Permissions for API Token to Edit Split Tunnel entries

Hi, I want to exclude some IP's from my WARP Zero Trust as per this: https://developers.cloudflare.com/api/operations/devices-set-split-tunnel-exclude-list-for-a-device-settings-policy
I can successfully do that when using the Global API Key.
But i want to use a custom API Token. What permissions should i create the API token with?

Interact with Cloudflare's products and services via the Cloudflare API

KiritoPOP•3/19/24, 1:26 AM

NVM. It worked when specifying via

Authorization: Bearer xxxxxx

Authorization: Bearer xxxxxx

with Account -> Zero Trust Edit permission.
I was previously trying to use X-Auth-Key and X-Auth-Email