diff --git a/src/content/partials/fundamentals/create-token.mdx b/src/content/partials/fundamentals/create-token.mdx index f1d31602d5d0e7f..734f92d72ed093a 100644 --- a/src/content/partials/fundamentals/create-token.mdx +++ b/src/content/partials/fundamentals/create-token.mdx @@ -13,31 +13,33 @@ Before you begin, [find your zone and account IDs](/fundamentals/setup/find-acco ::: -1. From the [Cloudflare dashboard](https://dash.cloudflare.com/profile/api-tokens/), go to **My Profile** > **API Tokens**. +1. Determine if you want a user token or an account owned token. If you are developing a new service that you want multiple superadministrators to use and the endpoints that you are calling are compatible with account owned tokens, the option exists to use account tokens that are not connected to a specific user. -2. Select **Create Token**. +2. From the [Cloudflare dashboard](https://dash.cloudflare.com/profile/api-tokens/), go to **My Profile** > **API Tokens** for user tokens. For Account Tokens, go to **Manage Account** > **API Tokens**. -3. Select a template from the available [API token templates](/fundamentals/api/reference/template/) or create a custom token. We use the **Edit zone DNS** template in the following examples. +3. Select **Create Token**. -4. Add or edit the token name to describe why or how the token is used. Templates are prefilled with a token name and permissions. +4. Select a template from the available [API token templates](/fundamentals/api/reference/template/) or create a custom token. The following example uses the **Edit zone DNS** template. + +5. Add or edit the token name to describe why or how the token is used. Templates are prefilled with a token name and permissions. ![Token template overview screen](~/assets/images/fundamentals/api/template-customize.png) -5. Modify the token's permissions. After selecting a permissions group (*Account*, *User*, or *Zone*), choose what level of access to grant the token. Most groups offer `Edit` or `Read` options. `Edit` is full CRUDL (create, read, update, delete, list) access, while `Read` is the read permission and list where appropriate. Refer to the [available token permissions](/fundamentals/api/reference/permissions/) for more information. +6. Modify the token's permissions. After selecting a permissions group (*Account*, *User*, or *Zone*), choose what level of access to grant the token. Most groups offer `Edit` or `Read` options. `Edit` is full CRUDL (create, read, update, delete, list) access, while `Read` is the read permission and list where appropriate. Refer to the [available token permissions](/fundamentals/api/reference/permissions/) for more information. -6. Select which resources the token is authorized to access. For example, granting `Zone DNS Read` access to a zone `example.com` will allow the token to read DNS records only for that specific zone. Any other zone will return an error for DNS record reads operations. Any other operation on that zone will also return an error. +7. Select which resources the token is authorized to access. For example, granting `Zone DNS Read` access to a zone `example.com` will allow the token to read DNS records only for that specific zone. Any other zone will return an error for DNS record reads operations. Any other operation on that zone will also return an error. -7. (Optional) Restrict how a token is used in the **Client IP Address Filtering** and **TTL (time to live)** fields. +8. (Optional) Restrict how a token is used in the **Client IP Address Filtering** and **TTL (time to live)** fields. -8. Select **Continue to summary**. +9. Select **Continue to summary**. -9. Review the token summary. Select **Edit token** to make adjustments. You can also edit a token after creation. +10. Review the token summary. Select **Edit token** to make adjustments. You can also edit a token after creation. ![Token summary screen displaying the resources and permissions selected](~/assets/images/fundamentals/api/token-summary.png) -10. Select **Create Token** to generate the token's secret. +11. Select **Create Token** to generate the token's secret. -11. Copy the secret to a secure place. +12. Copy the secret to a secure place.