Docs Home
Cloudflare v6.3.1 published on Tuesday, Jun 17, 2025 by Pulumi
cloudflare.ApiToken
Explore with Pulumi AI
Example Usage
Example coming soon!
Example coming soon!
Example coming soon!
Example coming soon!
Example coming soon!
resources:
exampleApiToken:
type: cloudflare:ApiToken
name: example_api_token
properties:
name: readonly token
policies:
- effect: allow
permission_groups:
- id: c8fed203ed3043cba015a93ad1616f1f
meta:
key: key
value: value
- id: 82e64a83756745bbbb1c9c2701bf816b
meta:
key: key
value: value
resources:
com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43: '*'
com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4: '*'
condition:
request_ip:
in:
- 123.123.123.0/24
- 2606:4700::/32
notIn:
- 123.123.123.100/24
- 2606:4700:4700::/48
expiresOn: 2020-01-01T00:00:00Z
notBefore: 2018-07-01T05:20:00Z
Create ApiToken Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ApiToken(name: string, args: ApiTokenArgs, opts?: CustomResourceOptions);@overload
def ApiToken(resource_name: str,
args: ApiTokenArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ApiToken(resource_name: str,
opts: Optional[ResourceOptions] = None,
name: Optional[str] = None,
policies: Optional[Sequence[ApiTokenPolicyArgs]] = None,
condition: Optional[ApiTokenConditionArgs] = None,
expires_on: Optional[str] = None,
not_before: Optional[str] = None,
status: Optional[str] = None)func NewApiToken(ctx *Context, name string, args ApiTokenArgs, opts ...ResourceOption) (*ApiToken, error)public ApiToken(string name, ApiTokenArgs args, CustomResourceOptions? opts = null)
public ApiToken(String name, ApiTokenArgs args)
public ApiToken(String name, ApiTokenArgs args, CustomResourceOptions options)
type: cloudflare:ApiToken
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ApiTokenArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ApiTokenArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ApiTokenArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ApiTokenArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ApiTokenArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var apiTokenResource = new Cloudflare.ApiToken("apiTokenResource", new()
{
Name = "string",
Policies = new[]
{
new Cloudflare.Inputs.ApiTokenPolicyArgs
{
Effect = "string",
PermissionGroups = new[]
{
new Cloudflare.Inputs.ApiTokenPolicyPermissionGroupArgs
{
Id = "string",
Meta = new Cloudflare.Inputs.ApiTokenPolicyPermissionGroupMetaArgs
{
Key = "string",
Value = "string",
},
Name = "string",
},
},
Resources =
{
{ "string", "string" },
},
Id = "string",
},
},
Condition = new Cloudflare.Inputs.ApiTokenConditionArgs
{
RequestIp = new Cloudflare.Inputs.ApiTokenConditionRequestIpArgs
{
Ins = new[]
{
"string",
},
NotIns = new[]
{
"string",
},
},
},
ExpiresOn = "string",
NotBefore = "string",
Status = "string",
});
example, err := cloudflare.NewApiToken(ctx, "apiTokenResource", &cloudflare.ApiTokenArgs{
Name: pulumi.String("string"),
Policies: cloudflare.ApiTokenPolicyArray{
&cloudflare.ApiTokenPolicyArgs{
Effect: pulumi.String("string"),
PermissionGroups: cloudflare.ApiTokenPolicyPermissionGroupArray{
&cloudflare.ApiTokenPolicyPermissionGroupArgs{
Id: pulumi.String("string"),
Meta: &cloudflare.ApiTokenPolicyPermissionGroupMetaArgs{
Key: pulumi.String("string"),
Value: pulumi.String("string"),
},
Name: pulumi.String("string"),
},
},
Resources: pulumi.StringMap{
"string": pulumi.String("string"),
},
Id: pulumi.String("string"),
},
},
Condition: &cloudflare.ApiTokenConditionArgs{
RequestIp: &cloudflare.ApiTokenConditionRequestIpArgs{
Ins: pulumi.StringArray{
pulumi.String("string"),
},
NotIns: pulumi.StringArray{
pulumi.String("string"),
},
},
},
ExpiresOn: pulumi.String("string"),
NotBefore: pulumi.String("string"),
Status: pulumi.String("string"),
})
var apiTokenResource = new ApiToken("apiTokenResource", ApiTokenArgs.builder()
.name("string")
.policies(ApiTokenPolicyArgs.builder()
.effect("string")
.permissionGroups(ApiTokenPolicyPermissionGroupArgs.builder()
.id("string")
.meta(ApiTokenPolicyPermissionGroupMetaArgs.builder()
.key("string")
.value("string")
.build())
.name("string")
.build())
.resources(Map.of("string", "string"))
.id("string")
.build())
.condition(ApiTokenConditionArgs.builder()
.requestIp(ApiTokenConditionRequestIpArgs.builder()
.ins("string")
.notIns("string")
.build())
.build())
.expiresOn("string")
