Skip to content

Commit

Permalink
Update account owned tokens (#18684)
Browse files Browse the repository at this point in the history 
* Update account owned tokens

1. Update description to reflect GA status
2. Add procedural instructions

* Update src/content/partials/fundamentals/account-owned-tokens.mdx

Co-authored-by: hyperlint-ai[bot] <154288675+hyperlint-ai[bot]@users.noreply.github.com>

* Update src/content/partials/fundamentals/account-owned-tokens.mdx

Co-authored-by: Patricia Santa Ana <103445940+patriciasantaana@users.noreply.github.com>

* Update src/content/partials/fundamentals/account-owned-tokens.mdx

Co-authored-by: Patricia Santa Ana <103445940+patriciasantaana@users.noreply.github.com>

* Update src/content/partials/fundamentals/account-owned-tokens.mdx

Co-authored-by: Patricia Santa Ana <103445940+patriciasantaana@users.noreply.github.com>

* Update src/content/partials/fundamentals/account-owned-tokens.mdx

Co-authored-by: Patricia Santa Ana <103445940+patriciasantaana@users.noreply.github.com>

* Apply suggestions from code review

* Update src/content/partials/fundamentals/account-owned-tokens.mdx

* Add Argo

* Add managed rules test result

---------

Co-authored-by: hyperlint-ai[bot] <154288675+hyperlint-ai[bot]@users.noreply.github.com>
Co-authored-by: Patricia Santa Ana <103445940+patriciasantaana@users.noreply.github.com>
  • Loading branch information
@jhutchings1 @hyperlint-ai @patriciasantaana
3 people authored Dec 17, 2024
1 parent 4541528 commit c0cd39b
Showing 1 changed file with 68 additions and 70 deletions.
138 changes: 68 additions & 70 deletions src/content/partials/fundamentals/account-owned-tokens.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,84 +4,82 @@

---

Account owned tokens are the first step that Cloudflare is taking to represent service principals in our service.

Cloudflare is working to ensure that all features eventually become compatible with account owned tokens.

If you are working with a service that is not currently supported by account owned tokens, it is recommended that you continue to use the existing user tokens.
While user tokens act on behalf of a particular user and inherit a subset of that user's permissions, account owned tokens allow you to set up durable integrations that can act as service principals with their own specific set of permissions. This approach is ideal for scenarios like CI/CD, or building integrations with external services like SEIMs where it is important that the integration continues working, even long after the user who configured the integration may have left your organization altogether. User tokens are better for ad hoc tasks like scripting, where acting as the user is ideal and durability is less of a concern.

## Create an account owned token
:::note
User tokens will continue to work and we do not have plans to deprecate them.
Creating an account owned token requires Super Administrator permission on the account
:::

Account owned tokens are available to all customers. Super Administrators of accounts on the [Cloudflare dashboard](https://dash.cloudflare.com/) can find them via **Manage Account** > **API Tokens**.

You can still create tokens using the Cloudflare dashboard, and it can also be accessed via the API at `/accounts/<accountID>/tokens`.
1. Log into the [Cloudflare dashboard](https://dash.cloudflare.com).
2. Go to **Manage Account** > **Account API Tokens**.
4. Select **Create Token** and fill in the token name, permissions, and the optional expiration date for the token.
5. Select **Continue to summary** and review the details.
6. Select **Create Token**.

Try using account owned tokens specifically in these scenarios:

- You require business continuity when managing tokens as a team of super administrators.
- You need to restrict API access on your account and want to centralize visibility and management of these tokens.
Alternatively, you can create a token using the [account owned token creation API](/api/resources/accounts/subresources/tokens/methods/create/).

Refer to the [blog post](https://blog.cloudflare.com/account-owned-tokens-automated-actions-zaraz/) for more information.

## Compatibility matrix

Account owned tokens are a new credential type that is currently in open beta. Refer to the table below for products currently supported and their compatibility status.
Account owned tokens are generally available for all accounts. Some services may not support account owned tokens yet. Refer to the compatibility matrix below for the latest status.

| Product | Compatibility |
| --- | --- |
| Access ||
| Account Analytics ||
| Account Management ||
| AI Gateway ||
| AMP ||
| API Shield ||
| Argo ||
| Billing ||
| Cache ||
| Cloud Connector ||
| Configuration Rules ||
| Custom Pages ||
| Data Loss Prevention ||
| Digital Experience Monitoring ||
| Distributed Web ||
| DNS | Partial (Non-analytics) |
| Durable Objects ||
| Email Relay ||
| Gateway Filtering ||
| Healthchecks ||
| Hyperdrive ||
| Images ||
| Intel Data Platform ||
| Load Balancing ||
| Log Explorer ||
| Magic Network Monitoring ||
| Magic Transit ||
| Magic WAN ||
| Managed Rules ||
| Network Error Logging ||
| Page Shield ||
| Pages ||
| Pub/Sub ||
| R2 ||
| Radar ||
| Registrar ||
| Rulesets ||
| Spectrum ||
| Speed ||
| Stream ||
| Super Bot Fight Mode ||
| Trace ||
| Tunnels ||
| Turnstile ||
| Vectorize ||
| Waiting Room ||
| Workers ||
| Workers AI ||
| Workers KV ||
| Workers Observability ||
| Workers Queues ||
| Zaraz ||
| Zero Trust Client Platform ||
| Zero Trust Devices and Services ||
| Zone/Domain Management ||

| Product | Compatible |
| ------------------------------- | ----------------------- |
| Account Management ||
| Account Analytics ||
| Zero Trust Devices and Services ||
| Stream ||
| Pages ||
| Speed ||
| Images ||
| Zone/Domain Management ||
| Workers ||
| Workers Queues ||
| Workers KV ||
| Workers AI ||
| Workers Observability ||
| Durable Objects ||
| R2 ||
| Tunnels ||
| Cache ||
| Rulesets ||
| Custom Pages ||
| Cloud Connector ||
| Trace ||
| Configuration Rules ||
| DNS | Partial (Non-analytics) |
| Access ||
| Magic WAN ||
| Magic Transit ||
| Magic Network Monitoring ||
| Managed Rules ||
| Load Balancing ||
| Spectrum ||
| Pub/Sub ||
| Distributed Web ||
| Radar ||
| Data Loss Prevention ||
| Network Error Logging ||
| Super Bot Fight Mode ||
| Page Shield ||
| AI Gateway ||
| Turnstile ||
| AMP ||
| API Shield ||
| Billing ||
| Digital Experience Monitoring ||
| Intel Data Platform ||
| Email Relay ||
| Gateway Filtering ||
| Healthchecks ||
| Log Explorer ||
| Zero Trust Client Platform ||
| Registrar ||
| Hyperdrive ||
| Vectorize ||
| Waiting Room ||
| Zaraz ||

0 comments on commit c0cd39b

Please sign in to comment.