Deleting DNS Record with API Endpoint
I am attempting to delete a dns record from our zone and I am only getting the status code 10000 and "Authentication error", I am using the same api key to create dns records which works fine but no matter which headers I put in, Ex. X-Auth-Key, X-Auth-Email, Authorization I just get the same error (putting these in all at the same time). The email I provided is the owner of this domain on cloudflare and the api key is the one I use to create dns records.
35 Replies
I’m using the route https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-delete-dns-record
Cloudflare API Documentation
Interact with Cloudflare's products and services via the Cloudflare API
Can you share an example peice of code you are using to make the API call?
Sure this is just listing the dns records which I also get Authentication error on
Does that help or would u like the specific endpoint for dns deleting
Just to be clear, when making a request you replace API_KEY with your actual API key?
Yeah, same for email and Authorization
I'm not sure what email is supposed to be there but I replaced it with the email that created this specific api key
I think you can skip both of those when using the Authorization header with an API key
In fact you may want to try that
I get the same error
Can you send a screenshot of the permissions you have set up for the API key?
Instead of trying to set the headers manually, why don't you clear everything from there and within Insomnia just select Auth > Bearer Token and then just paste in your token without the
Bearer
prefix?
Might solve the issueThat seems right, you could try double checking if the zone ID is right, as well as temporarily increasing the permissions for the API key to the issue might be related to that
Im gonna give it a try with my cloudflare global api key
Yeah if you are using an api token then you only need the authorization header. You should never have all 3 auth headers
I mean, if the api key can create dns records it should also work for this right?
Same thing
Is there some way to verify this api key is valid?
Did you do what I mentioned? I just checked my Insomnia installation, and your second tab says 'Bearer', so I'm guessing you have specified a key there too so you're sending that header twice?
It's disabled
Do you mean the global key? If so then yes, but you need the x-auth-email header. You need both x-auth-email and x-auth-key header if using global auth or just the authorization header if using an api token
I tried with just that and same error
This is not a global api key, https://media.discordapp.net/attachments/1193780076974706748/1194075708927000676/Screenshot_2024-01-08_163004.png?ex=65af08a9&is=659c93a9&hm=4b713a36d4b29f5a050a99d3bb2b314a86979a435da72a46aac07be03468ac1d&=&format=webp&quality=lossless with this as the configuration
You can use https://developers.cloudflare.com/api/operations/user-api-tokens-verify-token to verify the token
Cloudflare API Documentation
Interact with Cloudflare's products and services via the Cloudflare API
Only other thing would be double checking the zone id. Just a sanity check that you followed https://developers.cloudflare.com/fundamentals/setup/find-account-and-zone-ids/#find-zone-and-account-ids to get the zone id
Token valid
I'm really not sure what else I can do to test
Can you double check the zone id is correct?
Exposing the zone id can't do any harm right
No. Zone and Account are fine to make public
What if you do a bare bones request with curl like
I tried making a support ticket for this but I don't have a paid plan
I just tried converting my code for adding dns records to a curl command and received an authentication error but I just double checked and my add dns record works still
Can you try adding the read permission to the api token?
Looks like it is working now, must have been this because I didn't modify anything else. Appreciate the help!