Using the Cloudflare API, requires authentication so that Cloudflare knows who is making requests and what permissions they have. An API Token can be created to grant access to the API to perform actions. See creating an API Token for more on this.

Legacy Note: Existing customers may be familiar with API Keys. These allow for less granular access and each user can only have one. For these reasons, we advice customers using API Keys to transition to using API Tokens.

Once you have your API Token created, all API requests are authorized in the same way. Cloudflare uses the RFC standard Authorization: Bearer <Token> interface. When used in an example Cloudflare API request it looks like this:

curl -X GET "https://api.cloudflare.com/client/v4/zones/<ACCOUNT_ID>" \
-H "Content-Type:application/json" \
-H "Authorization: Bearer YQSn-xWAQiiEh9qM58wZNnyQS7FUdoqGIUAbrh7T"

The above example is just that, an example. Never send anyone or store you API Token secret in plaintext. Also be sure not to check it into code repositories especially public ones like on github.

When using the Cloudflare API, you will need to know your Account ID and Zone ID.

For help finding those values, refer to Finding your zone and account IDs.

For specific guidance on making API calls, see the following:

• The specific Developer Docs section for a service for how to guides.
• API schema docs for request and response payloads for each endpoint.
• If you are using golang or Hashicorp's Terraform you can leverage our 1st party libraries to integrate with Cloudflare's API.