Cloudflare: Missing or invalid-looking alphanumeric API token @Staff

gjdunga · March 28, 2025, 7:58pm

| SYSTEM INFORMATION||
Distributor ID: Ubuntu
Description: Ubuntu 24.04.2 LTS
Release: 24.04
Codename: noble
Virtualmin: 7.9.0 Pro, Using 2.203 for usermin/webmin

I am trying to use cloudflare as my DNS.
Got pro, but everytime I create a API key, it tells me.
“Missing or invalid-looking alphanumeric API token”

The following is removed api key’s that Cloudflare Previously provided:
pqjJj_mwo_o-0zvDdXnMnIPDJbNDvPGCTREPIga0

When I run the curl script provided by cloudflare, I get a “This API Token is valid and active”.

Is there a way to have virtualmin ignore the fingerprinting or whatever your doing to see if cloudflare changed the key in a way your not expecting?

Help!

Joe · March 28, 2025, 8:08pm

Is this really your Virtualmin version? That’s quite old. Please update to 7.30.8 and try again. I don’t know if it’s a known/fixed bug, but you’re running a version from December of 2023, so…you have a lot of known/fixed bugs.

gjdunga · March 28, 2025, 9:25pm

It’s been updated to 7.30.8 Pro
The Problem is not resolved.

gjdunga · March 28, 2025, 9:25pm

If I use the Whole account API (That includes God Like Powers, it works)
But if you use the API key’s they have setup so you can lock stuff down, it does not.

Ilia · March 28, 2025, 9:33pm

You need to configure it correctly:

Joe · March 29, 2025, 3:26am

Is that really what’s happening here? We seem to be detecting it as an invalid key? Why would that be so? The error needs to be better, if there really are multiple kinds of keys and one kind is wrong. This seems like a check that’s happening before authentication is even tried.

Ilia · March 29, 2025, 6:06pm

Yes, that was an issue in earlier versions of Virtualmin, but it is no longer a problem.

gjdunga · March 29, 2025, 9:15pm

If you use the Global API Key, It works.

If you use the API Token, it does not work… Just tried to do this again.

I would prefer to use the Token because I don’t need a Key floating around that gives full access to my entire cloudflare account. I would rather have a token that is restricted to doing one thing, DNS.

So, how do we deal with this?

Ilia · March 30, 2025, 4:29pm

Can you show a screenshot of the “Addresses and Networking ⇾ Cloud DNS Providers” page before and after the page submission? You should obfuscate the actual CF API key.