Merge pull request #9 from rfuehrer/feature/api-token

Use of individual API keys/tokens

Author: mrikirill

README.md

@@ -27,8 +27,20 @@ Before starting the installation process, make sure you have (and know) the foll
 
 	 a. Know your Cloudflare account username (or [register for an account if you're new to Cloudflare](https://dash.cloudflare.com/sign-up)); and
 	 
-	 b. Have your [Global API key](https://dash.cloudflare.com/profile/api-tokens) (More info: [Global API keys](https://support.cloudflare.com/hc/en-us/articles/200167836-Managing-API-Tokens-and-Keys)).
+	 b. Have your [API key](https://dash.cloudflare.com/profile/api-tokens) - no need to use your Global API key! (More info: [API keys](https://support.cloudflare.com/hc/en-us/articles/200167836-Managing-API-Tokens-and-Keys)).
+
+	![image](example4.png)
+
+	 c. Create a API key with following (3) permissions:
 	 
+	 **Zone** > **Zone.Settings** > **Read**  
+	 **Zone** > **Zone** > **Read**  
+	 **Zone** > **DNS** > **Edit**  
+
+	 The affected zone ressouces have to be (at least):
+
+	**Include** > **All zones from an account** > `<domain>`  
+
  2. *DNS settings:*
 
 	Ensure the DNS A record(s) for the domain/zone(s) you wish to update with this script have been created (More information: [Managing DNS records](https://support.cloudflare.com/hc/en-us/articles/360019093151-Managing-DNS-records-in-Cloudflare)).
@@ -91,8 +103,8 @@ Before starting the installation process, make sure you have (and know) the foll
  For a single domain: __mydomain.com__
 For multiple domains: __subdomain.mydomain.com---vpn.mydomain.com__
 	(ensure each domain is seperated by three dashes: ---)
-	* Username: The email address you use for logging in to Cloudflare.
-	* Password: Your Cloudflare Global API Key
+	* Username: The email address you use for logging in to Cloudflare (optional since the API key is sufficient)
+	* Password: Your created Cloudflare API Key
 
 	![image](example3.png)
 
@@ -136,4 +148,5 @@ Source [Identifying network ports compatible with Cloudflare's proxy](https://su
 
 ## Credits
 
-<small><i><a href='http://ecotrust-canada.github.io/markdown-toc/'>Table of contents generated with markdown-toc</a></i></small>
+<small><i><a href='http://ecotrust-canada.github.io/markdown-toc/'>Table of contents generated with markdown-toc</a></i></small>  
+<small><i><a href='https://www.youtube.com/watch?v=Nf7m3h11y-s'>DB Tech - creating API keys and using Cloudflare CNAME for single updates</a></i></small>

cloudflare.php

@@ -12,7 +12,7 @@
 /**
  * DDNS auto updater for Synology NAS
  * Base on Cloudflare API v4
- * Supports multidomains and sundomains 
+ * Supports multidomains and sundomains
  */
 class updateCFDDNS
 {
@@ -22,10 +22,9 @@ class updateCFDDNS
     function __construct($argv)
     {
         if (count($argv) != 5) {
-            $this->badParam();
+            $this->badParam('wrong parameter count');
         }
 
-        $this->account = (string) $argv[1];
         $this->apiKey = (string) $argv[2]; // CF Global API Key
         $hostname = (string) $argv[3]; // example: example.com.uk---sundomain.example1.com---example2.com
         $this->ip = (string) $argv[4];
@@ -37,7 +36,7 @@ function __construct($argv)
             $this->badParam('empty host list');
         }
 
-        foreach ($arHost as $value) {          
+        foreach ($arHost as $value) {
             $this->hostList[$value] = [
                 'hostname' => '',
                 'fullname' => $value,
@@ -52,14 +51,14 @@ function __construct($argv)
             $this->setRecord($arHost['fullname'], $arHost['zoneId']);
         }
     }
-    
+
     /**
      * Update CF DNS records 
      */
     function makeUpdateDNS()
     {
         if(empty($this->hostList)) {
-            $this->badParam();
+            $this->badParam('empty host list');
         }
 
         foreach ($this->hostList as $arHost) {
@@ -93,7 +92,7 @@ function validateIpV4($ip)
         }
         return true;
     }
- 
+
     /**
      * Set ZoneID for each hosts
      */
@@ -163,7 +162,7 @@ function setRecord($fullname, $zoneId)
     function callCFapi($method, $path, $data = []) {
         $options = [
             CURLOPT_URL => self::API_URL . '/' . $path,
-            CURLOPT_HTTPHEADER => ["X-Auth-Email: $this->account", "X-Auth-Key: $this->apiKey", "Content-Type: application/json"],
+            CURLOPT_HTTPHEADER => ["Authorization: Bearer $this->apiKey", "Content-Type: application/json"],
             CURLOPT_RETURNTRANSFER => true,
             CURLOPT_HEADER => false,
             CURLOPT_VERBOSE => false,
@@ -176,7 +175,7 @@ function callCFapi($method, $path, $data = []) {
         switch($method) {
             case "GET":
                 $options[CURLOPT_HTTPGET] = true;
-            break;    
+            break;
 
             case "POST":
                 $options[CURLOPT_POST] = true;