This bash script automates the process of creating a Cloudflare API token with full zone permissions. It fetches all permission groups that have a scope related to zones. Once the appropriate permission groups are retrieved, the script creates a new API token with these permissions for a specific zone, which is defined by the ZONE_ID variable. A…

cloudflare_zone_token_generator.sh

#! /bin/bash

# 1) Make file executable: chmod +x cloudflare_zone_token_generator.sh
# 2) Set variable values: API_KEY, EMAIL_ADDRESS, ZONE_ID
# 3) ./cloudflare_zone_token_generator.sh

# Global API Key: https://dash.cloudflare.com/profile/api-tokens 
API_KEY=""

# Email address associated with your account
EMAIL_ADDRESS=""

ZONE_ID=""

if ! [ -x "$(command -v jq)" ]; then
  sudo apt-get update
  sudo apt-get install -y jq
fi

PERMISSION_GROUPS=$(curl -s -X GET "https://api.cloudflare.com/client/v4/user/tokens/permission_groups" \
  -H "X-Auth-Key: $API_KEY" \
  -H "X-Auth-Email: $EMAIL_ADDRESS" \
  -H "Content-Type: application/json" | jq -c '.result | map(select(.scopes[] | contains("com.cloudflare.api.account.zone"))) | map(select(.name | contains("Domain Page Shield") | not))')

TOKEN_DATA="{
  \"name\": \"Full Zone Permissions\",
  \"policies\": [{
    \"effect\": \"allow\",
    \"resources\": {
      \"com.cloudflare.api.account.zone.$ZONE_ID\": \"*\"
    },
    \"permission_groups\": $PERMISSION_GROUPS
  }]
}"

TOKEN_RESULT=$(curl -s -X POST "https://api.cloudflare.com/client/v4/user/tokens" \
  -H "X-Auth-Key: $API_KEY" \
  -H "X-Auth-Email: $EMAIL_ADDRESS" \
  -H "Content-Type: application/json" \
  --data "$TOKEN_DATA" | jq -c '.result.value')

echo "Created token: $TOKEN_RESULT"