Cloudflare
  1. Zero Trust Gateway Rules
Cloudflare
  • API Shield Endpoint Management
    • Retrieve API Discovery results for a zone
      GET
    • Retrieve information about all operations on a zone
      GET
    • Add operations to a zone
      POST
    • Delete an operation
      DELETE
    • Retrieve information about an operation
      GET
    • Retrieve operations and features as OpenAPI schemas
      GET
  • API Shield Settings
    • Retrieve information about specific configuration properties
      GET
    • Set configuration properties
      PUT
  • ASN Intelligence
    • Get ASN Overview
      GET
    • Get ASN Subnets
      GET
  • Access Bookmark applications (Deprecated)
    • List Bookmark applications
      GET
    • Delete a Bookmark application
      DELETE
    • Get a Bookmark application
      GET
    • Create a Bookmark application
      POST
    • Update a Bookmark application
      PUT
  • Access applications
    • List Access applications
      GET
    • Add a Bookmark application
      POST
    • Delete an Access application
      DELETE
    • Get an Access application
      GET
    • Update a Bookmark application
      PUT
    • Revoke service tokens
      POST
    • Test Access policies
      GET
  • Access authentication logs
    • Get Access authentication logs
  • Access groups
    • List Access groups
    • Create an Access group
    • Delete an Access group
    • Get an Access group
    • Update an Access group
  • Access identity providers
    • List Access identity providers
    • Add an Access identity provider
    • Delete an Access identity provider
    • Get an Access identity provider
    • Update an Access identity provider
  • Access key configuration
    • Get the Access key configuration
    • Update the Access key configuration
    • Rotate Access keys
  • Access mTLS authentication
    • List mTLS certificates
    • Add an mTLS certificate
    • Delete an mTLS certificate
    • Get an mTLS certificate
    • Update an mTLS certificate
  • Access policies
    • Delete an Access policy
    • Get an Access policy
    • Update an Access policy
    • List Access policies
    • Create an Access policy
  • Access service tokens
    • List service tokens
    • Create a service token
    • Delete a service token
    • Update a service token
    • Refresh a service token
    • Rotate a service token
  • Access short-lived certificate CAs
    • List short-lived certificate CAs
    • Delete a short-lived certificate CA
    • Get a short-lived certificate CA
    • Create a short-lived certificate CA
  • Account Billing Profile
    • Billing Profile Details
  • Account Load Balancer Monitors
    • List Monitors
    • Create Monitor
    • Delete Monitor
    • Monitor Details
    • Patch Monitor
    • Update Monitor
    • Preview Monitor
    • List Monitor References
    • Preview Result
  • Account Load Balancer Pools
    • List Pools
    • Patch Pools
    • Create Pool
    • Delete Pool
    • Pool Details
    • Patch Pool
    • Update Pool
    • Pool Health Details
    • Preview Pool
    • List Pool References
  • Account Load Balancer Search
    • Search Resources
  • Account Members
    • List Members
    • Add Member
    • Remove Member
    • Member Details
    • Update Member
  • Account Railguns
    • List Railguns
    • Create Railgun
    • Delete a Railgun
    • Railgun details
    • Update Railgun
  • Account Roles
    • List Roles
    • Role Details
  • Account Rulesets
    • List account rulesets
    • Create an account ruleset
    • Get an account entry point ruleset
    • Update an account entry point ruleset
    • List an account entry point ruleset's versions
    • Get an account entry point ruleset version
    • Delete an account ruleset
    • Get an account ruleset
    • Update an account ruleset
    • Create an account ruleset rule
    • Delete an account ruleset rule
    • Update an account ruleset rule
    • List an account ruleset's versions
    • Delete an account ruleset version
    • Get an account ruleset version
    • List an account ruleset version's rules by tag
  • Account Subscriptions
    • List Subscriptions
    • Create Subscription
    • Delete Subscription
    • Update Subscription
  • Account-Level Custom Nameservers
    • List Account Custom Nameservers
    • Add Account Custom Nameserver
    • Get Eligible Zones for Account Custom Nameservers
    • Verify Account Custom Nameserver Glue Records
    • Delete Account Custom Nameserver
  • Account-Level Custom Nameservers Usage for a Zone
    • Get Account Custom Nameserver Related Zone Metadata
    • Set Account Custom Nameserver Related Zone Metadata
  • Accounts
    • List Accounts
    • Account Details
    • Update Account
  • Analyze Certificate
    • Analyze Certificate
  • Argo Analytics for Geolocation
    • Argo Analytics for a zone at different PoPs
  • Argo Analytics for Zone
    • Argo Analytics for a zone
  • Argo Smart Routing
    • Get Argo Smart Routing setting
    • Patch Argo Smart Routing setting
  • Argo Tunnel
    • List Argo Tunnels
    • Create an Argo Tunnel
    • Delete an Argo Tunnel
    • Get an Argo Tunnel
    • Clean up Argo Tunnel connections
  • Audit Logs
    • Get account audit logs
    • Get organization audit logs
    • Get user audit logs
  • Available Page Rules settings
    • List available Page Rules settings
  • Cache Rules
    • List Cache Rules
    • Update Cache Rules
  • Certificate Packs
    • List Certificate Packs
    • Order Certificate Pack
    • Order Advanced Certificate Manager Certificate Pack
    • Get Certificate Pack Quotas
    • Delete Advanced Certificate Manager Certificate Pack
    • Get Certificate Pack
    • Restart Validation for Advanced Certificate Manager Certificate Pack
  • Client
    • Rerun the Activation Check
  • Cloudflare IPs
    • Cloudflare IP Details
  • Cloudflare Images
    • List images
    • Upload an image via URL
    • Images usage statistics
    • Delete image
    • Image details
    • Update image
    • Base image
    • Create authenticated direct upload URL V2