.notBefore("string")
.status("string")
.build());
api_token_resource = cloudflare.ApiToken("apiTokenResource",
name="string",
policies=[{
"effect": "string",
"permission_groups": [{
"id": "string",
"meta": {
"key": "string",
"value": "string",
},
"name": "string",
}],
"resources": {
"string": "string",
},
"id": "string",
}],
condition={
"request_ip": {
"ins": ["string"],
"not_ins": ["string"],
},
},
expires_on="string",
not_before="string",
status="string")
const apiTokenResource = new cloudflare.ApiToken("apiTokenResource", {
name: "string",
policies: [{
effect: "string",
permissionGroups: [{
id: "string",
meta: {
key: "string",
value: "string",
},
name: "string",
}],
resources: {
string: "string",
},
id: "string",
}],
condition: {
requestIp: {
ins: ["string"],
notIns: ["string"],
},
},
expiresOn: "string",
notBefore: "string",
status: "string",
});
type: cloudflare:ApiToken
properties:
condition:
requestIp:
ins:
- string
notIns:
- string
expiresOn: string
name: string
notBefore: string
policies:
- effect: string
id: string
permissionGroups:
- id: string
meta:
key: string
value: string
name: string
resources:
string: string
status: string
ApiToken Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ApiToken resource accepts the following input properties:
- Name string
- Token name.
- Policies
List<Api
Token Policy> - List of access policies assigned to the token.
- Condition
Api
Token Condition - Expires
On string - The expiration time on or after which the JWT MUST NOT be accepted for processing.
- Not
Before string - The time before which the token MUST NOT be accepted for processing.
- Status string
- Status of the token. Available values: "active", "disabled", "expired".
- Name string
- Token name.
- Policies
[]Api
Token Policy Args - List of access policies assigned to the token.
- Condition
Api
Token Condition Args - Expires
On string - The expiration time on or after which the JWT MUST NOT be accepted for processing.
- Not
Before string - The time before which the token MUST NOT be accepted for processing.
- Status string
- Status of the token. Available values: "active", "disabled", "expired".
- name String
- Token name.
- policies
List<Api
Token Policy> - List of access policies assigned to the token.
- condition
Api
Token Condition - expires
On String - The expiration time on or after which the JWT MUST NOT be accepted for processing.
- not
Before String - The time before which the token MUST NOT be accepted for processing.
- status String
- Status of the token. Available values: "active", "disabled", "expired".
- name string
- Token name.
- policies
Api
Token Policy[] - List of access policies assigned to the token.
- condition
Api
Token Condition - expires
On string - The expiration time on or after which the JWT MUST NOT be accepted for processing.
- not
Before string - The time before which the token MUST NOT be accepted for processing.
- status string
- Status of the token. Available values: "active", "disabled", "expired".
- name str
- Token name.
- policies
Sequence[Api
Token Policy Args] - List of access policies assigned to the token.
- condition
Api
Token Condition Args - expires_
on str - The expiration time on or after which the JWT MUST NOT be accepted for processing.
- not_
before str - The time before which the token MUST NOT be accepted for processing.
- status str
- Status of the token. Available values: "active", "disabled", "expired".
- name String
- Token name.
- policies List<Property Map>
- List of access policies assigned to the token.
- condition Property Map
- expires
On String - The expiration time on or after which the JWT MUST NOT be accepted for processing.
- not
Before String - The time before which the token MUST NOT be accepted for processing.
- status String
- Status of the token. Available values: "active", "disabled", "expired".
Outputs
All input properties are implicitly available as output properties. Additionally, the ApiToken resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Issued
On string - The time on which the token was created.
- Last
Used stringOn - Last time the token was used.
- Modified
On string - Last time the token was modified.
- Value string
- The token value.
- Id string
- The provider-assigned unique ID for this managed resource.
- Issued
On string - The time on which the token was created.
