Cloudflare is introducing scannable API tokens, enhanced OAuth visibility, and GA for resource-scoped permissions. These tools help developers implement a true least-privilege architecture while protecting against credential leakage.

Cloudflare's platform is a leading provider of internet security and performance solutions, offering insights into web security, content delivery, and DNS management. Through documentation, blog posts, and webinars, Cloudflare provides insights into protecting websites and applications from cyber threats and improving performance. Developers and IT professionals can learn about CDN (Content Delivery Network), DDoS mitigation, and firewall configurations to secure and accelerate web traffic.

Cloudflare

Cloudflare is rolling out three security improvements targeting non-human identities like API tokens, agents, and third-party integrations. First, new scannable API token formats with a 'cf' prefix and checksum enable credential scanners (including GitHub's Secret Scanning program) to automatically detect and revoke leaked tokens. Second, an OAuth Connected Applications dashboard gives users visibility into which third-party apps have access to their accounts and lets them revoke access. Third, resource-scoped RBAC permissions are now generally available, allowing fine-grained least-privilege policies scoped to specific resources like Access Applications or Gateway policies rather than entire accounts. New roles have also been added at both account and zone levels.

Securing non-human identities: automated revocation, OAuth, and scoped permissions

Understanding identity: Principals, Credentials, and Policies

Fine-grained resource-level permissioning