# Rules ## List token validation rules `client.TokenValidation.Rules.List(ctx, params) (*V4PagePaginationArray[TokenValidationRule], error)` **get** `/zones/{zone_id}/token_validation/rules` List token validation rules ### Parameters - `params RuleListParams` - `ZoneID param.Field[string]` Path param: Identifier. - `ID param.Field[string]` Query param: Select rules with these IDs. - `Action param.Field[RuleListParamsAction]` Query param: Action to take on requests that match operations included in `selector` and fail `expression`. - `const RuleListParamsActionLog RuleListParamsAction = "log"` - `const RuleListParamsActionBlock RuleListParamsAction = "block"` - `Enabled param.Field[bool]` Query param: Toggle rule on or off. - `Host param.Field[string]` Query param: Select rules with this host in `include`. - `Hostname param.Field[string]` Query param: Select rules with this host in `include`. - `Page param.Field[int64]` Query param: Page number of paginated results. - `PerPage param.Field[int64]` Query param: Maximum number of results per page. - `RuleID param.Field[string]` Query param: Select rules with these IDs. - `TokenConfiguration param.Field[[]string]` Query param: Select rules using any of these token configurations. ### Returns - `type TokenValidationRule struct{…}` A Token Validation rule that can enforce security policies using JWT Tokens. - `Action TokenValidationRuleAction` Action to take on requests that match operations included in `selector` and fail `expression`. - `const TokenValidationRuleActionLog TokenValidationRuleAction = "log"` - `const TokenValidationRuleActionBlock TokenValidationRuleAction = "block"` - `Description string` A human-readable description that gives more details than `title`. - `Enabled bool` Toggle rule on or off. - `Expression string` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `Selector TokenValidationRuleSelector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `Exclude []TokenValidationRuleSelectorExclude` Ignore operations that were otherwise included by `include`. - `OperationIDs []string` Excluded operation IDs. - `Include []TokenValidationRuleSelectorInclude` Select all matching operations. - `Host []string` Included hostnames. - `Title string` A human-readable name for the rule. - `ID string` UUID. - `CreatedAt Time` - `LastUpdated Time` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/token_validation" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.TokenValidation.Rules.List(context.TODO(), token_validation.RuleListParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "action": "log", "description": "Long description for Token Validation Rule", "enabled": true, "expression": "is_jwt_valid(\"52973293-cb04-4a97-8f55-e7d2ad1107dd\") or is_jwt_valid(\"46eab8d1-6376-45e3-968f-2c649d77d423\")", "selector": { "exclude": [ { "operation_ids": [ "f9c5615e-fe15-48ce-bec6-cfc1946f1bec", "56828eae-035a-4396-ba07-51c66d680a04" ] } ], "include": [ { "host": [ "v1.example.com", "v2.example.com" ] } ] }, "title": "Example Token Validation Rule", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "last_updated": "2014-01-01T05:20:00.12345Z" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Create a token validation rule `client.TokenValidation.Rules.New(ctx, params) (*TokenValidationRule, error)` **post** `/zones/{zone_id}/token_validation/rules` Create a token validation rule. ### Parameters - `params RuleNewParams` - `ZoneID param.Field[string]` Path param: Identifier. - `Action param.Field[RuleNewParamsAction]` Body param: Action to take on requests that match operations included in `selector` and fail `expression`. - `const RuleNewParamsActionLog RuleNewParamsAction = "log"` - `const RuleNewParamsActionBlock RuleNewParamsAction = "block"` - `Description param.Field[string]` Body param: A human-readable description that gives more details than `title`. - `Enabled param.Field[bool]` Body param: Toggle rule on or off. - `Expression param.Field[string]` Body param: Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `Selector param.Field[RuleNewParamsSelector]` Body param: Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `Exclude []RuleNewParamsSelectorExclude` Ignore operations that were otherwise included by `include`. - `OperationIDs []string` Excluded operation IDs. - `Include []RuleNewParamsSelectorInclude` Select all matching operations. - `Host []string` Included hostnames. - `Title param.Field[string]` Body param: A human-readable name for the rule. ### Returns - `type TokenValidationRule struct{…}` A Token Validation rule that can enforce security policies using JWT Tokens. - `Action TokenValidationRuleAction` Action to take on requests that match operations included in `selector` and fail `expression`. - `const TokenValidationRuleActionLog TokenValidationRuleAction = "log"` - `const TokenValidationRuleActionBlock TokenValidationRuleAction = "block"` - `Description string` A human-readable description that gives more details than `title`. - `Enabled bool` Toggle rule on or off. - `Expression string` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `Selector TokenValidationRuleSelector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `Exclude []TokenValidationRuleSelectorExclude` Ignore operations that were otherwise included by `include`. - `OperationIDs []string` Excluded operation IDs. - `Include []TokenValidationRuleSelectorInclude` Select