Updating docs to indicate correct Authorization Header for Signed URL requests#2
Updating docs to indicate correct Authorization Header for Signed URL requests#2kellydunn wants to merge 1 commit into
Conversation
|
Hey @kellydunn: Cloudflare API has two authentication methods: API Keys and API Tokens. You either need to specify Here's the page where some differences between tokens and keys are documented: https://support.cloudflare.com/hc/en-us/articles/200167836-Managing-API-Tokens-and-Keys New developers on Cloudflare seem to use API Tokens rather than Keys so I think we should move all examples in the Stream docs to use Tokens. |
|
@ispivey @renandincer should this be closed? |
Word, yeah -- we currently enjoy segmenting access to third-party APIs in our SOA/microservice Architecture by creating Service Specific Access Tokens, not just for cloudflare, but for other services as well. I'd imagine folks would definitely want to follow similar patterns if they wanted to separate access on a service by service level. |
|
@adamschwartz I'll push up a change making all examples use auth tokens, rather than auth keys to avoid confusion. Please keep this open for a few days until I get to it. |
|
Opened #149 to make this change across the entire Stream docs |
|
@renandincer Should we close this then? |
|
Yep! Let's discuss on #149! |
Deploying cloudflare-docs with
|
| Latest commit: |
1d16bbe
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://359b3f44.cloudflare-docs-7ou.pages.dev |
Update short-lived-certificates.md
|
Files with changes (up to 15)
|
* [Chore] Expand ignore list #2 * Update language
* Add placeholders for new folder and pages and fill in frontmatter * Add outline for index.mdx and fill in TLS background info * Apply suggestion: Reword intro to TLS building blocks Co-authored-by: Peter Wu <peter@lekensteyn.nl> * Fix typo and reword index.mdx meta description * Improve parallelism, refine text, and link out to TLS handshake LC * Fill in hybrid key agreement section * Complete visitor-to-cloudflare intro paragraph * Add mermaid digram for connections and reword #2 * Fix Internet capitalization Co-authored-by: hyperlint-ai[bot] <154288675+hyperlint-ai[bot]@users.noreply.github.com> * Rename file, fill in, and link to pqc-support * Fix capitalization and fill in Intenal connections section * Fill in Cf to origin and review titles and headings * Fix missing hyphen and touch up pqc-to-origin description * Add split ClientHello and HRR workaround to pqc-to-origin * Add setup instructions to pqc-to-origin * Apply suggestion from code review Co-authored-by: hyperlint-ai[bot] <154288675+hyperlint-ai[bot]@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Luke Valenta <lvalenta@cloudflare.com> Co-authored-by: Suleman Ahmad <36677672+SulemanAhmadd@users.noreply.github.com> * Replace store by harvest, adjust RFC link cf Style Guide, and split long paragarph * Add reference to PQ signatures and link out to blog * Fix origin server section to use fork and bssl for both cases * Add link to Cloudflare Radar Co-authored-by: Luke Valenta <lvalenta@cloudflare.com> * Text review and move link to Radar higher up in the page * Simplify origin server instructions to use BoringSSL instead of fork Co-authored-by: Suleman Ahmad <36677672+SulemanAhmadd@users.noreply.github.com> * Overall text review and remove previous origin instructions * Apply suggestion from code review Co-authored-by: Jun Lee <junlee@cloudflare.com> --------- Co-authored-by: Peter Wu <peter@lekensteyn.nl> Co-authored-by: hyperlint-ai[bot] <154288675+hyperlint-ai[bot]@users.noreply.github.com> Co-authored-by: Luke Valenta <lvalenta@cloudflare.com> Co-authored-by: Suleman Ahmad <36677672+SulemanAhmadd@users.noreply.github.com> Co-authored-by: Jun Lee <junlee@cloudflare.com>