  • Cloudflare Images Keys
    • List Signing Keys
  • Cloudflare Images Variants
    • List variants
    • Create a variant
    • Delete a variant
    • Variant details
    • Update a variant
  • Cloudflare Tunnel
    • List Cloudflare Tunnels
    • Create a Cloudflare Tunnel
    • Delete a Cloudflare Tunnel
    • Get a Cloudflare Tunnel
    • Update a Cloudflare Tunnel
    • Clean up Cloudflare Tunnel connections
    • List Cloudflare Tunnel connections
    • Get a Cloudflare Tunnel token
  • Cloudflare Tunnel configuration
    • Get configuration
    • Put configuration
  • Config Rules
    • List Config Rules
    • Update Config Rules
  • Custom Error Responses
    • Get Custom Error Responses
    • Update Custom Error Responses
  • Custom Hostname Fallback Origin for a Zone
    • Delete Fallback Origin for Custom Hostnames
    • Get Fallback Origin for Custom Hostnames
    • Update Fallback Origin for Custom Hostnames
  • Custom Hostname for a Zone
    • List Custom Hostnames
    • Create Custom Hostname
    • Delete Custom Hostname (and any issued SSL certificates)
    • Custom Hostname Details
    • Edit Custom Hostname
  • Custom SSL for a Zone
    • List SSL Configurations
    • Create SSL Configuration
    • Re-prioritize SSL Certificates
    • Delete SSL Configuration
    • SSL Configuration Details
    • Edit SSL Configuration
  • Custom pages for a zone
    • List custom pages
    • Get a custom page
    • Update a custom page
  • Custom pages for an account
    • List custom pages
    • Get a custom page
    • Update a custom page
  • DLP Pattern Validation
    • Validate pattern
  • DLP Profiles
    • List all profiles
    • Create custom profiles
    • Delete custom profile
    • Get custom profile
    • Update custom profile
    • Get predefined profile
    • Update predefined profile
    • Get DLP Profile
  • DNS Analytics
    • Table
    • By Time
  • DNS Firewall
    • List DNS Firewall Clusters
    • Create DNS Firewall Cluster
    • Delete DNS Firewall Cluster
    • DNS Firewall Cluster Details
    • Update DNS Firewall Cluster
  • DNS Firewall (Legacy)
    • List DNS Firewall Clusters
    • Create DNS Firewall Cluster
    • Delete DNS Firewall Cluster
    • DNS Firewall Cluster Details
    • Update DNS Firewall Cluster
  • DNS Firewall Analytics
    • Table
    • By Time
  • DNS Firewall Analytics (Legacy)
    • Table
    • By Time
  • DNS Records for a Zone
    • List DNS Records
    • Create DNS Record
    • Export DNS Records
    • Import DNS Records
    • Scan DNS Records
    • Delete DNS Record
    • DNS Record Details
    • Patch DNS Record
    • Update DNS Record
  • DNSSEC
    • Delete DNSSEC records
    • DNSSEC Details
    • Edit DNSSEC Status
  • Device Managed Networks
    • List Device Managed Networks
    • Create Device Managed Network
    • Delete Device Managed Network
    • Device Managed Network Details
    • Update Device Managed Network
  • Device Posture Integrations
    • List Device Posture Integrations
    • Create Device Posture Integration
    • Delete Device Posture Integration
    • Device Posture Integration Details
    • Update Device Posture Integration
  • Device Posture Rules
    • List Device Posture Rules
    • Create Device Posture Rule
    • Delete Device Posture Rule
    • Device Posture Rules Details
    • Update Device Posture Rule
  • Devices
    • List Devices
    • List Device Settings Policies
    • Get Default Device Settings Policy
    • Update Default Device Settings Policy
    • Create Device Settings Policy
    • Get Split Tunnel Exclude List
    • Set Split Tunnel Exclude List
    • Get Local Domain Fallback List
    • Set Local Domain Fallback List
    • Get Split Tunnel Include List
    • Set Split Tunnel Include List
    • Delete Device Settings Policy
    • Get Device Settings Policy by ID
    • Update Device Settings Policy
    • Get Split Tunnel Exclude List for a Device Settings Policy
    • Set Split Tunnel Exclude List for a Device Settings Policy
    • Get Local Domain Fallback List for a Device Settings Policy
    • Set Local Domain Fallback List for a Device Settings Policy
    • Get Split Tunnel Include List for a Device Settings Policy
    • Set Split Tunnel Include List for a Device Settings Policy
    • Revoke Devices
    • Unrevoke Devices
    • Device Details
    • List Admin Override code for device
  • Diagnostics
    • Traceroute
  • Domain History
    • Get Domain History
  • Domain Intelligence
    • Get Domain Details
    • Get Multiple Domain Details
  • Durable Objects Namespace
    • List Namespaces
    • List Objects
  • Email Routing destination addresses
    • List destination addresses
    • Create a destination address
    • Delete destination address
    • Get a destination address
  • Email Routing routing rules
    • List routing rules
    • Create routing rule
    • Get catch-all rule
    • Update catch-all rule
    • Delete routing rule
    • Get routing rule
    • Update routing rule
  • Email Routing settings
    • Get Email Routing settings
    • Disable Email Routing
    • Email Routing - DNS settings
    • Enable Email Routing
  • Filters
    • Delete filters
    • List filters
    • Create filters
    • Update filters
    • Delete a filter
    • Get a filter
    • Update a filter
  • Firewall rules
    • Delete firewall rules
    • List firewall rules
    • Update priority of firewall rules
    • Create firewall rules
    • Update firewall rules
    • Delete a firewall rule
    • Get a firewall rule
    • Update priority of a firewall rule
    • Update a firewall rule
  • Health Checks
    • List Health Checks
    • Create Health Check
    • Create Preview Health Check
    • Delete Preview Health Check
    • Health Check Preview Details
    • Delete Health Check
    • Health Check Details
    • Patch Health Check
    • Update Health Check
  • IP Access rules for a user
    • List IP Access rules
    • Create an IP Access rule
    • Delete an IP Access rule
    • Update an IP Access rule
  • IP Access rules for a zone
