UserApiToken

Source: src/Cloudflare/ApiToken/UserApiToken.ts

A Cloudflare user-owned API token (POST /user/tokens).

User-owned tokens are tied to the authenticated user’s identity. They can be created by any authenticated user (including OAuth-derived sessions from alchemy login) without needing the account-level API Tokens > Write permission, but they are also revoked if the user leaves the account.

For CI tokens, prefer {@link AccountApiToken} so the token survives personnel changes.

Policy resources are passed through verbatim — no accountId rewriting is performed because user tokens aren’t bound to a single account.

Creating a Token

const token = yield* Cloudflare.UserApiToken("personal-token", {
  name: "my-personal-token",
  policies: [
    {
      effect: "allow",
      permissionGroups: ["Workers Scripts Read"],
      resources: { [`com.cloudflare.api.account.${accountId}`]: "*" },
    },
  ],
});