Move CloudFlare authentication from Keys to Tokens

[tquin]

CloudFlare now recommends using API Tokens over the previous global key. From their docs:

Global API key has multiple limitations when compared to API tokens:

Access to all Cloudflare resources - Global API key has access to all of a user’s resources. This makes it impossible to safely use Global API key to access non-production resources when a user also has access to production resources.

Full permissions - Similarly, Global API key has the exact same permissions as the user, which means if the user can delete zones or change DNS records, so can the Global API key.

Limited to one per user - Only one Global API key can be provisioned per user. This complicates using Cloudflare’s API in production systems where maintaining two secrets for accessing the API is important in the case one needs to be rolled.

Lack of advanced limits on usage - API tokens can be limited to specific time windows and expire or be limited to use from specific IP ranges.

For these reasons, Global API key is not recommended for new customers. Current customers using Global API key are encouraged to migrate and use API tokens instead.

[shyaminayesh]

I think we already can use API tokens, will double check and confirm 🤔

[tquin]

Thanks! I had a brief look and I think it would be as simple as changing what header is used, so hopefully it's an easy change.

[shyaminayesh]

Thanks! I had a brief look and I think it would be as simple as changing what header is used, so hopefully it's an easy change.

I'll also focus on this when I'm continue the rewrite. Expecting to have some free time in this weekend. 😺