all matching operations. - `Host []string` Included hostnames. - `Title string` A human-readable name for the rule. - `ID string` UUID. - `CreatedAt Time` - `LastUpdated Time` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/token_validation" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) tokenValidationRule, err := client.TokenValidation.Rules.New(context.TODO(), token_validation.RuleNewParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Action: cloudflare.F(token_validation.RuleNewParamsActionLog), Description: cloudflare.F("Long description for Token Validation Rule"), Enabled: cloudflare.F(true), Expression: cloudflare.F(`is_jwt_valid("52973293-cb04-4a97-8f55-e7d2ad1107dd") or is_jwt_valid("46eab8d1-6376-45e3-968f-2c649d77d423")`), Selector: cloudflare.F(token_validation.RuleNewParamsSelector{ }), Title: cloudflare.F("Example Token Validation Rule"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", tokenValidationRule.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "action": "log", "description": "Long description for Token Validation Rule", "enabled": true, "expression": "is_jwt_valid(\"52973293-cb04-4a97-8f55-e7d2ad1107dd\") or is_jwt_valid(\"46eab8d1-6376-45e3-968f-2c649d77d423\")", "selector": { "exclude": [ { "operation_ids": [ "f9c5615e-fe15-48ce-bec6-cfc1946f1bec", "56828eae-035a-4396-ba07-51c66d680a04" ] } ], "include": [ { "host": [ "v1.example.com", "v2.example.com" ] } ] }, "title": "Example Token Validation Rule", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "last_updated": "2014-01-01T05:20:00.12345Z" }, "success": true } ``` ## Bulk create token validation rules `client.TokenValidation.Rules.BulkNew(ctx, params) (*SinglePage[TokenValidationRule], error)` **post** `/zones/{zone_id}/token_validation/rules/bulk` Create zone token validation rules. A request can create multiple Token Validation Rules. ### Parameters - `params RuleBulkNewParams` - `ZoneID param.Field[string]` Path param: Identifier. - `Body param.Field[[]RuleBulkNewParamsBody]` Body param - `Action RuleBulkNewParamsBodyAction` Action to take on requests that match operations included in `selector` and fail `expression`. - `const RuleBulkNewParamsBodyActionLog RuleBulkNewParamsBodyAction = "log"` - `const RuleBulkNewParamsBodyActionBlock RuleBulkNewParamsBodyAction = "block"` - `Description string` A human-readable description that gives more details than `title`. - `Enabled bool` Toggle rule on or off. - `Expression string` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `Selector RuleBulkNewParamsBodySelector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `Exclude []RuleBulkNewParamsBodySelectorExclude` Ignore operations that were otherwise included by `include`. - `OperationIDs []string` Excluded operation IDs. - `Include []RuleBulkNewParamsBodySelectorInclude` Select all matching operations. - `Host []string` Included hostnames. - `Title string` A human-readable name for the rule. ### Returns - `type TokenValidationRule struct{…}` A Token Validation rule that can enforce security policies using JWT Tokens. - `Action TokenValidationRuleAction` Action to take on requests that match operations included in `selector` and fail `expression`. - `const TokenValidationRuleActionLog TokenValidationRuleAction = "log"` - `const TokenValidationRuleActionBlock TokenValidationRuleAction = "block"` - `Description string` A human-readable description that gives more details than `title`. - `Enabled bool` Toggle rule on or off. - `Expression string` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `Selector TokenValidationRuleSelector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `Exclude []TokenValidationRuleSelectorExclude` Ignore operations that were otherwise included by `include`. - `OperationIDs []string` Excluded operation IDs. - `Include []TokenValidationRuleSelectorInclude` Select all matching operations. - `Host []string` Included hostnames. - `Title string` A human-readable name for the rule. - `ID string` UUID. - `CreatedAt Time` - `LastUpdated Time` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/token_validation" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.TokenValidation.Rules.BulkNew(context.TODO(), token_validation.RuleBulkNewParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Body: []token_validation.RuleBulkNewParamsBody{token_validation.RuleBulkNewParamsBody{ Action: cloudflare.F(token_validation.RuleBulkNewParamsBodyActionLog), Description: cloudflare.F("Long description for Token Validation Rule"), Enabled: cloudflare.F(true), Expression: cloudflare.F(`is_jwt_valid("52973293-cb04-4a97-8f55-e7d2ad1107dd") or is_jwt_valid("46eab8d1-6376-45e3-968f-2c649d77d423")`), Selector: cloudflare.F(token_validation.RuleBulkNewParamsBodySelector{ }), Title: cloudflare.F("Example Token Validation Rule"), }}, }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "action": "log", "description": "Long description for Token Validation Rule", "enabled": true, "expression": "is_jwt_valid(\"52973293-cb04-4a97-8f55-e7d2ad1107dd\") or is_jwt_valid(\"46eab8d1-6376-45e3-968f-2c649d77d423\")", "selector": { "exclude": [ { "operation_ids": [ "f9c5615e-fe15-48ce-bec6-cfc1946f1bec", "56828eae-035a-4396-ba07-51c66d680a04" ] } ], "include": [ { "host": [ "v1.example.com", "v2.example.com" ] } ] }, "title": "Example Token Validation