API Reference

Origin TLS Client Auth

Hostnames

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Get the Hostname Status for Client Authentication

client.OriginTLSClientAuth.Hostnames.Get(ctx, hostname, query) (*AuthenticatedOriginPull, error)

GET/zones/{zone_id}/origin_tls_client_auth/hostnames/{hostname}

Retrieves the client certificate authentication status for a specific hostname, showing whether authenticated origin pulls are enabled.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

Accepted Permissions (at least one required)

SSL and Certificates WriteSSL and Certificates Read

ParametersExpand Collapse

hostname string

The hostname on the origin for which the client certificate uploaded will be used.

maxLength255

query HostnameGetParams

ZoneID param.Field[string]

Identifier.

maxLength32

ReturnsExpand Collapse

type AuthenticatedOriginPull struct{…}

CERTID stringoptional

Identifier.

maxLength32

CERTStatus AuthenticatedOriginPullCERTStatusoptional

Status of the certificate or the association.

One of the following:

const AuthenticatedOriginPullCERTStatusInitializing AuthenticatedOriginPullCERTStatus = "initializing"

const AuthenticatedOriginPullCERTStatusPendingDeployment AuthenticatedOriginPullCERTStatus = "pending_deployment"

const AuthenticatedOriginPullCERTStatusPendingDeletion AuthenticatedOriginPullCERTStatus = "pending_deletion"

const AuthenticatedOriginPullCERTStatusActive AuthenticatedOriginPullCERTStatus = "active"

const AuthenticatedOriginPullCERTStatusDeleted AuthenticatedOriginPullCERTStatus = "deleted"

const AuthenticatedOriginPullCERTStatusDeploymentTimedOut AuthenticatedOriginPullCERTStatus = "deployment_timed_out"

const AuthenticatedOriginPullCERTStatusDeletionTimedOut AuthenticatedOriginPullCERTStatus = "deletion_timed_out"

CERTUpdatedAt Timeoptional

The time when the certificate was updated.

formatdate-time

CERTUploadedOn Timeoptional

The time when the certificate was uploaded.

formatdate-time

Certificate stringoptional

The hostname certificate.

CreatedAt Timeoptional

The time when the certificate was created.

formatdate-time

Enabled booloptional

Indicates whether hostname-level authenticated origin pulls is enabled. A null value voids the association.

ExpiresOn Timeoptional

The date when the certificate expires.

formatdate-time

Hostname stringoptional

The hostname on the origin for which the client certificate uploaded will be used.

maxLength255

Issuer stringoptional

The certificate authority that issued the certificate.

SerialNumber stringoptional

The serial number on the uploaded certificate.

Signature stringoptional

The type of hash used for the certificate.

Status AuthenticatedOriginPullStatusoptional

Status of the certificate or the association.

One of the following:

const AuthenticatedOriginPullStatusInitializing AuthenticatedOriginPullStatus = "initializing"

const AuthenticatedOriginPullStatusPendingDeployment AuthenticatedOriginPullStatus = "pending_deployment"

const AuthenticatedOriginPullStatusPendingDeletion AuthenticatedOriginPullStatus = "pending_deletion"

const AuthenticatedOriginPullStatusActive AuthenticatedOriginPullStatus = "active"

const AuthenticatedOriginPullStatusDeleted AuthenticatedOriginPullStatus = "deleted"

const AuthenticatedOriginPullStatusDeploymentTimedOut AuthenticatedOriginPullStatus = "deployment_timed_out"

const AuthenticatedOriginPullStatusDeletionTimedOut AuthenticatedOriginPullStatus = "deletion_timed_out"

UpdatedAt Timeoptional

The time when the certificate was updated.

formatdate-time

Get the Hostname Status for Client Authentication

Go

HTTP

TypeScript

Python

Go

Terraform

package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/option"
  "github.com/cloudflare/cloudflare-go/origin_tls_client_auth"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
  )
  authenticatedOriginPull, err := client.OriginTLSClientAuth.Hostnames.Get(
    context.TODO(),
    "app.example.com",
    origin_tls_client_auth.HostnameGetParams{
      ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
    },
  )
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", authenticatedOriginPull.CERTID)
}

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "cert_id": "023e105f4ecef8ad9ca31a8372d0c353",
    "cert_status": "active",
    "cert_updated_at": "2100-01-01T05:20:00Z",
    "cert_uploaded_on": "2019-10-28T18:11:23.37411Z",
    "certificate": "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
    "created_at": "2100-01-01T05:20:00Z",
    "enabled": true,
    "expires_on": "2100-01-01T05:20:00Z",
    "hostname": "app.example.com",
    "issuer": "GlobalSign",
    "serial_number": "6743787633689793699141714808227354901",
    "signature": "SHA256WithRSA",
    "status": "active",
    "updated_at": "2100-01-01T05:20:00Z"
  }
}

Returns Examples

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "cert_id": "023e105f4ecef8ad9ca31a8372d0c353",
    "cert_status": "active",
    "cert_updated_at": "2100-01-01T05:20:00Z",
    "cert_uploaded_on": "2019-10-28T18:11:23.37411Z",
    "certificate": "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
    "created_at": "2100-01-01T05:20:00Z",
    "enabled": true,
    "expires_on": "2100-01-01T05:20:00Z",
    "hostname": "app.example.com",
    "issuer": "GlobalSign",
    "serial_number": "6743787633689793699141714808227354901",
    "signature": "SHA256WithRSA",
    "status": "active",
    "updated_at": "2100-01-01T05:20:00Z"
  }
}