    • List IP Access rules
    • Create an IP Access rule
    • Delete an IP Access rule
    • Update an IP Access rule
  • IP Access rules for an account
    • List IP Access rules
    • Create an IP Access rule
    • Delete an IP Access rule
    • Get an IP Access rule
    • Update an IP Access rule
  • IP Address Management Address Maps
    • Remove an account membership from an Address Map
    • Add an account membership to an Address Map
    • List Address Maps
    • Create Address Map
    • Delete Address Map
    • Address Map Details
    • Update Address Map
    • Remove an IP from an Address Map
    • Add an IP to an Address Map
    • Remove a zone membership from an Address Map
    • Add a zone membership to an Address Map
  • IP Address Management Dynamic Advertisement
    • Get Advertisement Status
    • Update Prefix Dynamic Advertisement Status
  • IP Address Management Prefix Delegation
    • List Prefix Delegations
    • Create Prefix Delegation
    • Delete Prefix Delegation
  • IP Address Management Prefixes
    • Upload LOA Document
    • Download LOA Document
    • List Prefixes
    • Add Prefix
    • Delete Prefix
    • Prefix Details
    • Update Prefix Description
  • IP Intelligence
    • Get IP Overview
  • IP List
    • Get IP Lists
  • Keyless SSL for a Zone
    • List Keyless SSL Configurations
    • Create Keyless SSL Configuration
    • Delete Keyless SSL Configuration
    • Get Keyless SSL Configuration
    • Edit Keyless SSL Configuration
  • Lists
    • Get lists
    • Create a list
    • Get bulk operation status
    • Delete a list
    • Get a list
    • Update a list
    • Delete list items
    • Get list items
    • Create list items
    • Update all list items
    • Get a list item
  • Load Balancer Healthcheck Events
    • List Healthcheck Events
  • Load Balancer Monitors
    • List Monitors
    • Create Monitor
    • Delete Monitor
    • Monitor Details
    • Patch Monitor
    • Update Monitor
    • Preview Monitor
    • List Monitor References
    • Preview Result
  • Load Balancer Pools
    • List Pools
    • Patch Pools
    • Create Pool
    • Delete Pool
    • Pool Details
    • Patch Pool
    • Update Pool
    • Pool Health Details
    • Preview Pool
    • List Pool References
  • Load Balancer Regions
    • List Regions
    • Get Region
  • Load Balancers
    • Delete Load Balancer
    • Load Balancer Details
    • Patch Load Balancer
    • Update Load Balancer
    • List Load Balancers
    • Create Load Balancer
  • Logpush Jobs
    • List fields
    • List Logpush jobs for a dataset
    • List Logpush jobs
    • Create Logpush job
    • Delete Logpush job
    • Get Logpush job details
    • Update Logpush job
    • Get ownership challenge
    • Validate ownership challenge
    • Check destination exists
    • Validate origin
  • Logs Received
    • Get log retention flag
    • Update log retention flag
    • Get logs RayIDs
    • Get logs received
    • List fields
  • Magic GRE tunnels
    • List GRE tunnels
    • Create GRE tunnels
    • Update multiple GRE tunnels
    • Delete GRE Tunnel
    • List GRE Tunnel Details
    • Update GRE Tunnel
  • Magic IPsec tunnels
    • List IPsec tunnels
    • Create IPsec tunnels
    • Update multiple IPsec tunnels
    • Delete IPsec Tunnel
    • List IPsec tunnel details
    • Update IPsec Tunnel
    • Generate Pre Shared Key (PSK) for IPsec tunnels
  • Magic Interconnects
    • List interconnects
    • Update multiple interconnects
    • List interconnect Details
    • Update interconnect
  • Magic Network Monitoring Configuration
    • Delete account configuration
    • List account configuration
    • Update account configuration fields
    • Create account configuration
    • Update an entire account configuration
    • List rules and account configuration
  • Magic Network Monitoring Rules
    • List rules
    • Create rules
    • Update rules
    • Delete rule
    • Get rule
    • Update rule
    • Update advertisement for rule
  • Magic PCAP collection
    • List packet capture requests
    • Create PCAP request
    • List PCAPs Bucket Ownership
    • Add buckets for full packet captures
    • Validate buckets for full packet captures
    • Delete buckets for full packet captures
    • Get PCAP request
    • Download Simple PCAP
  • Magic Static Routes
    • List Routes
    • Create Routes
    • Update Many Routes
    • Delete Route
    • Route Details
    • Update Route
  • Managed Transforms
    • List Managed Transforms
    • Update status of Managed Transforms
  • Miscategorization
    • Create Miscategorization
  • Notification Alert Types
    • Get Alert Types
  • Notification History
    • List History
  • Notification Mechanism Eligibility
    • Get delivery mechanism eligibility
  • Notification destinations with PagerDuty
    • List PagerDuty services
  • Notification policies
    • List Notification policies
    • Create a Notification policy
    • Delete a Notification policy
    • Get a Notification policy
    • Update a Notification policy
  • Notification webhooks
    • List webhooks
    • Create a webhook
    • Delete a webhook
    • Get a webhook
    • Update a webhook
  • Organization Invites
    • List Invitations
    • Create Invitation
    • Cancel Invitation
    • Invitation Details
    • Edit Invitation Roles
  • Organization Members
    • List Members
    • Remove Member
    • Member Details
    • Edit Member Roles
  • Organization Railgun
    • List Railguns
    • Create Railgun
    • Delete Railgun
    • Railgun details
    • Enable or disable a Railgun
    • Get Railgun zones
  • Organization Roles
    • List Roles
    • Role Details
  • Organizations (Deprecated)
    • Organization Details
    • Edit Organization
  • Origin CA
    • List Certificates
    • Create Certificate
    • Revoke Certificate
    • Get Certificate
  • Origin Rules
    • List Origin Rules
    • Update Origin Rules
  • Page Rules
    • List Page Rules
    • Create a Page Rule
    • Delete a Page Rule
    • Get a Page Rule
    • Edit a Page Rule
    • Update a Page Rule
