Is there any way to revoke the old token?
I have already deleted all api tokens in the dashboard, but the old ones still work like a charm 🤣
14 Replies
I'm using the Go S3 SDK to access R2. "Public access" is disabled
Are they still working?
yes
It might be a side effect of the ongoing incident related to R2 auth https://www.cloudflarestatus.com/incidents/gx41btmhkf9m. If they still work after the incident is resolved then I will raise this to the team
I have already deleted all API tokens, including some unrelated ones, but the old tokens are still valid
Now I have only suspended all work until the issue is resolved. By the way, thanks for the response
All tokens still work or just R2 tokens still work?
Only R2 tokens are still functional
Also, newly created R2 tokens cannot be used and will display a 401 Error Code
Yeah sounds like a side effect of the incident related to R2 auth
@sin can you check your API tokens now?
Still work like a charm 😂
Are you on a plan that is able to make tickets?
I am a lazy person, maybe I just wait for them to fix it 🤣
Just concerned about whether the older tokens have been properly revoked. There is no way to check who is using my token
I think Cloudflare needs to develop some features like AWS CloudTrail, or at least have an interface to show the last usage status of all my current tokens
They have the audit log https://dash.cloudflare.com/?to=/:account/audit-log so you can track that stuff
But I would make a ticket if possible so they that they can investigate
The audit log only displays events like "Token create" or "Token revoke" and cannot show API token usage statistics, such as ListObjectsV2, DeleteObject, or the token's last usage date
Ah after those level of metrics. The API token page does show when a token was last used