Cloudflare CF_API_TOKEN doesn't work

[maxkokocom]

Example of cloudflare suggests we can use CF_API_TOKEN as long as we give it right permissions, but it doesn't seem to be working for me, but also in a closed issue comment here: https://github.com/kubernetes-sigs/external-dns/issues/342#issuecomment-1586143643

Maybe API change, maybe the docs are unprecise.

Error code I am getting: level=fatal msg="Invalid request headers (6003)"

I tried few different configs, but current one is:

    spec:
      serviceAccountName: external-dns
      containers:
      - name: external-dns
        image: registry.k8s.io/external-dns/external-dns:v0.14.0
        args:
        - --source=ingress # ingress is also possible
        - --domain-filter=my.domain # (optional) limit to only example.com domains; change to match the zone created above.
        - --provider=cloudflare
        - --cloudflare-proxied # (optional) enable the proxy feature of Cloudflare (DDOS protection, CDN...)
        - --cloudflare-dns-records-per-page=5000 # (optional) configure how many DNS records to fetch per request
        env:
        - name: CF_API_TOKEN
          value: "XXX"

[pievalentin]

Same issue here! Edit: My fix was the use the global api keys as mentioned in #342 Its not very safe as the global key has a lot of privilege :/

[amjanoni]

I was having the issue but turns out that it wasn't getting the right token file.

[vertisan]

I'm also using a CF_API_TOKEN and everything works fine.
Here is my values.yml for the Helm chart:

domainFilters:
  - "example.com"
provider:
  name: cloudflare
policy: sync
env:
  - name: CF_API_TOKEN
    valueFrom:
      secretKeyRef:
        name: external-dns-cloudflare
        key: apiToken

Ofc you need to create a Secret with a token ;)

[alexchiri]

Another potential cause for this is an invisible character in the token or api-key. Make sure to echo -n "token_value" | base64 when base64 encoding the key or token to put in the secret.