Service Key Authentication Sunset

Cloudflare has announced the deprecation of Service Key authentication for the Cloudflare API. Service Keys will stop functioning on September 30, 2026, giving developers over nine months to migrate their integrations.

Migration Requirements

To prepare for this change, developers need to take the following actions:

• Replace the X-Auth-User-Service-Key header with an API Token in all API requests
• Update cloudflared to a version from November 2022 or later (these versions already use API Tokens)
• Update origin-ca-issuer to a version that supports API Token authentication

Why the Change?

API Tokens replace Service Keys with enhanced security features including fine-grained permissions, expiration dates, and revocation capabilities. This approach provides better control and security posture for integrations accessing the Cloudflare API.

Developers should begin the migration process immediately to avoid service interruptions after the September 30, 2026 deadline. Refer to the API deprecations documentation for additional details.