  • Page Shield
    • Get Page Shield settings
    • Update Page Shield settings
    • List Page Shield connections
    • Get a Page Shield connection
    • List Page Shield scripts
    • Get a Page Shield script
  • Pages Deployment
    • Get deployments
    • Create deployment
    • Delete deployment
    • Get deployment info
    • Get deployment logs
    • Retry deployment
    • Rollback deployment
  • Pages Domains
    • Get domains
    • Add domain
    • Delete domain
    • Get domain
    • Patch domain
  • Pages Project
    • Get projects
    • Create project
    • Delete project
    • Get project
    • Update project
  • Passive DNS by IP
    • Get Passive DNS by IP
  • Per-hostname Authenticated Origin Pull
    • Enable or Disable a Hostname for Client Authentication
    • List Certificates
    • Upload a Hostname Client Certificate
    • Delete Hostname Client Certificate
    • Get the Hostname Client Certificate
    • Get the Hostname Status for Client Authentication
  • Permission Groups
    • List Permission Groups
  • Phishing URL Information
    • Get results for a URL scan
  • Phishing URL Scanner
    • Submit suspicious URL for scanning
  • Queue
    • List Queues
    • Create Queue
    • Delete Queue
    • Queue Details
    • Update Queue
    • List Queue Consumers
    • Create Queue Consumer
    • Delete Queue Consumer
    • Update Queue Consumer
  • R2 Bucket
    • List Buckets
    • Create Bucket
    • Delete Bucket
  • Radar Annotations
    • Get outages annotations
    • Get top outages annotations
  • Radar Attacks
    • Get a summary of layer 3 attacks
    • Get layer 3 attacks time series
    • Get layer 3 attacks by network protocol, over time
    • Get a summary of layer 7 attacks
    • Get attacks layer 7 time series
    • Get layer 7 attacks by mitigation technique, over time
    • Get layer 7 top origin ASes
    • Get layer 7 top attack pairs (origin and target locations)
    • Get layer 7 top origin locations
    • Get layer 7 top target locations
  • Radar BGP
    • Get BGP route leak events
    • Get BGP time series
    • Get top autonomous systems
    • Get top prefixes
  • Radar DNS
    • Get top autonomous systems by DNS queries.
    • Get top locations by DNS queries
  • Radar Datasets
    • Get Datasets
    • Get Dataset download url
    • Get Dataset csv Stream
  • Radar Entities
    • Get autonomous systems
    • Get autonomous system information by IP address. Population estimates come from APNIC (refer to https://labs.apnic.net/?p=526).
    • Get autonomous system (AS) by ID
    • Get locations
    • Get location
  • Radar Http
    • Get a summary of bot classes
    • Get a summary of device types
    • Get a summary of HTTP protocols
    • Get a summary of HTTP versions
    • Get a summary of IP versions
    • Get a summary of operating systems
    • Get a summary of TLS versions
    • Get time series of bot classes
    • Get time series of user agents
    • Get time series of user agents aggregated in families
    • Get time series of device types
    • Get time series of HTTP protocols
    • Get time series of HTTP versions
    • Get time series of IP versions
    • Get time series of operating systems
    • Get time series of TLS versions
    • Get top autonomous systems by HTTP requests
    • Get top autonomous systems by bot class
    • Get top autonomous systems by device type
    • Get top autonomous systems by HTTP protocol
    • Get top autonomous systems by HTTP version
    • Get top autonomous systems by IP version
    • Get top autonomous systems by operating system
    • Get top autonomous systems by TLS version
    • Get top user agents aggregated in families by HTTP requests
    • Get top user agents by HTTP requests
    • Get top locations by HTTP requests
    • Get top locations by bot class
    • Get top locations by device type
    • Get top locations by HTTP protocol
    • Get top locations by HTTP version
    • Get top locations by IP version
    • Get top locations by operating system
    • Get top locations by TLS version
  • Radar Netflows
    • Get NetFlow time series
    • Get top autonomous systems
    • Get top locations
  • Radar Ranking
    • Get Domains Rank details
    • Get Domains Rank time series
    • Get Domains Rank top
  • Radar Search
    • Search for locations, autonomous systems (AS) and reports
  • Radar Special Events
    • List Special Events
    • Get a Single Special Events
    • Get Special Events time series
  • Radar Verified Bots
    • Get top verified bots by HTTP requests
    • Get top verified bot categories by HTTP requests
  • Railgun
    • List Railguns
    • Create Railgun
    • Delete a Railgun
    • Railgun details
    • Enable or disable a Railgun
    • List Railgun zones
  • Railgun Connections
    • List Connections
    • Create connection
    • Delete connection
    • Connection details
    • Update connection
  • Railgun Connections for a Zone
    • List available Railguns
    • Railgun details
    • Connect or disconnect a Railgun
    • Test Railgun connection
  • Rate limits for a zone
    • List rate limits
    • Create a rate limit
    • Delete a rate limit
    • Get a rate limit
    • Update a rate limit
  • Registrar Domains
    • List domains
    • Get domain
    • Update domain
  • SSL Verification
    • SSL Verification Details
    • Edit SSL Certificate Pack Validation Method
  • SSL
    • TLS Mode Recommendation
      • SSL/TLS Recommendation
  • Secondary DNS (ACL)
    • List ACLs
    • Create ACL
    • Delete ACL
    • ACL Details
    • Update ACL
  • Secondary DNS (Peer)
    • List Peers
    • Create Peer
    • Delete Peer
    • Peer Details
    • Update Peer
  • Secondary DNS (Primary Zone)
    • Delete Primary Zone Configuration
    • Primary Zone Configuration Details
    • Create Primary Zone Configuration
    • Update Primary Zone Configuration
    • Disable Outgoing Zone Transfers
    • Enable Outgoing Zone Transfers
    • Force DNS NOTIFY
    • Get Outgoing Zone Transfer Status
  • Secondary DNS (Secondary Zone)
