diff --git a/src/content/docs/analytics/graphql-api/tutorials/end-customer-analytics.mdx b/src/content/docs/analytics/graphql-api/tutorials/end-customer-analytics.mdx
index a4daf981a9a6b05..ffaf522ba8cb4b6 100644
--- a/src/content/docs/analytics/graphql-api/tutorials/end-customer-analytics.mdx
+++ b/src/content/docs/analytics/graphql-api/tutorials/end-customer-analytics.mdx
@@ -8,7 +8,7 @@ title: Querying HTTP events by hostname with GraphQL
 
 In this example, we are going to use the GraphQL Analytics API to query aggregated metrics about HTTP events by hostname over a specific period of time.
 
-The following API call will request the number of visits and edge response bytes for the custom hostname `hostname.example.com` over a four day period. Be sure to replace `CLOUDFLARE_ZONE_ID` AND `API_TOKEN` with your zone ID and API credentials, and adjust the `datetime_geq` and `datetime_leq` values as needed.
+The following API call will request the number of visits and edge response bytes for the custom hostname `hostname.example.com` over a four day period. Be sure to replace `CLOUDFLARE_ZONE_TAG` and `API_TOKEN`[^1] with your zone ID and API credentials, and adjust the `datetime_geq` and `datetime_leq` values as needed.
 
 ### API Call
 
@@ -30,7 +30,7 @@ echo '{ "query":
     }
   }",
   "variables": {
-    "zoneTag": "<CLOUDFLARE_ZONE_ID>",
+    "zoneTag": "<CLOUDFLARE_ZONE_TAG>",
     "filter": {
       "datetime_geq": "2022-07-20T11:00:00Z",
       "datetime_lt": "2022-07-24T12:00:00Z",
@@ -191,3 +191,5 @@ https://api.cloudflare.com/client/v4/graphql \
   }
 }' | jq -r 'try .data.viewer.zones[].topPaths[] | "\"\(.dimensions.metric)\": \(.sum.edgeResponseBytes)"' | sort
 ```
+
+[^1]: Refer to [Configure an Analytics API token](/analytics/graphql-api/getting-started/authentication/api-token-auth/) for more information on configuration and permissions.
\ No newline at end of file
diff --git a/src/content/docs/analytics/graphql-api/tutorials/querying-access-login-events.mdx b/src/content/docs/analytics/graphql-api/tutorials/querying-access-login-events.mdx
index 523bb4288ecbad2..fdd3264b42cc131 100644
--- a/src/content/docs/analytics/graphql-api/tutorials/querying-access-login-events.mdx
+++ b/src/content/docs/analytics/graphql-api/tutorials/querying-access-login-events.mdx
@@ -8,9 +8,8 @@ In this example, we are going to use the GraphQL Analytics API to retrieve logs
 
 The following API call will request logs for a single Access login event and output the requested fields. The authentication request is identified by its **Ray ID**, which you can obtain from the `403` Forbidden page shown to the user.
 
-You will need to insert your API credentials in `<EMAIL>` and `<API_KEY>` and substitute your own values for the following variables:
+You will need to insert your `<CLOUDFLARE_ACCOUNT_TAG>`, your API credentials in `<API_TOKEN>`[^1], and substitute your own values for the following variables:
 
-* `accountTag`: Your Cloudflare account ID.
 * `rayID`: A unique identifier assigned to the authentication request.
 * `datetimeStart`: The earliest event time to query (no earlier than September 16, 2022).
 * `datetimeEnd`: The latest event time to query. Be sure to specify a time range that includes the login event you are querying.
@@ -46,7 +45,7 @@ echo '{ "query":
     }
   }",
   "variables": {
-    "accountTag": "699d98642c564d2e855e9661899b7252",
+    "accountTag": "<CLOUDFLARE_ACCOUNT_TAG>",
     "rayId": "74e4ac510dfdc44f",
     "datetimeStart": "2022-09-20T14:36:38Z",
     "datetimeEnd": "2022-09-22T14:36:38Z"
@@ -103,3 +102,5 @@ Rather than filter by `cfRayId`, you may also [filter](/analytics/graphql-api/fe
 ```
 
