API Reference

Magic Transit

IPSEC Tunnels

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Set Pre-Shared Keys (PSK) for IPsec tunnels

client.MagicTransit.IPSECTunnels.PSKSet(ctx, params) (*IPSECTunnelPSKSetResponse, error)

POST/accounts/{account_id}/magic/ipsec_tunnels/psk

Sets Pre-Shared Keys for multiple IPsec tunnels associated with an account. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes. After PSKs are applied, they are immediately persisted to Cloudflare’s edge and cannot be retrieved later. Store the PSKs in a safe place.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

Accepted Permissions (at least one required)

Magic WAN WriteMagic Transit Write

ParametersExpand Collapse

params IPSECTunnelPSKSetParams

AccountID param.Field[string]

Path param: Identifier

maxLength32

PSKs param.Field[[]IPSECTunnelPSKSetParamsPSK]

Body param: List of tunnel ID and PSK pairs.

ID string

The ID of the IPsec tunnel.

maxLength32

PSK string

A randomly generated or provided string for use in the IPsec tunnel.

ValidateOnly param.Field[bool]Optional

Query param: If true, only run validation without persisting changes.

ReturnsExpand Collapse

type IPSECTunnelPSKSetResponse struct{…}

SuccessfullyAppliedPSKs map[string, IPSECTunnelPSKSetResponseSuccessfullyAppliedPSK]Optional

Map of tunnel IDs to successfully applied PSK details.

IPSECID string

The IKE identifier used for this tunnel on the Cloudflare edge.

IPSECTunnelID string

Identifier

maxLength32

PSK string

A randomly generated or provided string for use in the IPsec tunnel.

PSKMetadata PSKMetadata

The PSK metadata that includes when the PSK was generated.

LastGeneratedOn TimeOptional

The date and time the tunnel was last modified.

formatdate-time

UnappliedPSKs map[string, string]Optional

Map of tunnel IDs to failure reasons for PSKs that could not be applied.

Set Pre-Shared Keys (PSK) for IPsec tunnels

Go

HTTP

TypeScript

Python

Go

Terraform

package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/magic_transit"
  "github.com/cloudflare/cloudflare-go/option"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
  )
  response, err := client.MagicTransit.IPSECTunnels.PSKSet(context.TODO(), magic_transit.IPSECTunnelPSKSetParams{
    AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
    PSKs: cloudflare.F([]magic_transit.IPSECTunnelPSKSetParamsPSK{magic_transit.IPSECTunnelPSKSetParamsPSK{
      ID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
      PSK: cloudflare.F("O3bwKSjnaoCxDoUxjcq4Rk8ZKkezQUiy"),
    }}),
  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", response.SuccessfullyAppliedPSKs)
}

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "successfully_applied_psks": {
      "foo": {
        "ipsec_id": "12345_abc123def4567890abcdef1234567890",
        "ipsec_tunnel_id": "023e105f4ecef8ad9ca31a8372d0c353",
        "psk": "O3bwKSjnaoCxDoUxjcq4Rk8ZKkezQUiy",
        "psk_metadata": {
          "last_generated_on": "2017-06-14T05:20:00Z"
        }
      }
    },
    "unapplied_psks": {
      "foo": "string"
    }
  },
  "success": true
}

Returns Examples

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "successfully_applied_psks": {
      "foo": {
        "ipsec_id": "12345_abc123def4567890abcdef1234567890",
        "ipsec_tunnel_id": "023e105f4ecef8ad9ca31a8372d0c353",
        "psk": "O3bwKSjnaoCxDoUxjcq4Rk8ZKkezQUiy",
        "psk_metadata": {
          "last_generated_on": "2017-06-14T05:20:00Z"
        }
      }
    },
    "unapplied_psks": {
      "foo": "string"
    }
  },
  "success": true
}