* Add placeholders for new folder and pages and fill in frontmatter * Add outline for index.mdx and fill in TLS background info * Apply suggestion: Reword intro to TLS building blocks Co-authored-by: Peter Wu <peter@lekensteyn.nl> * Fix typo and reword index.mdx meta description * Improve parallelism, refine text, and link out to TLS handshake LC * Fill in hybrid key agreement section * Complete visitor-to-cloudflare intro paragraph * Add mermaid digram for connections and reword #2 * Fix Internet capitalization Co-authored-by: hyperlint-ai[bot] <154288675+hyperlint-ai[bot]@users.noreply.github.com> * Rename file, fill in, and link to pqc-support * Fix capitalization and fill in Intenal connections section * Fill in Cf to origin and review titles and headings * Fix missing hyphen and touch up pqc-to-origin description * Add split ClientHello and HRR workaround to pqc-to-origin * Add setup instructions to pqc-to-origin * Apply suggestion from code review Co-authored-by: hyperlint-ai[bot] <154288675+hyperlint-ai[bot]@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Luke Valenta <lvalenta@cloudflare.com> Co-authored-by: Suleman Ahmad <36677672+SulemanAhmadd@users.noreply.github.com> * Replace store by harvest, adjust RFC link cf Style Guide, and split long paragarph * Add reference to PQ signatures and link out to blog * Fix origin server section to use fork and bssl for both cases * Add link to Cloudflare Radar Co-authored-by: Luke Valenta <lvalenta@cloudflare.com> * Text review and move link to Radar higher up in the page * Simplify origin server instructions to use BoringSSL instead of fork Co-authored-by: Suleman Ahmad <36677672+SulemanAhmadd@users.noreply.github.com> * Overall text review and remove previous origin instructions * Apply suggestion from code review Co-authored-by: Jun Lee <junlee@cloudflare.com> --------- Co-authored-by: Peter Wu <peter@lekensteyn.nl> Co-authored-by: hyperlint-ai[bot] <154288675+hyperlint-ai[bot]@users.noreply.github.com> Co-authored-by: Luke Valenta <lvalenta@cloudflare.com> Co-authored-by: Suleman Ahmad <36677672+SulemanAhmadd@users.noreply.github.com> Co-authored-by: Jun Lee <junlee@cloudflare.com>
* [Workers AI] Models update * fix logic * fix deprecation logic #2 * Update changelog for EmbeddingGemma * Update src/content/changelog/workers-ai/2025-09-05-embeddinggemma.mdx Co-authored-by: Anni Wang <54481763+aninibread@users.noreply.github.com> --------- Co-authored-by: kodster28 <kody@cloudflare.com> Co-authored-by: Anni Wang <54481763+aninibread@users.noreply.github.com>
add note #2 hover to REST API limit as well
* [Browser Rendering] Hover notes on limits * Update src/content/docs/browser-rendering/limits.mdx Co-authored-by: marciocloudflare <83226960+marciocloudflare@users.noreply.github.com> * Update src/content/docs/browser-rendering/limits.mdx Co-authored-by: marciocloudflare <83226960+marciocloudflare@users.noreply.github.com> * Update src/content/docs/browser-rendering/limits.mdx Co-authored-by: marciocloudflare <83226960+marciocloudflare@users.noreply.github.com> * Update limits.mdx add note #2 hover to REST API limit as well --------- Co-authored-by: marciocloudflare <83226960+marciocloudflare@users.noreply.github.com> Co-authored-by: Kathy <153706637+kathayl@users.noreply.github.com>
---
pcx_content_type: how-to
title: DLP profiles
sidebar:
order: 3
label: Configure DLP profiles
---
import { Render } from "~/components";
A DLP profile is a collection of regular expressions and [detection entries](/cloudflare-one/data-loss-prevention/detection-entries/) that define the data patterns you want to detect. Cloudflare DLP provides predefined profiles for common detections, or you can build custom DLP profiles specific to your data, organization, and risk tolerance.
## Configure a predefined profile
<Render
file="data-loss-prevention/predefined-profile"
product="cloudflare-one"
/>
You can now use this profile in a [DLP policy](/cloudflare-one/data-loss-prevention/dlp-policies/cloudflare#2-create-a-dlp-policy) or [CASB integration](/cloudflare-one/cloud-and-saas-findings/casb-dlp/).
## Build a custom profile
<Render file="data-loss-prevention/custom-profile" product="cloudflare-one" />
You can now use this profile in a [DLP policy](/cloudflare-one/data-loss-prevention/dlp-policies/cloudflare#2-create-a-dlp-policy) or [CASB integration](/cloudflare-one/cloud-and-saas-findings/casb-dlp/).