 You can compare the query results to your Access policies to understand why a user was blocked. For example, if your application requires a valid mTLS certificate, Access blocked the request shown above because `mtlsStatus`, `mtlsCommonName`, and `mtlsCertSerialId` are empty.
+
+[^1]: Refer to [Configure an Analytics API token](/analytics/graphql-api/getting-started/authentication/api-token-auth/) for more information on configuration and permissions.
\ No newline at end of file
diff --git a/src/content/docs/analytics/graphql-api/tutorials/querying-firewall-events.mdx b/src/content/docs/analytics/graphql-api/tutorials/querying-firewall-events.mdx
index 1f869340ae14068..9a9c75e6e4a08cf 100644
--- a/src/content/docs/analytics/graphql-api/tutorials/querying-firewall-events.mdx
+++ b/src/content/docs/analytics/graphql-api/tutorials/querying-firewall-events.mdx
@@ -6,7 +6,7 @@ title: Querying Firewall Events with GraphQL
 
 In this example, we are going to use the GraphQL Analytics API to query for Firewall Events over a specified time period.
 
-The following API call will request Firewall Events over a one hour period, and output the requested fields. Be sure to replace `<CLOUDFLARE_ZONE_ID>`, `<EMAIL>`, and `<API_KEY>` with your zone tag and API credentials, and adjust the `datetime_geg` and `datetime_leq` values to your liking.
+The following API call will request Firewall Events over a one hour period, and output the requested fields. Be sure to replace `<CLOUDFLARE_ZONE_TAG>`, `<EMAIL>`, and `<API_TOKEN>`[^1] with your zone tag and API credentials, and adjust the `datetime_geg` and `datetime_leq` values to your liking.
 
 ## API Call
 
@@ -34,7 +34,7 @@ echo '{ "query":
     }
   }",
   "variables": {
-    "zoneTag": "<CLOUDFLARE_ZONE_ID>",
+    "zoneTag": "<CLOUDFLARE_ZONE_TAG>",
     "filter": {
       "datetime_geq": "2022-07-24T11:00:00Z",
       "datetime_leq": "2022-07-24T12:00:00Z"
@@ -182,3 +182,5 @@ https://api.cloudflare.com/client/v4/graphql \
 #=>   "errors": null
 #=> }
 ```
+
+[^1]: Refer to [Configure an Analytics API token](/analytics/graphql-api/getting-started/authentication/api-token-auth/) for more information on configuration and permissions.
\ No newline at end of file
diff --git a/src/content/docs/analytics/graphql-api/tutorials/querying-magic-firewall-ids-samples.mdx b/src/content/docs/analytics/graphql-api/tutorials/querying-magic-firewall-ids-samples.mdx
index e81b33fccf00d71..00b8a116764462c 100644
--- a/src/content/docs/analytics/graphql-api/tutorials/querying-magic-firewall-ids-samples.mdx
+++ b/src/content/docs/analytics/graphql-api/tutorials/querying-magic-firewall-ids-samples.mdx
@@ -6,7 +6,7 @@ title: Querying Magic Firewall Intrusion Detection System (IDS) samples with Gra
 
 In this example, we are going to use the GraphQL Analytics API to query for IDS samples over a specified time period.
 
-The following API call will request IDS samples over a one hour period, and output the requested fields. Be sure to replace `<CLOUDFLARE_ACCOUNT_ID>`, `<EMAIL>`, and `<API_KEY>` with your account tag and API credentials, and adjust the `datetime_geg` and `datetime_leq` values to your liking.
+The following API call will request IDS samples over a one hour period, and output the requested fields. Be sure to replace `<CLOUDFLARE_ACCOUNT_TAG>` and `<API_TOKEN>`[^1] with your account tag and API credentials, and adjust the `datetime_geg` and `datetime_leq` values to your liking.
 
 ## API Call
 
@@ -31,7 +31,7 @@ echo '{ "query":
     }
   }",
   "variables": {
-    "accountTag": "<CLOUDFLARE_ACCOUNT_ID>",
+    "accountTag": "<CLOUDFLARE_ACCOUNT_TAG>",
     "filter": {
       "datetime_geq": "2023-06-20T11:00:00.000Z",
       "datetime_leq": "2023-06-20T12:00:00.000Z",
@@ -101,3 +101,5 @@ https://api.cloudflare.com/client/v4/graphql \
 #=>   "errors": null
 #=> }
 ```
+
+[^1]: Refer to [Configure an Analytics API token](/analytics/graphql-api/getting-started/authentication/api-token-auth/) for more information on configuration and permissions.
\ No newline at end of file
diff --git a/src/content/docs/analytics/graphql-api/tutorials/querying-magic-firewall-samples.mdx b/src/content/docs/analytics/graphql-api/tutorials/querying-magic-firewall-samples.mdx
index ed2624e8ae1c9ec..598181b891a80cb 100644
--- a/src/content/docs/analytics/graphql-api/tutorials/querying-magic-firewall-samples.mdx
+++ b/src/content/docs/analytics/graphql-api/tutorials/querying-magic-firewall-samples.mdx
@@ -6,7 +6,7 @@ title: Querying Magic Firewall Samples with GraphQL
 
 In this example, we are going to use the GraphQL Analytics API to query for Magic Firewall Samples over a specified time period.
 