    • Force AXFR
    • Delete Secondary Zone Configuration
    • Secondary Zone Configuration Details
    • Create Secondary Zone Configuration
    • Update Secondary Zone Configuration
  • Secondary DNS (TSIG)
    • List TSIGs
    • Create TSIG
    • Delete TSIG
    • TSIG Details
    • Update TSIG
  • Single Redirect Rules
    • List Single Redirect Rules
    • Update Single Redirect Rules
  • Spectrum Aggregate Analytics
    • Get current aggregated analytics
  • Spectrum Analytics (By Time)
    • Get analytics by time
  • Spectrum Analytics (Summary)
    • Get analytics summary
  • Spectrum Applications
    • List Spectrum applications
    • Create Spectrum application using a name for the origin
    • Delete Spectrum application
    • Get Spectrum application configuration
    • Update Spectrum application configuration using a name for the origin
  • Stream Live Inputs
    • List live inputs
    • Create a live input
    • Delete a live input
    • Retrieve a live input
    • Update a live input
    • List all outputs associated with a specified live input
    • Create a new output, connected to a live input
    • Delete an output
    • Update an output
  • Stream MP4 Downloads
    • List downloads
    • Create downloads
    • List downloads
    • Create downloads
  • Stream Signing Keys
    • List signing keys
    • Create signing keys
    • Delete signing keys
  • Stream Subtitles
    • Captions
      • List captions or subtitles
      • Delete captions or subtitles
      • Upload captions or subtitles
      • List captions or subtitles
      • Delete captions or subtitles
      • Upload captions or subtitles
  • Stream Video Clipping
    • Clip videos given a start and end time
  • Stream Videos
    • List videos
    • Initiate video uploads using TUS
    • Upload videos from a URL
    • Upload videos via direct upload URLs
    • Delete video
    • Retrieve video details
    • Associate videos to NFTs
    • Retreieve embed Code HTML
    • Create signed URL tokens for videso
  • Stream Watermark Profile
    • List watermark profiles
    • Create watermark profiles via basic upload
    • Delete watermark profiles
    • Watermark profile details
  • Stream Webhook
    • Delete webhooks
    • View webhooks
    • Create webhooks
  • Total TLS
    • Total TLS Settings Details
    • Enable or Disable Total TLS
  • Transform Rules
    • List Transform Rules
    • Update Transform Rules
  • Tunnel Virtual Network
    • List virtual networks
    • Create a virtual network
    • Delete a virtual network
    • Update a virtual network
  • Tunnel route
    • List tunnel routes
    • Get tunnel route by IP
    • Delete a tunnel route
    • Update a tunnel route
    • Create a tunnel route
  • URL Normalization
    • Get URL normalization settings
    • Update URL normalization settings
  • Universal SSL Settings for a Zone
    • Universal SSL Settings Details
    • Edit Universal SSL Settings
  • User
    • User Details
    • Edit User
  • User API Tokens
    • List Tokens
    • Create Token
    • Verify Token
    • Delete Token
    • Token Details
    • Update Token
    • Roll Token
  • User Agent Blocking rules
    • List User Agent Blocking rules
    • Create a User Agent Blocking rule
    • Delete a User Agent Blocking rule
    • Get a User Agent Blocking rule
    • Update a User Agent Blocking rule
  • User Billing History
    • Billing History Details
  • User Billing Profile
    • Billing Profile Details
  • User Subscription
    • Get User Subscriptions
    • Delete User Subscription
    • Update User Subscription
  • User's Account Memberships
    • List Memberships
    • Delete Membership
    • Membership Details
    • Update Membership
  • User's Invites
    • List Invitations
    • Invitation Details
    • Respond to Invitation
  • User's Organizations
    • List Organizations
    • Leave Organization
    • Organization Details
  • WAF overrides
    • List WAF overrides
    • Create a WAF override
    • Delete a WAF override
    • Get a WAF override
    • Update WAF override
  • WAF packages
    • List WAF packages
    • Get a WAF package
    • Update a WAF package
  • WAF rule groups
    • List WAF rule groups
    • Get a WAF rule group
    • Update a WAF rule group
  • WAF rules
    • List WAF rules
    • Get a WAF rule
    • Update a WAF rule
  • WHOIS Record
    • Get WHOIS Record
  • Waiting Room
    • List waiting rooms
    • Create waiting room
    • Create a custom waiting room page preview
    • Delete waiting room
    • Waiting room details
    • Patch waiting room
    • Update waiting room
    • List events
    • Create event
    • Delete event
    • Event details
    • Patch event
    • Update event
    • Preview active event details
    • List Waiting Room Rules
    • Create Waiting Room Rule
    • Replace Waiting Room Rules
    • Delete Waiting Room Rule
    • Patch Waiting Room Rule
    • Get waiting room status
  • Web3 Hostname
    • List Web3 Hostnames
    • Create Web3 Hostname
    • Delete Web3 Hostname
    • Web3 Hostname Details
    • Edit Web3 Hostname
    • IPFS Universal Path Gateway Content List Details
    • Update IPFS Universal Path Gateway Content List
    • List IPFS Universal Path Gateway Content List Entries
    • Create IPFS Universal Path Gateway Content List Entry
    • Delete IPFS Universal Path Gateway Content List Entry
    • IPFS Universal Path Gateway Content List Entry Details
    • Edit IPFS Universal Path Gateway Content List Entry
  • Worker Account Settings
    • Fetch Worker Account Settings
    • Create Worker Account Settings
  • Worker Binding (Deprecated)
    • List Bindings
  • Worker Cron Trigger
    • Get Cron Triggers
    • Update Cron Triggers
  • Worker Deployments
    • List Deployments
    • Get Deployment Detail
  • Worker Domain
    • List Domains
    • Attach to Domain
    • Detach from Domain
    • Get a Domain
  • Worker Filters (Deprecated)
    • List Filters
    • Create Filter
    • Delete Filter
    • Update Filter
  • Worker Routes
    • List Routes
    • Create Route
    • Delete Route
