[teruakohatu]

This has blown my mind. Its been a constant source of frustration since Cloudflare stubbornly refuses to allow non-enterprise accounts to have a seperate key per zone. The thread requesting it is a masterclass in passive aggressiveness:

https://community.cloudflare.com/t/restrict-scope-api-tokens...

[Jnr]

When setting up the API key, use the "Select zones to include or exclude." section. Works fine on the free account.

[teruakohatu]

I should have clarified, you can’t for subdomains on a non-enterprise account.

[Kovah]

Could you elaborate on the separate key per zone issue? It's possible to create different API keys which have only access to a specific zone, and I'm a non-enterprise user.

[radlad]

This allows you to restrict it to a domain (e.g. example.com) but not a sub-domain of that domain.

[Kovah]

Ah I see, thanks for the clarification!