-The following API call will request Magic Firewall Samples over a one hour period, and output the requested fields. Be sure to replace `<CLOUDFLARE_ACCOUNT_ID>`, `<EMAIL>`, and `<API_KEY>` with your zone tag and API credentials, and adjust the `datetime_geg` and `datetime_leq` values to your liking.
+The following API call will request Magic Firewall Samples over a one hour period, and output the requested fields. Be sure to replace `<CLOUDFLARE_ACCOUNT_TAG>` and `<API_TOKEN>`[^1] with your zone tag and API credentials, and adjust the `datetime_geg` and `datetime_leq` values to your liking.
 
 ## API Call
 
@@ -33,7 +33,7 @@ echo '{ "query":
     }
   }",
   "variables": {
-    "accountTag": "<CLOUDFLARE_ACCOUNT_ID>",
+    "accountTag": "<CLOUDFLARE_ACCOUNT_TAG>",
     "filter": {
       "datetime_geq": "2022-07-24T11:00:00Z",
       "datetime_leq": "2022-07-24T11:10:00Z"
@@ -106,3 +106,5 @@ https://api.cloudflare.com/client/v4/graphql \
 #=>   "errors": null
 #=> }
 ```
+
+[^1]: Refer to [Configure an Analytics API token](/analytics/graphql-api/getting-started/authentication/api-token-auth/) for more information on configuration and permissions.
\ No newline at end of file
diff --git a/src/content/docs/analytics/graphql-api/tutorials/querying-workers-metrics.mdx b/src/content/docs/analytics/graphql-api/tutorials/querying-workers-metrics.mdx
index 5e3a5a7c908ae2b..0bc60957fb0db3a 100644
--- a/src/content/docs/analytics/graphql-api/tutorials/querying-workers-metrics.mdx
+++ b/src/content/docs/analytics/graphql-api/tutorials/querying-workers-metrics.mdx
@@ -8,7 +8,7 @@ products:
 
 In this example, we are going to use the GraphQL Analytics API to query for Workers Metrics over a specified time period. We can query up to one month of data for dates up to three months ago.
 
-The following API call will request a Worker script's metrics over a one day period, and output the requested fields. Be sure to replace `<CLOUDFLARE_ACCOUNT_ID>`, `<EMAIL>`, and `<API_KEY>` with your API credentials, and adjust the `datetimeStart`, `datetimeEnd`, and `scriptName` variables as needed.
+The following API call will request a Worker script's metrics over a one day period, and output the requested fields. Be sure to replace `<CLOUDFLARE_ACCOUNT_TAG>` and `<API_TOKEN>`[^1] with your API credentials, and adjust the `datetimeStart`, `datetimeEnd`, and `scriptName` variables as needed.
 
 ## API Call
 
@@ -41,7 +41,7 @@ echo '{ "query":
     }
   }",
   "variables": {
-    "accountTag": "<CLOUDFLARE_ACCOUNT_ID>",
+    "accountTag": "<CLOUDFLARE_ACCOUNT_TAG>",
     "datetimeStart": "2022-08-04T00:00:00.000Z",
     "datetimeEnd": "2022-08-04T01:00:00.000Z",
     "scriptName": "worker-subrequest-test-client"
@@ -126,3 +126,5 @@ https://api.cloudflare.com/client/v4/graphql \
 #=>   "errors": null
 #=> }
 ```
+
+[^1]: Refer to [Configure an Analytics API token](/analytics/graphql-api/getting-started/authentication/api-token-auth/) for more information on configuration and permissions.
\ No newline at end of file
diff --git a/src/content/partials/magic-transit/graphql/query-magic-transit-bandwidth-graphql.mdx b/src/content/partials/magic-transit/graphql/query-magic-transit-bandwidth-graphql.mdx
index 3c761c0da5b04b5..3ce16e0a44a715b 100644
--- a/src/content/partials/magic-transit/graphql/query-magic-transit-bandwidth-graphql.mdx
+++ b/src/content/partials/magic-transit/graphql/query-magic-transit-bandwidth-graphql.mdx
@@ -7,7 +7,7 @@ import { Markdown } from "~/components";
 
 In this example, you are going to use the GraphQL Analytics API to query {props.productName} ingress tunnel traffic over a specified time period.
 
