Origin CA keys are often used as the value of headerX-AUTH-USER-SERVICE-KEY when interacting withOrigin CA certificates API. It is also used byKeyless SSL key server.
You can also interact with theOrigin CA certificates API using anAPI token withPermissions that includeZone-SSL and Certificates-Edit.
The key value always starts withv1.0-.
- Changing the Origin CA key is not recorded byAudit Logs.
- Each time you view the Origin CA key, it will be presented as a different value. All these different values aresimultaneously valid until you click the
Changebutton, which immediately invalidates all previously generated values. - Origin CA keys have access to every account the user has access to.
To retrieve your Origin CA keys:
- Log in to theCloudflare dashboard ↗.
- Go toUser Profile >API Tokens.
- In theAPI Keys section, select
Origin CA Key.
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark
