Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clarify that account owned tokens work with Durable Objects #19171

Merged
merged 1 commit into from
Jan 13, 2025
Merged

Clarify that account owned tokens work with Durable Objects #19171

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
134 changes: 66 additions & 68 deletions src/content/partials/fundamentals/account-owned-tokens.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,87 +1,85 @@
---

[]

---

While user tokens act on behalf of a particular user and inherit a subset of that user's permissions, account owned tokens allow you to set up durable integrations that can act as service principals with their own specific set of permissions. This approach is ideal for scenarios like CI/CD, or building integrations with external services like SEIMs where it is important that the integration continues working, even long after the user who configured the integration may have left your organization altogether. User tokens are better for ad hoc tasks like scripting, where acting as the user is ideal and durability is less of a concern.
While user tokens act on behalf of a particular user and inherit a subset of that user's permissions, account owned tokens allow you to set up durable integrations that can act as service principals with their own specific set of permissions. This approach is ideal for scenarios like CI/CD, or building integrations with external services like SEIMs where it is important that the integration continues working, even long after the user who configured the integration may have left your organization altogether. User tokens are better for ad hoc tasks like scripting, where acting as the user is ideal and durability is less of a concern.

## Create an account owned token

:::note
Creating an account owned token requires Super Administrator permission on the account
:::

1. Log into the [Cloudflare dashboard](https://dash.cloudflare.com).
2. Go to **Manage Account** > **Account API Tokens**.
4. Select **Create Token** and fill in the token name, permissions, and the optional expiration date for the token.
5. Select **Continue to summary** and review the details.
6. Select **Create Token**.
2. Go to **Manage Account** > **Account API Tokens**.
3. Select **Create Token** and fill in the token name, permissions, and the optional expiration date for the token.
4. Select **Continue to summary** and review the details.
5. Select **Create Token**.

Alternatively, you can create a token using the [account owned token creation API](/api/resources/accounts/subresources/tokens/methods/create/).

Refer to the [blog post](https://blog.cloudflare.com/account-owned-tokens-automated-actions-zaraz/) for more information.

## Compatibility matrix

Account owned tokens are generally available for all accounts. Some services may not support account owned tokens yet. Refer to the compatibility matrix below for the latest status.

| Product | Compatibility |
| --- | --- |
| Access | ✅ |
| Account Analytics | ❌ |
| Account Management | ✅ |
| AI Gateway | ✅ |
| AMP | ✅ |
| API Shield | ✅ |
| Argo | ✅ |
| Billing | ✅ |
| Cache | ✅ |
| Cloud Connector | ✅ |
| Configuration Rules | ✅ |
| Custom Lists | ❌ |
| Custom Pages | ✅ |
| Data Loss Prevention | ✅ |
| Digital Experience Monitoring | ✅ |
| Distributed Web | ❌ |
| DNS | ✅ |
| Durable Objects | ❌ |
| Email Relay | ❌ |
| Gateway Filtering | ❌ |
| Healthchecks | ✅ |
| Hyperdrive | ❌ |
| Images | ✅ |
| Intel Data Platform | ❌ |
| Load Balancing | ✅ |
| Log Explorer | ❌ |
| Magic Network Monitoring | ✅ |
| Magic Transit | ❌ |
| Magic WAN | ❌ |
| Managed Rules | ✅ |
| Network Error Logging | ❌ |
| Page Shield | ✅ |
| Pages | ✅ |
| Pub/Sub | ❌ |
| R2 | ✅ |
| Radar | ✅ |
| Registrar | ❌ |
| Rulesets | ✅ |
| Spectrum | ❌ |
| Speed | ✅ |
| SSL/TLS | ✅ |
| Stream | ✅ |
| Super Bot Fight Mode | ❌ |
| Trace | ✅ |
| Tunnels | ✅ |
| Turnstile | ❌ |
| Vectorize | ❌ |
| Waiting Room | ✅ |
| Workers | ✅ |
| Workers AI | ❌ |
| Workers KV | ✅ |
| Workers Observability | ❌ |
| Workers Queues | ✅ |
| Zaraz | ✅ |
| Zero Trust Client Platform | ❌ |
| Zero Trust Devices and Services | ✅ |
| Zone/Domain Management | ✅ |
Account owned tokens are generally available for all accounts. Some services may not support account owned tokens yet. Refer to the compatibility matrix below for the latest status.

| Product | Compatibility |
| ------------------------------- | ------------- |
| Access | ✅ |
| Account Analytics | ❌ |
| Account Management | ✅ |
| AI Gateway | ✅ |
| AMP | ✅ |
| API Shield | ✅ |
| Argo | ✅ |
| Billing | ✅ |
| Cache | ✅ |
| Cloud Connector | ✅ |
| Configuration Rules | ✅ |
| Custom Lists | ❌ |
| Custom Pages | ✅ |
| Data Loss Prevention | ✅ |
| Digital Experience Monitoring | ✅ |
| Distributed Web | ❌ |
| DNS | ✅ |
| Durable Objects | ✅ |
| Email Relay | ❌ |
| Gateway Filtering | ❌ |
| Healthchecks | ✅ |
| Hyperdrive | ❌ |
| Images | ✅ |
| Intel Data Platform | ❌ |
| Load Balancing | ✅ |
| Log Explorer | ❌ |
| Magic Network Monitoring | ✅ |
| Magic Transit | ❌ |
| Magic WAN | ❌ |
| Managed Rules | ✅ |
| Network Error Logging | ❌ |
| Page Shield | ✅ |
| Pages | ✅ |
| Pub/Sub | ❌ |
| R2 | ✅ |
| Radar | ✅ |
| Registrar | ❌ |
| Rulesets | ✅ |
| Spectrum | ❌ |
| Speed | ✅ |
| SSL/TLS | ✅ |
| Stream | ✅ |
| Super Bot Fight Mode | ❌ |
| Trace | ✅ |
| Tunnels | ✅ |
| Turnstile | ❌ |
| Vectorize | ❌ |
| Waiting Room | ✅ |
| Workers | ✅ |
| Workers AI | ❌ |
| Workers KV | ✅ |
| Workers Observability | ❌ |
| Workers Queues | ✅ |
| Zaraz | ✅ |
| Zero Trust Client Platform | ❌ |
| Zero Trust Devices and Services | ✅ |
| Zone/Domain Management | ✅ |
Loading