-The following API call will request {props.productName} ingress tunnel traffic over a one-hour period and output the requested fields. Be sure to replace `<CLOUDFLARE_ACCOUNT_ID>` with your account ID, `<EMAIL>`, `<API_KEY>`, and `<API_TOKEN>` with your API credentials, and adjust the `datetime_geq` and `datetime_leq` values as needed.
+The following API call will request {props.productName} ingress tunnel traffic over a one-hour period and output the requested fields. Be sure to replace `<CLOUDFLARE_ACCOUNT_TAG>` with your account ID, `<EMAIL>`, `<API_KEY>`[^1] (legacy) or `<API_TOKEN>`[^2] (preferred method) with your API credentials, and adjust the `datetime_geq` and `datetime_leq` values as needed.
 
 The following example queries for ingress traffic. To query for egress, change the value in the direction filter.
 
@@ -38,7 +38,7 @@ PAYLOAD='{ "query":
       }
   }",
     "variables": {
-      "accountTag": "<CLOUDFLARE_ACCOUNT_ID>",
+      "accountTag": "<CLOUDFLARE_ACCOUNT_TAG>",
       "direction": "ingress",
       "datetimeStart": "2022-05-04T11:00:00.000Z",
       "datetimeEnd": "2022-05-04T12:00:00.000Z"
@@ -102,3 +102,6 @@ curl https://api.cloudflare.com/client/v4/graphql \
 #=>   "errors": null
 #=> }
 ```
+
+[^1]: Refer to [Authenticate with a Cloudflare API key](/analytics/graphql-api/getting-started/authentication/api-key-auth/) for more information.
+[^2]: Refer to [Configure an Analytics API token](/analytics/graphql-api/getting-started/authentication/api-token-auth/) for more information on configuration and permissions.
\ No newline at end of file
diff --git a/src/content/partials/magic-transit/graphql/query-magic-transit-health-checks.mdx b/src/content/partials/magic-transit/graphql/query-magic-transit-health-checks.mdx
index cb1ba3ad9565bd2..258b460cd143e8f 100644
--- a/src/content/partials/magic-transit/graphql/query-magic-transit-health-checks.mdx
+++ b/src/content/partials/magic-transit/graphql/query-magic-transit-health-checks.mdx
@@ -7,7 +7,7 @@ import { Markdown } from "~/components";
 
 In this example, you are going to use the GraphQL Analytics API to query {props.productName} health check results which are aggregated from individual health checks carried out by Cloudflare servers to Generic Routing Encapsulation (GRE) tunnels you have set up to work with {props.productName} during the onboarding process. You can query up to one week of data for dates up to three months ago.
 
-The following API call will request a particular account's tunnel health checks over a one day period for a particular Cloudflare data center, and outputs the requested fields. Be sure to replace `<CLOUDFLARE_ACCOUNT_ID>`, `<EMAIL>`, and `<API_KEY>` with your API credentials, and adjust the `datetimeStart`, `datetimeEnd` variables as needed.
+The following API call will request a particular account's tunnel health checks over a one day period for a particular Cloudflare data center, and outputs the requested fields. Be sure to replace `<CLOUDFLARE_ACCOUNT_TAG>` and `<API_TOKEN>`[^1] with your API credentials, and adjust the `datetimeStart`, `datetimeEnd` variables as needed.
 
 It will return the tunnel health check results by Cloudflare data center. The result for each data center is aggregated from the healthchecks conducted on individual servers. The tunnel state field in the value represents the state of the tunnel. These states are used by {props.productName} for routing. The value `0` for the tunnel state represents it being down, the value `0.5` being degraded and the value `1` as healthy.
 
@@ -37,7 +37,7 @@ echo '{ "query":
     }
   }",
   "variables": {
-    "accountTag": "<CLOUDFLARE_ACCOUNT_ID>",
+    "accountTag": "<CLOUDFLARE_ACCOUNT_TAG>",
     "datetimeStart": "2022-08-04T00:00:00.000Z",
     "datetimeEnd": "2022-08-04T01:00:00.000Z"
   }
@@ -96,3 +96,5 @@ https://api.cloudflare.com/client/v4/graphql \
 #=>   "errors": null
 #=> }
 ```
+
+[^1]: Refer to [Configure an Analytics API token](/analytics/graphql-api/getting-started/authentication/api-token-auth/) for more information on configuration and permissions.
\ No newline at end of file