    • Get Route
    • Update Route
  • Worker Script
    • List Workers
    • Delete Worker
    • Download Worker
    • Upload Worker Module
    • Fetch Usage Model
    • Update Usage Model
  • Worker Script (Deprecated)
    • Delete Worker
    • Download Worker
    • Upload Worker
  • Worker Subdomain
    • Get Subdomain
    • Create Subdomain
  • Worker Tail Logs
    • List Tails
    • Start Tail
    • Delete Tail
  • Workers KV Namespace
    • List Namespaces
    • Create a Namespace
    • Remove a Namespace
    • Rename a Namespace
    • Delete multiple key-value pairs
    • Write multiple key-value pairs
    • List a Namespace's Keys
    • Read the metadata for a key
    • Delete key-value pair
    • Read key-value pair
    • Write key-value pair with metadata
  • Workers KV Request Analytics
    • Query Request Analytics
  • Workers KV Stored Data Analytics
    • Query Stored Data Analytics
  • Zero Trust Gateway Application and Application Type mappings
    • List Application and Application Type mappings
  • Zero Trust Gateway Categories
    • List Categories
  • Zero Trust Gateway Locations
    • List Zero Trust Gateway Locations
    • Create Zero Trust Gateway Location
    • Delete Zero Trust Gateway Location
    • Zero Trust Gateway Location Details
    • Update Zero Trust Gateway Location
  • Zero Trust Gateway Proxy Endpoints
    • List Proxy Endpoints
    • Create Proxy Endpoint
    • Delete Proxy Endpoint
    • Proxy Endpoint Details
    • Update Proxy Endpoint
  • Zero Trust Gateway Rules
    • List Zero Trust Gateway Rules
      GET
    • Create Zero Trust Gateway Rule
      POST
    • Delete Zero Trust Gateway Rule
      DELETE
    • Zero Trust Gateway Rule Details
      GET
    • Update Zero Trust Gateway Rule
      PUT
  • Zero Trust Lists
    • List Zero Trust Lists
    • Create Zero Trust List
    • Delete Zero Trust List
    • Zero Trust List Details
    • Patch Zero Trust List
    • Update Zero Trust List
    • Zero Trust List Items
  • Zero Trust accounts
    • Get device settings for Zero Trust account
    • Update device settings for the Zero Trust account
    • Get Zero Trust account information
    • Create Zero Trust account
    • Get Zero Trust account configuration
    • Update Zero Trust account configuration
    • Get logging settings for the Zero Trust account
    • Update logging settings for the Zero Trust account
  • Zero Trust organization
    • Get your Zero Trust organization
    • Create your Zero Trust organization
    • Update your Zero Trust organization
    • Revoke all Access tokens for a user
  • Zero Trust seats
    • Update a user seat
  • Zero Trust users
    • Get users
    • Get failed logins
  • Zone
    • List Zones
    • Create Zone
    • Delete Zone
    • Zone Details
    • Edit Zone
    • Zone Activation Check
    • Purge Files by Cache-Tags, Host, or Prefix
  • Zone Analytics (Deprecated)
    • Get analytics by Co-locations
    • Get dashboard
  • Zone Cache Settings
    • Get Cache Reserve setting
    • Change Cache Reserve setting
    • Delete variants setting
    • Get variants setting
    • Change variants setting
  • Zone Lockdown
    • List Zone Lockdown rules
    • Create a Zone Lockdown rule
    • Delete a Zone Lockdown rule
    • Get a Zone Lockdown rule
    • Update a Zone Lockdown rule
  • Zone Rate Plan
    • List Available Plans
    • Available Plan Details
    • List Available Rate Plans
  • Zone Rulesets
    • List zone rulesets
    • Create a zone ruleset
    • Get a zone entry point ruleset
    • Update a zone entry point ruleset
    • List a zone entry point ruleset's versions
    • Get a zone entry point ruleset version
    • Delete a zone ruleset
    • Get a zone ruleset
    • Update a zone ruleset
    • Create a zone ruleset rule
    • Delete a zone ruleset rule
    • Update a zone ruleset rule
    • List a zone ruleset's versions
    • Delete a zone ruleset version
    • Get a zone ruleset version
  • Zone Settings
    • Get all Zone settings
    • Edit zone settings info
    • Get 0-RTT session resumption setting
    • Change 0-RTT session resumption setting
    • Get Advanced DDOS setting
    • Get Always Online setting
    • Change Always Online setting
    • Get Always Use HTTPS setting
    • Change Always Use HTTPS setting
    • Get Automatic HTTPS Rewrites setting
    • Change Automatic HTTPS Rewrites setting
    • Get Automatic Platform Optimization for WordPress settings
    • Change Automatic Platform Optimization for WordPress settings
    • Get Brotli setting
    • Change Brotli setting
    • Get Browser Cache TTL setting
    • Change Browser Cache TTL setting
    • Get Browser Check setting
    • Change Browser Check setting
    • Get Cache Level setting
    • Change Cache Level setting
    • Get Challenge TTL setting
    • Change Challenge TTL setting
    • Get ciphers setting
    • Change ciphers setting
    • Get Development Mode setting
    • Change Development Mode setting
    • Get Early Hints setting
    • Change Early Hints setting
    • Get Email Obfuscation setting
    • Change Email Obfuscation setting
    • Get HTTP/2 Edge Prioritization setting
    • Change HTTP/2 Edge Prioritization setting
    • Get Hotlink Protection setting
    • Change Hotlink Protection setting
    • Get HTTP2 setting
    • Change HTTP2 setting
    • Get HTTP3 setting
    • Change HTTP3 setting
    • Get Image Resizing setting
    • Change Image Resizing setting
    • Get IP Geolocation setting
    • Change IP Geolocation setting
    • Get IPv6 setting
    • Change IPv6 setting
    • Get Minimum TLS Version setting
    • Change Minimum TLS Version setting
    • Get Minify setting
    • Change Minify setting
    • Get Mirage setting
    • Change Mirage setting
    • Get Mobile Redirect setting
    • Change Mobile Redirect setting
    • Get Network Error Logging setting
    • Change Network Error Logging setting
    • Get Opportunistic Encryption setting
    • Change Opportunistic Encryption setting
    • Get Opportunistic Onion setting
    • Change Opportunistic Onion setting
