Skip to content

Commit b58a24f

Browse files
jhutchings1jhutchings1
authored
Update account owned tokens
1. Update description to reflect GA status 2. Add procedural instructions
1 parent 8f8b7d5 commit b58a24f

File tree

1 file changed

+68
-70
lines changed

1 file changed

+68
-70
lines changed

src/content/partials/fundamentals/account-owned-tokens.mdx

Lines changed: 68 additions & 70 deletions
Original file line numberDiff line numberDiff line change
@@ -4,82 +4,80 @@
44

55
---
66

7-
Account owned tokens are the first step that Cloudflare is taking to represent service principals in our service.
8-
9-
Cloudflare is working to ensure that all features eventually become compatible with account owned tokens.
10-
11-
If you are working with a service that is not currently supported by account owned tokens, it is recommended that you continue to use the existing user tokens.
7+
While user tokens act on behalf of a particular user, and inherit a subset of that user's permissions, account owned tokens allow you to set up durable integrations that can act as service principals, effectively acting as themselves with their own specific set of permissions. This approach is ideal for scenarios like CI/CD, or building integrations with external services like SEIMs where it's important that the integration keeps working, even long after the user who configured the integration may have left your organization altogether. User tokens are better for ad hoc tasks like scripting, where acting as the user is ideal, and durability is less of a concern.
128

9+
## Creating an account owned token
1310
:::note
14-
User tokens will continue to work and we do not have plans to deprecate them.
11+
Creating an account owned token requires Super Administrator permission on the account
1512
:::
1613

17-
Account owned tokens are available to all customers. Super Administrators of accounts on the [Cloudflare dashboard](https://dash.cloudflare.com/) can find them via **Manage Account** > **API Tokens**.
18-
19-
You can still create tokens using the Cloudflare dashboard, and it can also be accessed via the API at `/accounts/<accountID>/tokens`.
14+
1. Log into the [Cloudflare dashboard](https://dash.cloudflare.com)
15+
2. In the sidebar, choose **Manage Account**
16+
3. Choose **Account API Tokens**
17+
4. Click **Create Token**
18+
5. Navigate through the subsequent pages to set the name, permissions, and the (optional) expiration date for the token. Click **Continue to Summary**
19+
6. Review the details, and finally click **Create Token**
2020

21-
Try using account owned tokens specifically in these scenarios:
22-
23-
- You require business continuity when managing tokens as a team of super administrators.
24-
- You need to restrict API access on your account and want to centralize visibility and management of these tokens.
21+
You can alternatively create a token using the [account owned token creation API](https://developers.cloudflare.com/api-next/resources/accounts/subresources/tokens/methods/create/).
2522

2623
## Compatibility matrix
2724

28-
Account owned tokens are a new credential type that is currently in open beta. Refer to the table below for products currently supported and their compatibility status.
25+
Account owned tokens are generally available in all accounts. Some services may not support account owned tokens yet. Please see the compatibility matrix below for the latest status.
26+
27+
| Product | Compatibility |
28+
| :---- | :---- |
29+
| Access ||
30+
| Account Analytics ||
31+
| Account Management ||
32+
| AI Gateway ||
33+
| AMP ||
34+
| API Shield ||
35+
| Billing ||
36+
| Cache ||
37+
| Cloud Connector ||
38+
| Configuration Rules ||
39+
| Custom Pages ||
40+
| Data Loss Prevention ||
41+
| Digital Experience Monitoring ||
42+
| Distributed Web ||
43+
| DNS | Partial (Non-analytics) |
44+
| Durable Objects ||
45+
| Email Relay ||
46+
| Gateway Filtering ||
47+
| Healthchecks ||
48+
| Hyperdrive ||
49+
| Images ||
50+
| Intel Data Platform ||
51+
| Load Balancing ||
52+
| Log Explorer ||
53+
| Magic Network Monitoring ||
54+
| Magic Transit ||
55+
| Magic WAN ||
56+
| Managed Rules ||
57+
| Network Error Logging ||
58+
| Page Shield ||
59+
| Pages ||
60+
| Pub/Sub ||
61+
| R2 ||
62+
| Radar ||
63+
| Registrar ||
64+
| Rulesets ||
65+
| Spectrum ||
66+
| Speed ||
67+
| Stream ||
68+
| Super Bot Fight Mode ||
69+
| Trace ||
70+
| Tunnels ||
71+
| Turnstile ||
72+
| Vectorize ||
73+
| Waiting Room ||
74+
| Workers ||
75+
| Workers AI ||
76+
| Workers KV ||
77+
| Workers Observability ||
78+
| Workers Queues ||
79+
| Zaraz ||
80+
| Zero Trust Client Platform ||
81+
| Zero Trust Devices and Services ||
82+
| Zone/Domain Management ||
2983

30-
| Product | Compatible |
31-
| ------------------------------- | ----------------------- |
32-
| Account Management ||
33-
| Account Analytics ||
34-
| Zero Trust Devices and Services ||
35-
| Stream ||
36-
| Pages ||
37-
| Speed ||
38-
| Images ||
39-
| Zone/Domain Management ||
40-
| Workers ||
41-
| Workers Queues ||
42-
| Workers KV ||
43-
| Workers AI ||
44-
| Workers Observability ||
45-
| Durable Objects ||
46-
| R2 ||
47-
| Tunnels ||
48-
| Cache ||
49-
| Rulesets ||
50-
| Custom Pages ||
51-
| Cloud Connector ||
52-
| Trace ||
53-
| Configuration Rules ||
54-
| DNS | Partial (Non-analytics) |
55-
| Access ||
56-
| Magic WAN ||
57-
| Magic Transit ||
58-
| Magic Network Monitoring ||
59-
| Managed Rules ||
60-
| Load Balancing ||
61-
| Spectrum ||
62-
| Pub/Sub ||
63-
| Distributed Web ||
64-
| Radar ||
65-
| Data Loss Prevention ||
66-
| Network Error Logging ||
67-
| Super Bot Fight Mode ||
68-
| Page Shield ||
69-
| AI Gateway ||
70-
| Turnstile ||
71-
| AMP ||
72-
| API Shield ||
73-
| Billing ||
74-
| Digital Experience Monitoring ||
75-
| Intel Data Platform ||
76-
| Email Relay ||
77-
| Gateway Filtering ||
78-
| Healthchecks ||
79-
| Log Explorer ||
80-
| Zero Trust Client Platform ||
81-
| Registrar ||
82-
| Hyperdrive ||
83-
| Vectorize ||
84-
| Waiting Room ||
85-
| Zaraz ||

0 commit comments

Comments
 (0)