- Last
Used stringOn - Last time the token was used.
- Modified
On string - Last time the token was modified.
- Value string
- The token value.
- id String
- The provider-assigned unique ID for this managed resource.
- issued
On String - The time on which the token was created.
- last
Used StringOn - Last time the token was used.
- modified
On String - Last time the token was modified.
- value String
- The token value.
- id string
- The provider-assigned unique ID for this managed resource.
- issued
On string - The time on which the token was created.
- last
Used stringOn - Last time the token was used.
- modified
On string - Last time the token was modified.
- value string
- The token value.
- id str
- The provider-assigned unique ID for this managed resource.
- issued_
on str - The time on which the token was created.
- last_
used_ stron - Last time the token was used.
- modified_
on str - Last time the token was modified.
- value str
- The token value.
- id String
- The provider-assigned unique ID for this managed resource.
- issued
On String - The time on which the token was created.
- last
Used StringOn - Last time the token was used.
- modified
On String - Last time the token was modified.
- value String
- The token value.
Look up Existing ApiToken Resource
Get an existing ApiToken resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ApiTokenState, opts?: CustomResourceOptions): ApiToken@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
condition: Optional[ApiTokenConditionArgs] = None,
expires_on: Optional[str] = None,
issued_on: Optional[str] = None,
last_used_on: Optional[str] = None,
modified_on: Optional[str] = None,
name: Optional[str] = None,
not_before: Optional[str] = None,
policies: Optional[Sequence[ApiTokenPolicyArgs]] = None,
status: Optional[str] = None,
value: Optional[str] = None) -> ApiTokenfunc GetApiToken(ctx *Context, name string, id IDInput, state *ApiTokenState, opts ...ResourceOption) (*ApiToken, error)public static ApiToken Get(string name, Input<string> id, ApiTokenState? state, CustomResourceOptions? opts = null)public static ApiToken get(String name, Output<String> id, ApiTokenState state, CustomResourceOptions options)resources: _: type: cloudflare:ApiToken get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Condition
Api
Token Condition - Expires
On string - The expiration time on or after which the JWT MUST NOT be accepted for processing.
- Issued
On string - The time on which the token was created.
- Last
Used stringOn - Last time the token was used.
- Modified
On string - Last time the token was modified.
- Name string
- Token name.
- Not
Before string - The time before which the token MUST NOT be accepted for processing.
- Policies
List<Api
Token Policy> - List of access policies assigned to the token.
- Status string
- Status of the token. Available values: "active", "disabled", "expired".
- Value string
- The token value.
- Condition
Api
Token Condition Args - Expires
On string - The expiration time on or after which the JWT MUST NOT be accepted for processing.
- Issued
On string - The time on which the token was created.
- Last
Used stringOn - Last time the token was used.
- Modified
On string - Last time the token was modified.
- Name string
- Token name.
- Not
Before string - The time before which the token MUST NOT be accepted for processing.
- Policies
[]Api
Token Policy Args - List of access policies assigned to the token.
- Status string
- Status of the token. Available values: "active", "disabled", "expired".
- Value string
- The token value.
- condition
Api
Token Condition - expires
On String - The expiration time on or after which the JWT MUST NOT be accepted for processing.
- issued
On String - The time on which the token was created.
- last
Used StringOn - Last time the token was used.
- modified
On String - Last time the token was modified.
- name String
- Token name.
- not
Before String - The time before which the token MUST NOT be accepted for processing.
- policies
List<Api
Token Policy> - List of access policies assigned to the token.
- status String
- Status of the token. Available values: "active", "disabled", "expired".
- value String
- The token value.
- condition
Api
Token Condition - expires
On string - The expiration time on or after which the JWT MUST NOT be accepted for processing.
- issued
On string - The time on which the token was created.
- last
Used stringOn - Last time the token was used.
- modified
On string - Last time the token was modified.
- name string
- Token name.
- not
Before string - The time before which the token MUST NOT be accepted for processing.
- policies
Api
Token Policy[] - List of access policies assigned to the token.
- status string
- Status of the token. Available values: "active", "disabled", "expired".
- value string
- The token value.
- condition
Api
Token Condition Args - expires_
on str - The expiration time on or after which the JWT MUST NOT be accepted for processing.
- issued_
on str - The time on which the token was created.
- last_
used_ stron - Last time the token was used.
- modified_
on str - Last time the token was modified.
- name str
- Token name.