- authorization.mdx: remove orphaned <diagram> tag, fix broken anchor (#3 -> #2), fix "oAuth" -> "OAuth", add pcx_content_type, rewrite permission code to use correct MCP tool handler signature, replace MyMCPServer.Router with .serve(), remove unused DirectoryListing import - mcp-client-api.mdx: fix this.env bug in createMcpOAuthProvider (capture env before returning object literal), fix import path for error utils, remove dead code after return, replace OpenAI example with Workers AI - mcp-handler-api.mdx: fix misleading intro (stateless vs stateful, not SSE), fix storage.kv -> storage.get/put, fix {} as ExecutionContext, wrap global McpServer in factory function, fix "accessable" typo - remote-mcp-server.mdx: fix MyMCP.Router -> .serve(), fix Auth0/WorkOS anchors pointing to #stytch, fix https://localhost -> http://localhost, fix broken MCP client link - securing-mcp-server.mdx: fix apiHandlers -> apiRoute + apiHandler - test-remote-mcp-server.mdx: fix https -> http localhost, fix "lets you to test" typo, remove outdated claim about Claude Desktop - tools.mdx: add missing tags, add .js extension to import, remove unused Render import, fix stale repo link - governance.mdx: add pcx_content_type, remove empty import - index.mdx: fix http -> https links for Claude and Cursor - mcp-servers-for-cloudflare.mdx: fix "streamble-http" typo, remove unused Render import, fix link to source code -> docs - transport.mdx: remove unused Render/TabItem/Tabs imports - oauth-mcp-client.mdx: fix extends Agent -> Agent<Env> (5 instances) - connect-mcp-client.mdx: fix extends Agent -> Agent<Env> (3 instances) Co-authored-by: Cursor <cursoragent@cursor.com>
* Migrate Agents docs to Workers AI examples Replace OpenAI-specific examples with Workers AI / AI SDK usage across Agents docs. Examples now use an Env AI binding, createWorkersAI / workers-ai-provider, and streamText/generateText from the ai SDK instead of direct OpenAI clients or API keys. Updated WebSocket/SSE streaming, long-running model examples, and SQL/state persistence to consume this.env.AI.run streams/responses. Updated Wrangler/config mentions to use the ai binding and clarified AI Gateway/model routing guidance. Files changed: browse-the-web.mdx, http-sse.mdx, store-and-sync-state.mdx, using-ai-models.mdx, index.mdx. * formatting * docs: clarify Agent class and add LLM patterns Revise agent-class.mdx to clarify the Agent/Server/DurableObject layering, tighten wording, fix small code snippets (ws.send, storage access, Response usage), standardize PartyKit/Server references, and add a new Layer 3 section describing AIChatAgent. Replace calling-llms.mdx with a complete rewrite that focuses on using LLMs inside stateful Agents: explains state-as-context, surviving disconnections, autonomous model calls, multi-model pipelines, and caching; adds multiple TypeScript examples and Next Steps link cards, and updates the page tag to "AI". * docs: fix MCP docs bugs and inconsistencies - authorization.mdx: remove orphaned <diagram> tag, fix broken anchor (#3 -> #2), fix "oAuth" -> "OAuth", add pcx_content_type, rewrite permission code to use correct MCP tool handler signature, replace MyMCPServer.Router with .serve(), remove unused DirectoryListing import - mcp-client-api.mdx: fix this.env bug in createMcpOAuthProvider (capture env before returning object literal), fix import path for error utils, remove dead code after return, replace OpenAI example with Workers AI - mcp-handler-api.mdx: fix misleading intro (stateless vs stateful, not SSE), fix storage.kv -> storage.get/put, fix {} as ExecutionContext, wrap global McpServer in factory function, fix "accessable" typo - remote-mcp-server.mdx: fix MyMCP.Router -> .serve(), fix Auth0/WorkOS anchors pointing to #stytch, fix https://localhost -> http://localhost, fix broken MCP client link - securing-mcp-server.mdx: fix apiHandlers -> apiRoute + apiHandler - test-remote-mcp-server.mdx: fix https -> http localhost, fix "lets you to test" typo, remove outdated claim about Claude Desktop - tools.mdx: add missing tags, add .js extension to import, remove unused Render import, fix stale repo link - governance.mdx: add pcx_content_type, remove empty import - index.mdx: fix http -> https links for Claude and Cursor - mcp-servers-for-cloudflare.mdx: fix "streamble-http" typo, remove unused Render import, fix link to source code -> docs - transport.mdx: remove unused Render/TabItem/Tabs imports - oauth-mcp-client.mdx: fix extends Agent -> Agent<Env> (5 instances) - connect-mcp-client.mdx: fix extends Agent -> Agent<Env> (3 