search

alphabt / asuswrt-merlin-ddns-cloudflare

CloudFlare DDNS update script for Asuswrt-Merlin
76 stars 23 forks source link

Restricted API instead of Global API? #2

Closed smcllc closed 5 years ago

smcllc commented 5 years ago

I was wondering if you had tried this with the new Restricted API keys Cloudflare has in BETA? Here is an example POST:

curl -i -X POST "https://api.cloudflare.com/client/v4/zones//purge_cache" \ -H "Authorization: Bearer " \ -H "Content-Type: application/json" \ --data '{"purge_everything":true}'

We may be able to change the curl commands to use the new Restricted API and limit exposure to a hack instead of using the Global API key. What do you think?

FYI: https://community.cloudflare.com/t/restricted-api-keys/13647/106

alphabt commented 5 years ago

Thanks for your suggestion. I agree switching to the token will greatly improve security.

I've updated the script via https://github.com/alphabt/asuswrt-merlin-ddns-cloudflare/commit/6895921bb1d149259b78df1306b228fdaec8e5b2 to authenticate using the API Token. I've tested it in my own router and it works. Please let me if there's anything else I miss. Thanks!