diff --git a/src/ApiEndpoints/CloudFlareAPI.php b/src/ApiEndpoints/CloudFlareAPI.php index da7b44a..809c898 100644 --- a/src/ApiEndpoints/CloudFlareAPI.php +++ b/src/ApiEndpoints/CloudFlareAPI.php @@ -47,11 +47,13 @@ abstract class CloudFlareAPI { const REQUEST_ALL_PAGES = -1; const API_ENDPOINT_BASE = 'https://api.cloudflare.com/client/v4/'; - // The length of the Api key. + // The length of the Global Api key. // The Api will throw a non-descriptive http code: 400 exception if the key // length is greater than 37. If the key is invalid but the expected length // the Api will return a more informative http code of 403. - const API_KEY_LENGTH = 37; + const GLOBAL_API_KEY_LENGTH = 37; + // The length of the Api key. + const API_KEY_LENGTH = 40; // The CloudFlare API sets a maximum of 1,200 requests in a 5-minute period. const API_RATE_LIMIT = 1200; @@ -93,10 +95,15 @@ public function __construct($apikey, $email, MockHandler $mock_handler = NULL) { $this->apikey = $apikey; $this->email = $email; $headers = [ - 'X-Auth-Key' => $apikey, - 'X-Auth-Email' => $email, 'Content-Type' => 'application/json', ]; + if (strlen($apikey) === self::API_KEY_LENGTH) { + $headers['Authorization'] = 'Bearer ' . $apikey; + } + else { + $headers['X-Auth-Key'] = $apikey; + $headers['X-Auth-Email'] = $email; + } $client_params = [ 'base_uri' => self::API_ENDPOINT_BASE, @@ -141,7 +148,8 @@ protected function makeRequest($request_type, $api_end_point, $request_params = } // This check seems superfluous. However, the Api only returns a http 400 // code. This proactive check gives us more information. - $is_api_key_valid = strlen($this->apikey) == CloudFlareAPI::API_KEY_LENGTH; + $api_key_length = strlen($this->apikey); + $is_api_key_valid = $api_key_length == self::API_KEY_LENGTH || $api_key_length == self::GLOBAL_API_KEY_LENGTH; $is_api_key_alpha_numeric = ctype_alnum($this->apikey); $is_api_key_lower_case = !(preg_match('/[A-Z]/', $this->apikey)); @@ -153,7 +161,7 @@ protected function makeRequest($request_type, $api_end_point, $request_params = throw new CloudFlareInvalidCredentialException('Invalid Api Key: Key can only contain alphanumeric characters.', 403); } - if (!$is_api_key_lower_case) { + if ($api_key_length == self::GLOBAL_API_KEY_LENGTH && !$is_api_key_lower_case) { throw new CloudFlareInvalidCredentialException('Invalid Api Key: Key can only contain lowercase or numerical characters.', 403); }