Metadata-Version: 2.4
Name: fastcflare
Version: 0.0.2
Summary: Complete access to the Cloudflare SDK
Author-email: Jeremy Howard <github@jhoward.fastmail.fm>
License: Apache-2.0
Project-URL: Repository, https://github.com/AnswerDotAI/fastcflare
Project-URL: Documentation, https://AnswerDotAI.github.io/fastcflare/
Keywords: nbdev
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3 :: Only
Requires-Python: >=3.10
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: httpx
Requires-Dist: fastcore
Requires-Dist: jsonref
Dynamic: license-file

# FastCF


<!-- WARNING: THIS FILE WAS AUTOGENERATED! DO NOT EDIT! -->

``` python
from fastcore.utils import *
from fastcflare import *
```

## Intro to Account Tokens

Account-owned API tokens (created via `/accounts/{id}/tokens`) are tied
to the **account**, not a specific user. They act as service principals
— ideal for CI/CD pipelines and service-to-service integrations, since
they remain valid even if the creating user leaves the organisation.

### Creating Account Tokens

You need a token with “Create Additional Tokens” permission at the
account level. Use the Cloudflare Python SDK with the **Global API
Key** + email (not a user token):

``` python
from cloudflare import Cloudflare
cf = Cloudflare(api_token=your_cf_token, api_email='you@example.com')
accts = cf.accounts.list()
acct_id = accts.result[0].id
```

Look up available permission groups for your account:

``` python
groups = cf.accounts.tokens.permission_groups.list(account_id=acct_id)
{g.name: g.id for g in groups if 'dns' in g.name.lower() or 'zone' in g.name.lower()}
```

Create the token with **nested resource format** — zones must be nested
under the account:

``` python
tok = cf.accounts.tokens.create(account_id=acct_id, name="dns-all-zones", policies=[{
    "effect": "allow",
    "resources": {f"com.cloudflare.api.account.{acct_id}": {"com.cloudflare.api.account.zone.*": "*"}},
    "permission_groups": [
        {"id": "c8fed203ed3043cba015a93ad1616f1f"},  # Zone Read
        ...
    ]
}])
dns_tok = tok.value  # Save this — it's only shown once
```

⚠️ The resource format `{"com.cloudflare.api.account.zone.*": "*"}`
(without nesting) will fail with: *“Must specify a zone for account
owned tokens, or nest zone under specific account resource”*
