Invalid API key or token

[thinkaliker]

I'm getting a 401 "Invalid API key or token" error from the worker logs. I've performed the curl manually and was able to reproduce the issue (since the Unifi console only runs the command once every 10 minutes). I also performed the token check when I made the token, and that one passed successfully. I'm not sure what I'm doing wrong.

Log output

Curl command

Here's my configuration:
API token configuration

Unifi Console configuration

[qqoicq]

I also encountered this issue. I’m using version 9.0.108.

[burgonyapure]

I have the same error, version 9.0.108.
Edit: RTFM
Create USER API TOKEN not Acoount token
https://developers.cloudflare.com/fundamentals/api/get-started/create-token/

[willswire]

@thinkaliker and @qqoicq, can you confirm you're using a User API token and not an Account API token?

[thinkaliker]

@willswire Yes, I thought made the token using https://dash.cloudflare.com/profile/api-tokens, which is the only place I could find to make an API key. But because I'm not sure, I've gone ahead and remade a new fresh key, and now it is complaining about the API key containing an underscore.

Error updating DNS record: InvalidCharacterError: atob() called with invalid base64-encoded data. (Only whitespace, '+', '/', alphanumeric ASCII, and up to two terminal '=' signs when the input data length is divisible by 4 are allowed.)

I'm not sure why remaking the key would have fixed the initial issue, but I'll take a different error over that one. That being said, I do have TWO keys now - I believe one User API key for the actual worker deployment, and one User API key for JUST the DNS entry. If you click deploy with Wrangler it'll prompt you to go make an API key, so I think maybe some guidance to not confuse the two keys would be good?

[gh0sti]

I just tried setting this up from scratch and I get a missing API key when I copy/paste it into the worker as described in the step-by-step.

[chucklebrother]

Apologies in advance if you have already verified what I am going to cover here, I’m approaching this from my perspective of ben new to CF workers, and only having passing familiarity with CF's API

That the curl command is failing might indicate the issue is outside of the worker, after all if you cant make the API call manually the worker is unlikely to succeed either.

Given what you are reporting it seems like both you and the worker are successfully making an API call to update a DNS record but in both cases CF is failing to authorise the action because of the API token presented and the API endpoint is returning .

I wonder have you checked you are not using the API token you generated for the GH actin that deploy's the worker?

You should have two (2) API tokens created for two different purposes:

• One for use to deploy and manage the worker.
• The other that you use in your unifi configuration as secret that gets passed to the worker, that it uses to authenticate to the API endpoint and make the change.

If you have only created the token used to deploy/manage the worker, or have created a token that has DNS edit permissions but have muddled up the API tokens and are inadvertently using the worker deploy token that could explain your issue.

[jhanshew]

Getting same result reported by @thinkaliker, above. Verified creation and use of User API Token. This is a new Unifi setup running lastest OS (4.1.13).

Error updating DNS record: InvalidCharacterError: atob() called with invalid base64-encoded data. (Only whitespace, '+', '/', alphanumeric ASCII, and up to two terminal '=' signs when the input data length is divisible by 4 are allowed.)