    • Get Orange to Orange (O2O)
    • Change Orange to Orange (O2O)
    • Get Enable Error Pages On setting
    • Change Enable Error Pages On setting
    • Get Origin Max HTTP version setting
    • Change Origin Max HTTP version setting
    • Get Polish setting
    • Change Polish setting
    • Get prefetch preload setting
    • Change prefetch preload setting
    • Get Privacy Pass setting
    • Change Privacy Pass setting
    • Get Proxy Read Timeout setting
    • Change Proxy Read Timeout setting
    • Get Pseudo IPv4 setting
    • Change Pseudo IPv4 setting
    • Get Response Buffering setting
    • Change Response Buffering setting
    • Get Rocket Loader setting
    • Change Rocket Loader setting
    • Get Security Header (HSTS) setting
    • Change Security Header (HSTS) setting
    • Get Security Level setting
    • Change Security Level setting
    • Get Server Side Exclude setting
    • Change Server Side Exclude setting
    • Get Enable Query String Sort setting
    • Change Enable Query String Sort setting
    • Get SSL setting
    • Change SSL setting
    • Get SSL/TLS Recommender enrollment
    • Change SSL/TLS Recommender enrollment
    • Get TLS 1.3 setting enabled for a zone
    • Change TLS 1.3 setting
    • Get TLS Client Auth setting
    • Change TLS Client Auth setting
    • Get True Client IP setting
    • Change True Client IP setting
    • Get Web Application Firewall (WAF) setting
    • Change Web Application Firewall (WAF) setting
    • Get WebP setting
    • Change WebP setting
    • Get WebSockets setting
    • Change WebSockets setting
  • Zone Subscription
    • Zone Subscription Details
    • Create Zone Subscription
    • Update Zone Subscription
  • Zone-Level Access applications
    • List Access Applications
    • Add a Bookmark application
    • Delete an Access application
    • Get an Access application
    • Update a Bookmark application
    • Revoke service tokens
    • Test Access policies
  • Zone-Level Access groups
    • List Access groups
    • Create an Access group
    • Delete an Access group
    • Get an Access group
    • Update an Access group
  • Zone-Level Access identity providers
    • List Access identity providers
    • Add an Access identity provider
    • Delete an Access identity provider
    • Get an Access identity provider
    • Update an Access identity provider
  • Zone-Level Access mTLS authentication
    • List mTLS certificates
    • Add an mTLS certificate
    • Delete an mTLS certificate
    • Get an mTLS certificate
    • Update an mTLS certificate
  • Zone-Level Access policies
    • Delete an Access policy
    • Get an Access policy
    • Update an Access policy
    • List Access policies
    • Create an Access policy
  • Zone-Level Access service tokens
    • List service tokens
    • Create a service token
    • Delete a service token
    • Update a service token
  • Zone-Level Access short-lived certificate CAs
    • List short-lived certificate CAs
    • Delete a short-lived certificate CA
    • Get a short-lived certificate CA
    • Create a short-lived certificate CA
  • Zone-Level Authenticated Origin Pulls
    • List Certificates
    • Upload Certificate
    • Get Enablement Setting for Zone
    • Set Enablement for Zone
    • Delete Certificate
    • Get Certificate Details
  • Zone-Level Zero Trust organization
    • Get your Zero Trust organization
    • Create your Zero Trust organization
    • Update your Zero Trust organization
    • Revoke all Access tokens for a user
  • mTLS Certificate Management
    • List mTLS certificates
    • Upload mTLS certificate
    • Delete mTLS certificate
    • Get mTLS certificate
    • List mTLS certificate associations
  1. Zero Trust Gateway Rules

Create Zero Trust Gateway Rule

POST
https://api.cloudflare.com/client/v4/accounts/{identifier}/gateway/rules
Zero Trust Gateway Rules
Last modified:2022-12-16 13:48:35
Create a new Zero Trust Gateway Rule.

Request

Path Params
identifier
string 
required
Body Params application/json
action
enum<string> 
required
The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to 'true'.
Allowed values:
onoffallowblockscannoscansafesearchytrestrictedisolatenoisolateoverridel4_override
Example:
allow
description
string 
optional
The description of the Rule.
Example:
Block the bad websites based on host name
device_posture
string 
optional
The wirefilter expression to be used for device posture check matching.
Example:
any(device_posture.checks.passed[*] in {"1308749e-fcfb-4ebc-b051-fe022b632644"})
enabled
boolean 
optional
Set if the rule is enabled.
Example:
true
filters
array[string]
optional
The protocol or layer to evaluate the traffic, identity, and device posture expressions.
Allowed values:
httpdnsl4
Example:
["http"]
identity
string 
optional
The wirefilter expression to be used for identity matching.
Example:
any(identity.groups.name[*] in {"finance"})
name
string 
required
The name of the Rule.
Example:
block bad websites
precedence
integer 
optional
Precedence sets the ordering of the rules. Lower values indicate higher precedence. At each processing phase, applicable rules are evaluated in ascending order of this value.
rule_settings
object (rule-settings) 
optional
Additional settings that modify the rule's action.
add_headers
object 
optional
Add custom headers to allowed requests, in the form of key-value pairs. Keys are header names, pointing to an array with its header value(s).
Example:
{"My-Next-Header":["foo","bar"],"X-Custom-Header-Name":["somecustomvalue"]}
biso_admin_controls
object 
optional
Configure how browser isolation behaves.
block_page_enabled
boolean 
optional
Enable the custom block page.
Example:
true
block_reason
string 
optional
The text describing why this block occurred that will be displayed on the custom block page (if enabled).
Example:
This website is a security risk
check_session
object 
optional
Configure how session check behaves.
insecure_disable_dnssec_validation
boolean 
optional
INSECURE - disable DNSSEC validation (for allow actions).
