cloudflare · ranbel · Aug 11, 2025 · Aug 11, 2025 · Aug 11, 2025
@@ -2045,6 +2045,7 @@
 /cloudflare-one/api-terraform/gateway-api-examples/dns-policy/ /cloudflare-one/policies/gateway/dns-policies/common-policies/ 301
 /cloudflare-one/api-terraform/gateway-api-examples/network-policy/ /cloudflare-one/policies/gateway/network-policies/common-policies/ 301
 /cloudflare-one/api-terraform/gateway-api-examples/http-policy/ /cloudflare-one/policies/gateway/http-policies/common-policies/ 301
+/cloudflare-one/api-terraform/scoped-api-tokens/ /fundamentals/api/get-started/create-token/ 301
 /cloudflare-one/applications/casb/troubleshooting/ /cloudflare-one/applications/casb/troubleshooting/troubleshoot-integrations/ 301
 /cloudflare-one/applications/configure-apps/self-hosted-apps/ /cloudflare-one/applications/configure-apps/self-hosted-public-app/ 301
 /cloudflare-one/applications/non-http/arbitrary-tcp/ /cloudflare-one/applications/non-http/cloudflared-authentication/arbitrary-tcp/ 301

@@ -21,3 +21,9 @@ To enable read-only mode:
 2. Enable **API/Terraform read-only mode**.
 
 All users, regardless of [user permissions](/cloudflare-one/roles-permissions/), will be prevented from making configuration changes through the UI.
+
+## Scoped API tokens
+
+The administrators managing policies and groups in Cloudflare Zero Trust might be different from those responsible for configuring WAF custom rules or other Cloudflare settings. You can configure scoped API tokens so that team members and automated systems can manage Zero Trust settings without having permission to modify other configurations in Cloudflare.
+
+You can create a scoped API token [via the dashboard](/fundamentals/api/get-started/create-token/) or [via the API](/fundamentals/api/how-to/create-via-api/). For a list of available token permissions, refer to [API token permissions](/fundamentals/api/reference/permissions/).