

open
nobody
None
2022-03-07
2019-10-07
Anonymous
No

Originally created by: skilver-io

Thanks for sharing this great stack.

Can you please provide more details on which Cloudflare API key and permissions are needed to get Cloudflare running. I am using a Cloudflare account for multiple websites with a different TLD.

I currently used the ZONE ID token, however within the Wordpress settings i get an invalid request header error. Therefore, I like to set up an API token with specific permissions instead of using the Global API Key.

What permissions does the slickstack needs when creating a custom API token?

Thank you for helping me out on this.

Greetings from Berlin ;)

Discussion

  • Anonymous

    Anonymous - 2019-10-07

    Originally posted by: jessuppi

    Thanks for your kind words @skilver-io, however, please kindly update your GitHub profile with real name/information as we aim to maintain as much transparency as possible.

     

  • Anonymous

    Anonymous - 2019-10-09

    Originally posted by: skilver-io

    Sure ;)

     

  • Anonymous

    Anonymous - 2019-10-09

    Originally posted by: jessuppi

    Thanks so much, appreciated.

    I currently used the ZONE ID token, however within the Wordpress settings i get an invalid request header error. Therefore, I like to set up an API token with specific permissions instead of using the Global API Key.

    What permissions does the slickstack needs when creating a custom API token?

    Great question, actually. The current version of our CloudFlare plugin that is bundled with SlickStack as a so-called Must Use plugin only has one API key field:

    https://github.com/littlebizzy/cloudflare

    So generally, the Global API Key is what SlickStack envisions using, so that the same key can be used on your various ss-config files across many different servers. If your clients add your CloudFlare account as a Team member, your Global API Key will still work. So this is kinda the cool thing about their API now, you can use the same key for all your sites and client sites.

    That said, you bring up a good point about security. We haven't tested generating custom API tokens with our CloudFlare plugin, so if you have specific debug info regarding that it would be really helpful (maybe can open an Issue on that repo if you don't mind).

    https://support.cloudflare.com/hc/en-us/articles/200167836-Managing-API-Tokens-and-Keys

    TL;DR it's not really a SlickStack thing, it's our CloudFlare plugin and custom API tokens have not been tested yet. But in future versions of that plugin, we are planning to add some lightweight "recommended settings" that will force-fix any settings on CloudFlare, meaning less security concerns in regard to using the Global API Key (because the plugin fixes the settings, ideally). While the custom API token feature is interesting, it will probably create more challenges when trying to scale your management of multiple SlickStack servers (or otherwise) that require keys.

     

  • Anonymous

    Anonymous - 2019-10-11

    Originally posted by: skilver-io

    For now I will use the Global API key, since I'm kinda in a rush. I'll get back to this in the future and surely will share my debug info.

    Thanks for clearing things up.

     

Log in to post a comment.

MongoDB Logo MongoDB