Replace API token variable

Author: maxvp

src/content/docs/cloudflare-one/connections/connect-devices/agentless/pac-files.mdx

@@ -64,7 +64,7 @@ https://<SUBDOMAIN>.proxy.cloudflare-gateway.com
 
    ```bash
    curl https://api.cloudflare.com/client/v4/accounts/<ACCOUNT_ID>/gateway/proxy_endpoints \
-   --header "Authorization: Bearer <API_TOKEN>" \
+   --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
    --header "Content-Type: application/json" \
    --data '{"name": "any_name", "ips": ["<PUBLIC_IP>", "<PUBLIC_IP2>", "<PUBLIC_IP3>"]}'
    ```
@@ -212,7 +212,7 @@ To get the domain of a proxy endpoint:
 
    ```bash
    curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/proxy_endpoints \
-   --header "Authorization: Bearer <API_TOKEN>"
+   --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN"
    ```
 
    ```json {8} output

src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/index.mdx

@@ -51,7 +51,7 @@ Send a `POST` request to the [Create Zero Trust certificate](/api/resources/zero
 ```sh
 curl --request POST \
 https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/certificates \
---header "Authorization: Bearer <API_TOKEN>"
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN"
 ```
 
 The API will respond with the ID and contents of the new certificate.
@@ -88,7 +88,7 @@ Send a `POST` request to the [Activate a Zero Trust certificate](/api/resources/
 ```sh
 curl --request POST \
 https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/certificates/{certificate_id}/activate \
---header "Authorization: Bearer <API_TOKEN>"
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN"
 ```
 
 </TabItem> </Tabs>
@@ -114,7 +114,7 @@ Send a `PUT` request to the [Update Zero Trust account configuration](/api/resou
 curl --request PUT \
 'https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/configuration' \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "settings": {
     "certificate": {

src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/remote-management.mdx

@@ -187,14 +187,15 @@ To rotate a tunnel token:
 
 1. Refresh the token on Cloudflare:
 
-   <Tabs syncKey="dashPlusAPI">
+      <Tabs syncKey="dashPlusAPI">
 <TabItem label="Dashboard">
+
 1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Networks** > **Tunnels**.
-2. Select a `cloudflared` tunnel and select **Edit**.
-3. Select **Refresh token**.
-4. Copy the `cloudflared` installation command for your operating system. This command contains the new token.
+1. Select a `cloudflared` tunnel and select **Edit**.
+1. Select **Refresh token**.
+1. Copy the `cloudflared` installation command for your operating system. This command contains the new token.
 
-   </TabItem>
+      </TabItem>
 <TabItem label="API">
 
    1. Generate a random base64 string (minimum size 32 bytes) to use as a tunnel secret:
@@ -213,7 +214,7 @@ To rotate a tunnel token:
       curl --request PATCH \
       https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/cfd_tunnel/{tunnel_id} \
       --header 'Content-Type: application/json' \
-      --header "Authorization: Bearer <API_TOKEN>" \
+      --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
       --data '{
       	"name": "Example tunnel",
       	"tunnel_secret": "AQIDBAUGBwgBAgMEBQYHCAECAwQFBgcIAQIDBAUGBwg="
@@ -245,34 +246,34 @@ To rotate a tunnel token:
 
    3. Copy the `token` value shown in the output.
 
-   </TabItem>
+      </TabItem>
 </Tabs>
 
    After refreshing the token, `cloudflared` can no longer establish new connections to Cloudflare using the old token. However, existing connectors will remain active and the tunnel will continue serving traffic.
 
-2. On half of your `cloudflared` replicas, update `cloudflared` to use the new token. For example, on a Linux host:
+1. On half of your `cloudflared` replicas, update `cloudflared` to use the new token. For example, on a Linux host:
 
    ```sh
    sudo cloudflared service install <TOKEN>
    ```
 
-3. Restart `cloudflared`:
+1. Restart `cloudflared`:
 
    ```sh
    sudo systemctl restart cloudflared.service
    ```
 
-4. Confirm that the service started correctly:
+1. Confirm that the service started correctly:
 
    ```sh
    sudo systemctl status cloudflared
    ```
 
    While these replicas are connecting to Cloudflare with the new token, traffic will automatically route through the other replicas.
 
-5. Wait 10 minutes for traffic to route through the new connectors.
+1. Wait 10 minutes for traffic to route through the new connectors.
 
-6. Repeat steps 2, 3, and 4 for the second half of the replicas.
+1. Repeat steps 2, 3, and 4 for the second half of the replicas.
 
 The tunnel token is now fully rotated. The old token is no longer in use.
 