instances) Co-authored-by: Cursor <cursoragent@cursor.com> * docs: rewrite MCP tools page, fix handler and authorization docs tools.mdx: Full rewrite from 36-line stub to comprehensive reference. Covers tool definitions, results, error handling, descriptions best practices, Zod input validation, and usage with both createMcpHandler and McpAgent. All examples use the factory function pattern. mcp-handler-api.mdx: Add missing State type definition in stateful example, fix onMcpRequest -> onRequest in Worker handler, remove unused Render import. authorization.mdx: Rewrite bottom half to show auth context usage for both McpAgent (this.props) and createMcpHandler (getMcpAuthContext), with proper type definitions. Clarify the two permission approaches (check inside handler vs conditional registration) and when to use each. Co-authored-by: Cursor <cursoragent@cursor.com> --------- Co-authored-by: Cursor <cursoragent@cursor.com>
…fer scenario - Break opening paragraph into scannable bullet list (cloudflare#1) - Lead with action instead of comparison to other registrars (cloudflare#2) - Replace IDN jargon with plain language and example (cloudflare#3) - Lead with actionable advice in Restrictions block (cloudflare#5) - Cross-link 'active on Cloudflare' to full-setup docs (cloudflare#6) - Replace inlined DNSSEC links with dnssec-providers partial (cloudflare#7) - Slim 'Add your domain' section to cross-link full-setup page (cloudflare#8) - Reorder unlock section to put action before context (cloudflare#9) - Restore 45-day grace period scenario with concrete date example and ICANN refund entitlement, matching FAQ content (cloudflare#10)
…shooting (#28780) * [Registrar] Rewrite transfer page and add registration limits troubleshooting Restructure the transfer-domain-to-cloudflare page into two clear phases (add domain to Cloudflare, then transfer registration) instead of the previous flat 10-step list. Inline partials, add DNSSEC/nameserver provider links, explain why each step is needed, and add registration limits content with actionable guidance. Add new troubleshooting section for transfers rejected due to registration period limits (10-year max for most TLDs, 5-year for .co). Clarify vague language throughout: specific WHOIS status explanations, concrete 45-day expiration rule, ICANN contact-change lock details. * [Registrar] Simplify transfer timeline language in opening paragraph * [Registrar] Address PR review feedback and restore grace period transfer scenario - Break opening paragraph into scannable bullet list (#1) - Lead with action instead of comparison to other registrars (#2) - Replace IDN jargon with plain language and example (#3) - Lead with actionable advice in Restrictions block (#5) - Cross-link 'active on Cloudflare' to full-setup docs (#6) - Replace inlined DNSSEC links with dnssec-providers partial (#7) - Slim 'Add your domain' section to cross-link full-setup page (#8) - Reorder unlock section to put action before context (#9) - Restore 45-day grace period scenario with concrete date example and ICANN refund entitlement, matching FAQ content (#10) * [Registrar] Simplify transfer page, move details to troubleshooting - Simplify opening: shorter total time bullet, one-line prereq - Move Restrictions block content to troubleshooting page - Move registration limits and 'domain not available' Details blocks to troubleshooting page as standalone sections with full examples - Add 45-day grace period note in Before you begin with FAQ link - Update TLD page to link to troubleshooting instead of removed anchor - Simplify approve-transfer section for non-technical audience - Convert caution to note for Active status requirement - Make authoritative DNS requirement a bullet in Before you begin - Remove redundant 'Go to Transfer Domains page' text (DashButton CTA) * [Registrar] Restore auth code callout in opening note block
…fer scenario - Break opening paragraph into scannable bullet list (cloudflare#1) - Lead with action instead of comparison to other registrars (cloudflare#2) - Replace IDN jargon with plain language and example (cloudflare#3) - Lead with actionable advice in Restrictions block (cloudflare#5) - Cross-link 'active on Cloudflare' to full-setup docs (cloudflare#6) - Replace inlined DNSSEC links with dnssec-providers partial (cloudflare#7) - Slim 'Add your domain' section to cross-link full-setup page (cloudflare#8) - Reorder unlock section to put action before context (cloudflare#9) - Restore 45-day grace period scenario with concrete date example and ICANN refund entitlement, matching FAQ content (cloudflare#10)