- not_
before str - The time before which the token MUST NOT be accepted for processing.
- policies
Sequence[Api
Token Policy Args] - List of access policies assigned to the token.
- status str
- Status of the token. Available values: "active", "disabled", "expired".
- value str
- The token value.
- condition Property Map
- expires
On String - The expiration time on or after which the JWT MUST NOT be accepted for processing.
- issued
On String - The time on which the token was created.
- last
Used StringOn - Last time the token was used.
- modified
On String - Last time the token was modified.
- name String
- Token name.
- not
Before String - The time before which the token MUST NOT be accepted for processing.
- policies List<Property Map>
- List of access policies assigned to the token.
- status String
- Status of the token. Available values: "active", "disabled", "expired".
- value String
- The token value.
Supporting Types
ApiTokenCondition, ApiTokenConditionArgs
- Request
Ip ApiToken Condition Request Ip - Client IP restrictions.
- Request
Ip ApiToken Condition Request Ip - Client IP restrictions.
- request
Ip ApiToken Condition Request Ip - Client IP restrictions.
- request
Ip ApiToken Condition Request Ip - Client IP restrictions.
- request_
ip ApiToken Condition Request Ip - Client IP restrictions.
- request
Ip Property Map - Client IP restrictions.
ApiTokenConditionRequestIp, ApiTokenConditionRequestIpArgs
ApiTokenPolicy, ApiTokenPolicyArgs
- Effect string
- Allow or deny operations against the resources. Available values: "allow", "deny".
- Permission
Groups List<ApiToken Policy Permission Group> - A set of permission groups that are specified to the policy.
- Resources Dictionary<string, string>
- A list of resource names that the policy applies to.
- Id string
- Policy identifier.
- Effect string
- Allow or deny operations against the resources. Available values: "allow", "deny".
- Permission
Groups []ApiToken Policy Permission Group - A set of permission groups that are specified to the policy.
- Resources map[string]string
- A list of resource names that the policy applies to.
- Id string
- Policy identifier.
- effect String
- Allow or deny operations against the resources. Available values: "allow", "deny".
- permission
Groups List<ApiToken Policy Permission Group> - A set of permission groups that are specified to the policy.
- resources Map<String,String>
- A list of resource names that the policy applies to.
- id String
- Policy identifier.
- effect string
- Allow or deny operations against the resources. Available values: "allow", "deny".
- permission
Groups ApiToken Policy Permission Group[] - A set of permission groups that are specified to the policy.
- resources {[key: string]: string}
- A list of resource names that the policy applies to.
- id string
- Policy identifier.
- effect str
- Allow or deny operations against the resources. Available values: "allow", "deny".
- permission_
groups Sequence[ApiToken Policy Permission Group] - A set of permission groups that are specified to the policy.
- resources Mapping[str, str]
- A list of resource names that the policy applies to.
- id str
- Policy identifier.
- effect String
- Allow or deny operations against the resources. Available values: "allow", "deny".
- permission
Groups List<Property Map> - A set of permission groups that are specified to the policy.
- resources Map<String>
- A list of resource names that the policy applies to.
- id String
- Policy identifier.
ApiTokenPolicyPermissionGroup, ApiTokenPolicyPermissionGroupArgs
- Id string
- Identifier of the group.
- Meta
Api
Token Policy Permission Group Meta - Attributes associated to the permission group.
- Name string
- Name of the group.
- Id string
- Identifier of the group.
- Meta
Api
Token Policy Permission Group Meta - Attributes associated to the permission group.
- Name string
- Name of the group.
- id String
- Identifier of the group.
- meta
Api
Token Policy Permission Group Meta - Attributes associated to the permission group.
- name String
- Name of the group.
- id string
- Identifier of the group.
- meta
Api
Token Policy Permission Group Meta - Attributes associated to the permission group.
- name string
- Name of the group.
- id str
- Identifier of the group.
- meta
Api
Token Policy Permission Group Meta - Attributes associated to the permission group.
- name str
- Name of the group.
- id String
- Identifier of the group.
- meta Property Map
- Attributes associated to the permission group.
- name String
- Name of the group.
ApiTokenPolicyPermissionGroupMeta, ApiTokenPolicyPermissionGroupMetaArgs
Import
$ pulumi import cloudflare:index/apiToken:ApiToken example '<token_id>'
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Cloudflare pulumi/pulumi-cloudflare
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cloudflareTerraform Provider.