@@ -286,7 +287,7 @@ If your tunnel token is compromised, we recommend taking the following steps:
    ```sh
    curl --request DELETE \
    https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/cfd_tunnel/{tunnel_id}/connections \
-   --header "Authorization: Bearer <API_TOKEN>"
+   --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN"
    ```
 
    This will clean up any unauthorized connections and prevent users from connecting to your network.

src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx

@@ -213,7 +213,7 @@ You can require users to re-enter their credentials into Entra ID whenever they
    ```sh {17}
    curl --request PUT \
    https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/access/identity_providers/{identity_provider_id} \
-   --header "Authorization: Bearer <API_TOKEN>" \
+   --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
    --header "Content-Type: application/json" \
    --data '{
    		"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",

src/content/docs/cloudflare-one/policies/access/policy-management.mdx

@@ -83,7 +83,7 @@ You can use the API to convert a legacy policy into a reusable policy. To conver
 ```bash
 curl --request PUT \
 https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/access/apps/{app_id}/policies/{policy_id}/make_reusable \
---header "Authorization: Bearer <API_TOKEN>"
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN"
 ```
 
 The policy is now removed from the applications endpoint (`/access/apps/{app_id}/policies`) and managed using the [reusable policies endpoints](/api/resources/zero_trust/subresources/access/subresources/policies/)(`/access/policies/{policy_id}`).

src/content/docs/cloudflare-one/policies/browser-isolation/isolation-policies.mdx

@@ -136,7 +136,7 @@ Isolate security threats such as malware and phishing.
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Isolate all security threats",
   "description": "Isolate security threats such as malware and phishing",
@@ -170,7 +170,7 @@ Isolate high risk content categories such as newly registered domains.
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Isolate high risk content",
   "description": "Isolate high risk content categories such as newly registered domains",
@@ -204,7 +204,7 @@ Isolate news and media sites, which are targets for malvertising attacks.
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Isolate news and media",
   "description": "Isolate news and media sites, which are targets for malvertising attacks",
@@ -238,7 +238,7 @@ Isolate content that has not been categorized by [Cloudflare Radar](/radar/).
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Isolate uncategorized content",
   "description": "Isolate content not categorized by Cloudflare Radar",
@@ -274,7 +274,7 @@ In **Configure policy settings**, you can customize restrictions for ChatGPT. Fo
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Isolate ChatGPT",
   "description": "Isolate the use of ChatGPT",

src/content/docs/cloudflare-one/policies/gateway/dns-policies/common-policies.mdx

@@ -31,7 +31,7 @@ This policy allows users to access official corporate domains. By deploying the
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Allow corporate domains",
   "description": "Allow any internal corporate domains added to a list",
@@ -68,7 +68,7 @@ Block [security categories](/cloudflare-one/policies/gateway/domain-categories/#
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Block security threats",
   "description": "Block all default Cloudflare DNS security categories",
@@ -101,7 +101,7 @@ The categories included in this policy are not always a security threat, but blo
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Block content categories",
   "description": "Block common content categories that may pose a risk",
@@ -134,7 +134,7 @@ curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Block unauthorized applications",
   "description": "Block access to unauthorized AI applications",
@@ -167,7 +167,7 @@ You can implement policies to block websites hosted in countries categorized as
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Block banned countries",
   "description": "Block access to banned countries",
@@ -202,7 +202,7 @@ Blocking [frequently misused](https://www.spamhaus.org/statistics/tlds/) top-lev
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Block top-level domains",
   "description": "Block top-level domains that are frequently used for malicious practices",
@@ -236,7 +236,7 @@ To protect against [sophisticated phishing attacks](https://blog.cloudflare.com/
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Block phishing attacks",
   "description": "Block attempts to phish specific domains targeting your organization",
@@ -271,7 +271,7 @@ To safeguard user privacy, some organizations will block tracking domains such a
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Block online tracking",
   "description": "Block domains used for tracking at an OS level",
@@ -306,7 +306,7 @@ Block specific IP addresses that are known to be malicious or pose a threat to y
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Block malicious IPs",
   "description": "Block specific IP addresses that are known to be malicious or pose a threat to your organization",
@@ -341,7 +341,7 @@ The CIPA (Children's Internet Protection Act) Filter is a collection of subcateg
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Turn on CIPA filter",
   "description": "Block access to unwanted or harmful online content for children",
@@ -374,7 +374,7 @@ SafeSearch is a feature of search engines that helps you filter explicit or offe
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Hide explicit search results",
   "description": "Force SafeSearch on search engines to filter explicit or offensive content",
@@ -408,7 +408,7 @@ curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Check user identity",
   "description": "Filter traffic based on a user identity group name",
@@ -446,7 +446,7 @@ The following example includes two policies. The first policy allows the specifi
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Allow social media for Marketing",
   "description": "Allow access to social media sites for users in the Marketing group",
@@ -478,7 +478,7 @@ curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Block social media",
   "description": "Block social media for all other users",
@@ -521,7 +521,7 @@ Force users to connect with IPv4 by blocking IPv6 resolution.
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Force IPv4",
   "description": "Force users to connect with IPv4 by blocking IPv6 resolution",
@@ -555,7 +555,7 @@ Force users to connect with IPv6 by blocking IPv4 resolution.
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Force IPv6",
   "description": "Force users to connect with IPv6 by blocking IPv4 resolution",