Example:
false
ip_categories
boolean 
optional
Include IPs in DNS resolver category blocks. By default categories only block on domain names.
Example:
true
l4override
object 
optional
Send matching traffic to the supplied destination IP address and port.
override_host
string 
optional
Override matching DNS queries with this.
Example:
example.com
override_ips
array[string]
optional
Override matching DNS queries with this.
Example:
["1.1.1.1","2.2.2.2"]
traffic
string 
optional
The wirefilter expression to be used for traffic matching.
Example:
http.request.uri matches ".*a/partial/uri.*" and http.request.host in $01302951-49f9-47c9-a400-0297e60b6a10
Example
{
  "action": "allow",
  "description": "Block the bad websites based on host name",
  "device_posture": "any(device_posture.checks.passed[*] in {\"1308749e-fcfb-4ebc-b051-fe022b632644\"})",
  "enabled": true,
  "filters": [
    "http"
  ],
  "identity": "any(identity.groups.name[*] in {\"finance\"})",
  "name": "block bad websites",
  "precedence": 0,
  "rule_settings": {
    "add_headers": {
      "My-Next-Header": [
        "foo",
        "bar"
      ],
      "X-Custom-Header-Name": [
        "somecustomvalue"
      ]
    },
    "biso_admin_controls": {
      "dcp": false,
      "dd": false,
      "dk": false,
      "dp": false,
      "du": false
    },
    "block_page_enabled": true,
    "block_reason": "This website is a security risk",
    "check_session": {
      "duration": "300s",
      "enforce": true
    },
    "insecure_disable_dnssec_validation": false,
    "ip_categories": true,
    "l4override": {
      "ip": "1.1.1.1",
      "port": 0
    },
    "override_host": "example.com",
    "override_ips": [
      "1.1.1.1",
      "2.2.2.2"
    ]
  },
  "traffic": "http.request.uri matches \".*a/partial/uri.*\" and http.request.host in $01302951-49f9-47c9-a400-0297e60b6a10"
}

Request samples

Shell
JavaScript
Java
Swift
Go
PHP
Python
HTTP
C
C#
Objective-C
Ruby
OCaml
Dart
R
Request Request Example
Shell
JavaScript
Java
Swift
curl --location --request POST 'https://api.cloudflare.com/client/v4/accounts//gateway/rules' \
--header 'Content-Type: application/json' \
--data-raw '{
    "action": "allow",
    "description": "Block the bad websites based on host name",
    "device_posture": "any(device_posture.checks.passed[*] in {\"1308749e-fcfb-4ebc-b051-fe022b632644\"})",
    "enabled": true,
    "filters": [
        "http"
    ],
    "identity": "any(identity.groups.name[*] in {\"finance\"})",
    "name": "block bad websites",
    "precedence": 0,
    "rule_settings": {
        "add_headers": {
            "My-Next-Header": [
                "foo",
                "bar"
            ],
            "X-Custom-Header-Name": [
                "somecustomvalue"
            ]
        },
        "biso_admin_controls": {
            "dcp": false,
            "dd": false,
            "dk": false,
            "dp": false,
            "du": false
        },
        "block_page_enabled": true,
        "block_reason": "This website is a security risk",
        "check_session": {
            "duration": "300s",
            "enforce": true
        },
        "insecure_disable_dnssec_validation": false,
        "ip_categories": true,
        "l4override": {
            "ip": "1.1.1.1",
            "port": 0
        },
        "override_host": "example.com",
        "override_ips": [
            "1.1.1.1",
            "2.2.2.2"
        ]
    },
    "traffic": "http.request.uri matches \".*a/partial/uri.*\" and http.request.host in $01302951-49f9-47c9-a400-0297e60b6a10"
}'

Responses

🟢200Create Zero Trust Gateway Rule response
application/json
Body
allOf {2} 
optional
object (api-response-single) 
optional
errors
array [object {2}] 
messages
required
Example:
[]
messages
array [object {2}] 
messages
required
Example:
[]
result
required
success
enum<boolean> 
required
Whether the API call was successful
Allowed value:
true
Example:
true
object 
optional
result
object (rules_components-schemas-rules) 
optional
Example
{
  "errors": [],
  "messages": [],
  "result": {
    "action": "allow",
    "created_at": "2014-01-01T05:20:00.12345Z",
    "deleted_at": "2019-08-24T14:15:22Z",
    "description": "Block the bad websites based on host name",
    "device_posture": "any(device_posture.checks.passed[*] in {\"1308749e-fcfb-4ebc-b051-fe022b632644\"})",
    "enabled": true,
    "filters": [
      "http"
    ],
    "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    "identity": "any(identity.groups.name[*] in {\"finance\"})",
    "name": "block bad websites",
    "precedence": 0,
    "rule_settings": {
      "add_headers": {
        "My-Next-Header": [
          "foo",
          "bar"
        ],
        "X-Custom-Header-Name": [
          "somecustomvalue"
        ]
      },
      "biso_admin_controls": {
        "dcp": false,
        "dd": false,
        "dk": false,
        "dp": false,
        "du": false
      },
      "block_page_enabled": true,
      "block_reason": "This website is a security risk",
      "check_session": {
        "duration": "300s",
        "enforce": true
      },
      "insecure_disable_dnssec_validation": false,
      "ip_categories": true,
      "l4override": {
        "ip": "1.1.1.1",
        "port": 0
      },
      "override_host": "example.com",
      "override_ips": [
        "1.1.1.1",
        "2.2.2.2"
      ]
    },
    "traffic": "http.request.uri matches \".*a/partial/uri.*\" and http.request.host in $01302951-49f9-47c9-a400-0297e60b6a10",
    "updated_at": "2014-01-01T05:20:00.12345Z"
  },
  "success": true
}
🟢200Create Zero Trust Gateway Rule response failure
Previous
List Zero Trust Gateway Rules
Next
Delete Zero Trust Gateway Rule
Built with