Skip to content
Access
Visit Access on GitHub
Set theme to dark (⇧+D)

Access API examples

Access users can create policies, including individual rule blocks inside of group or policy bodies. For example, this policy allows all Cloudflare email account users to reach the application with the exception of one account:

{  "name": "allow cloudflare employees",  "decision": "allow",  "include": [    {      "email_domain": {        "domain": "cloudflare.com"      }    }  ],  "exclude": [    {      "email": {        "email": "notthisperson@cloudflare.com"      }    }  ],  "require": []}

Example rule configurations

These are commonly used rule configurations.

The request will need to present the headers for any service token created for this account.

{  "any_valid_service_token": {}}

Allow access based on the "amr" identifier.

{  "auth_method": {    "auth_method": "hwk"  }}

The request will need to present a valid certificate with an expected common name.

{  "common_name": {    "common_name": "james@example.com"  }}

Allow anyone to log in.

{  "everyone": {}}

The request will need to present a valid certificate.

{  "certificate": {}}

The request will need to present the correct service token headers.

{  "service_token": {    "token_id": "e9808c3a-705c-4afc-a507-6e4b083ff399"  }}