the FASTLY_API_TOKEN worker secret is currently a personal API token (global scope, expires 2026-08-05) tied to matt's Fastly account. this was set as an immediate fix — the previous token (set by rabble in january) was returning 401 and silently breaking all D1→Fastly KV sync.
we need a Fastly automation token to replace it. automation tokens aren't tied to a user account, so they survive personnel changes. only Fastly superusers can create them.
requirements:
- scope: global (KV store writes require it)
- access: all services (KV API is account-level)
- no expiration (or long-lived)
- once created, update the worker secret:
npx wrangler secret put FASTLY_API_TOKEN
context:
- the token is used by the hourly cron reconciliation and the admin backfill endpoint to sync D1 usernames to the
divine-names Fastly KV store
- also discovered an unused Fastly Compute service
divine-name-sync (keqSxRML0NxLxA6jChGqIz) that rabble set up Dec 28 as a webhook-based sync approach — zero traffic, never wired up. worth deciding whether to decommission it or finish wiring it up as the preferred sync path.
the
FASTLY_API_TOKENworker secret is currently a personal API token (global scope, expires 2026-08-05) tied to matt's Fastly account. this was set as an immediate fix — the previous token (set by rabble in january) was returning 401 and silently breaking all D1→Fastly KV sync.we need a Fastly automation token to replace it. automation tokens aren't tied to a user account, so they survive personnel changes. only Fastly superusers can create them.
requirements:
npx wrangler secret put FASTLY_API_TOKENcontext:
divine-namesFastly KV storedivine-name-sync(keqSxRML0NxLxA6jChGqIz) that rabble set up Dec 28 as a webhook-based sync approach — zero traffic, never wired up. worth deciding whether to decommission it or finish wiring it up as the preferred sync path.