Using Cloudflare without Global API Key
-
I'd prefer to restrict a Cloudron instance to a particular zone rather than use the Global API Key. Whenever I do so, I get an error from Cloudron. What should the account be scoped to? Or is it even possible to use this?
-
Do you get any more specific error codes/messages while trying to add a domain with such a key?
-
@nebulon not really. It just said it cannot connect.
-
@iamthefij Do those API keys start with
v1.0-? If so, per the docs, we have to set a special header variable unlike the global API key (https://api.cloudflare.com/#getting-started-requests)
-
4.4 has support for API tokens - https://git.cloudron.io/cloudron/box/commit/b0420889adac8de3ae9edf9f2bd1e96c7c9c1191
-
Awesome! Thanks Girish!
-
Do you have a documentation/blog post about the Cloudflare API setup for Cloudron?
This is my settings for now, but I'm not sure if I miss something. My instance working alright with the following settings, but if you know the better/secure/correct settings, could you let me know?
-
Configuration looks correct. Ideally, Cloudron does not require access to all zones but without it we have to make the user enter the zone id which is kinda hard to find in the cloudflare UI.
-
Thank you for having a look, @girish !
-
@hiyukoim said in Using Cloudflare without Global API Key:
This is my settings for now, but I'm not sure if I miss something. My instance working alright with the following settings, but if you know the better/secure/correct settings, could you let me know?
Thank for this screenshot
it's work like a charm
-
I wish we can remove the "All zones" setting but afaict there is no way to get the zone id (which is required by the API) without listing the zones. I guess one alternative is to let users the zone id in the DNS setup form but this appears complicated.