* [Registrar] Rewrite transfer page and add registration limits troubleshooting Restructure the transfer-domain-to-cloudflare page into two clear phases (add domain to Cloudflare, then transfer registration) instead of the previous flat 10-step list. Inline partials, add DNSSEC/nameserver provider links, explain why each step is needed, and add registration limits content with actionable guidance. Add new troubleshooting section for transfers rejected due to registration period limits (10-year max for most TLDs, 5-year for .co). Clarify vague language throughout: specific WHOIS status explanations, concrete 45-day expiration rule, ICANN contact-change lock details. * [Registrar] Simplify transfer timeline language in opening paragraph * [Registrar] Address PR review feedback and restore grace period transfer scenario - Break opening paragraph into scannable bullet list (#1) - Lead with action instead of comparison to other registrars (#2) - Replace IDN jargon with plain language and example (#3) - Lead with actionable advice in Restrictions block (#5) - Cross-link 'active on Cloudflare' to full-setup docs (#6) - Replace inlined DNSSEC links with dnssec-providers partial (#7) - Slim 'Add your domain' section to cross-link full-setup page (#8) - Reorder unlock section to put action before context (#9) - Restore 45-day grace period scenario with concrete date example and ICANN refund entitlement, matching FAQ content (#10) * [Registrar] Simplify transfer page, move details to troubleshooting - Simplify opening: shorter total time bullet, one-line prereq - Move Restrictions block content to troubleshooting page - Move registration limits and 'domain not available' Details blocks to troubleshooting page as standalone sections with full examples - Add 45-day grace period note in Before you begin with FAQ link - Update TLD page to link to troubleshooting instead of removed anchor - Simplify approve-transfer section for non-technical audience - Convert caution to note for Active status requirement - Make authoritative DNS requirement a bullet in Before you begin - Remove redundant 'Go to Transfer Domains page' text (DashButton CTA) * [Registrar] Restore auth code callout in opening note block * [Registrar] Address review feedback on auth codes, GoDaddy proxy, and ccTLD transfer pricing * [Registrar] Replace unverified GoDaddy domain forwarding claim with accurate transfer guidance * [Registrar] Simplify 45-day transfer registration language and move detail to FAQ * [Registrar] Address review feedback: restore notes and add email verification section
Fix broken hash/anchor links identified by the anchor-link-audit workflow run #23511339007. Changes include: Workers: - Fix #response self-links in response.mdx (remove dead anchors) - Fix wrangler commands links after split into sub-pages - Fix pricing anchor (#example-pricing-standard-usage-model -> #example-pricing) - Fix containers instance types link path - Fix workers-logs pricing anchor (#example-pricing -> #examples) - Fix static assets RPC link path - Fix run_worker_first anchor to correct page - Fix redirects limits anchor (#redirects -> #static-assets) - Fix versions-and-deployments command anchors - Fix compatibility flags anchor for nodejs_compat_populate_process_env - Fix preview URLs anchor - Fix CI/CD git integration anchors (removing-access, reinstall) - Fix worker-limits anchor (#worker-limits -> #memory) R2: - Fix get-started anchor (page restructured into sub-pages) - Fix request limits anchor (#request-limits -> #request-and-response-limits) Billing: - Fix overdue balance anchors (#pay-an-overdue-balance -> #pay-an-outstanding-balance) - Fix sales tax exemption trailing slash in anchor Containers: - Fix platform-details links (content moved to sub-pages) - Fix FAQ locations link - Fix environment variables link AI Gateway: - Fix create-gateway anchor (moved to manage-gateway page) - Fix auto-log-cleanup anchor (#auto-log-cleanup -> #automatic-log-deletion) - Fix semantic caching anchor (heading does not exist) Queues: - Fix create-a-queue anchor (#3 -> #2) Fundamentals: - Fix 2FA enable anchor (not a real heading) Images: - Fix R2 get-started anchor
While attempting to integrate our backend with Cloudflare Stream, I was consistently receiving the following error when supplying the
"X-Auth-Key: ${API-KEY}"header as the docs indicate:However, when supplying the same
API_KEYas anAuthorization: Bearer ${API_KEY}header, I'm able to get a successful request.This PR updates the docs to reflect this.