Rule", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "last_updated": "2014-01-01T05:20:00.12345Z" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Bulk edit token validation rules `client.TokenValidation.Rules.BulkEdit(ctx, params) (*SinglePage[TokenValidationRule], error)` **patch** `/zones/{zone_id}/token_validation/rules/bulk` Edit token validation rules. A request can update multiple Token Validation Rules. Rules can be re-ordered using the `position` field. Returns all updated rules. ### Parameters - `params RuleBulkEditParams` - `ZoneID param.Field[string]` Path param: Identifier. - `Body param.Field[[]RuleBulkEditParamsBody]` Body param - `ID string` Rule ID this patch applies to - `Action RuleBulkEditParamsBodyAction` Action to take on requests that match operations included in `selector` and fail `expression`. - `const RuleBulkEditParamsBodyActionLog RuleBulkEditParamsBodyAction = "log"` - `const RuleBulkEditParamsBodyActionBlock RuleBulkEditParamsBodyAction = "block"` - `Description string` A human-readable description that gives more details than `title`. - `Enabled bool` Toggle rule on or off. - `Expression string` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `Position RuleBulkEditParamsBodyPosition` Update rule order among zone rules. - `type RuleBulkEditParamsBodyPositionAPIShieldIndex struct{…}` - `Index int64` Move rule to this position - `type RuleBulkEditParamsBodyPositionAPIShieldBefore struct{…}` Move rule to after rule with ID. - `Before string` Move rule to before rule with this ID. - `type RuleBulkEditParamsBodyPositionAPIShieldAfter struct{…}` Move rule to before rule with ID. - `After string` Move rule to after rule with this ID. - `Selector RuleBulkEditParamsBodySelector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `Exclude []RuleBulkEditParamsBodySelectorExclude` Ignore operations that were otherwise included by `include`. - `OperationIDs []string` Excluded operation IDs. - `Include []RuleBulkEditParamsBodySelectorInclude` Select all matching operations. - `Host []string` Included hostnames. - `Title string` A human-readable name for the rule. ### Returns - `type TokenValidationRule struct{…}` A Token Validation rule that can enforce security policies using JWT Tokens. - `Action TokenValidationRuleAction` Action to take on requests that match operations included in `selector` and fail `expression`. - `const TokenValidationRuleActionLog TokenValidationRuleAction = "log"` - `const TokenValidationRuleActionBlock TokenValidationRuleAction = "block"` - `Description string` A human-readable description that gives more details than `title`. - `Enabled bool` Toggle rule on or off. - `Expression string` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `Selector TokenValidationRuleSelector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `Exclude []TokenValidationRuleSelectorExclude` Ignore operations that were otherwise included by `include`. - `OperationIDs []string` Excluded operation IDs. - `Include []TokenValidationRuleSelectorInclude` Select all matching operations. - `Host []string` Included hostnames. - `Title string` A human-readable name for the rule. - `ID string` UUID. - `CreatedAt Time` - `LastUpdated Time` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/token_validation" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.TokenValidation.Rules.BulkEdit(context.TODO(), token_validation.RuleBulkEditParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Body: []token_validation.RuleBulkEditParamsBody{token_validation.RuleBulkEditParamsBody{ ID: cloudflare.F("0d9bf70c-92e1-4bb3-9411-34a3bcc59003"), }}, }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "action": "log", "description": "Long description for Token Validation Rule", "enabled": true, "expression": "is_jwt_valid(\"52973293-cb04-4a97-8f55-e7d2ad1107dd\") or is_jwt_valid(\"46eab8d1-6376-45e3-968f-2c649d77d423\")", "selector": { "exclude": [ { "operation_ids": [ "f9c5615e-fe15-48ce-bec6-cfc1946f1bec", "56828eae-035a-4396-ba07-51c66d680a04" ] } ], "include": [ { "host": [ "v1.example.com", "v2.example.com" ] } ] }, "title": "Example Token Validation Rule", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "last_updated": "2014-01-01T05:20:00.12345Z" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Get a zone token validation rule `client.TokenValidation.Rules.Get(ctx, ruleID, query) (*TokenValidationRule, error)` **get** `/zones/{zone_id}/token_validation/rules/{rule_id}` Get a zone token validation rule. ### Parameters - `ruleID string` UUID. - `query RuleGetParams` - `ZoneID param.Field[string]` Identifier. ### Returns - `type TokenValidationRule struct{…}` A Token Validation rule that can enforce security policies using JWT Tokens. - `Action TokenValidationRuleAction` Action to take on requests that match operations included in `selector` and fail `expression`. - `const TokenValidationRuleActionLog TokenValidationRuleAction = "log"` - `const TokenValidationRuleActionBlock TokenValidationRuleAction = "block"` - `Description string` A human-readable description that gives more details than `title`. - `Enabled bool` Toggle rule on or off. - `Expression string` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `Selector TokenValidationRuleSelector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `Exclude []TokenValidationRuleSelectorExclude` Ignore operations that were otherwise included by `include`. - `OperationIDs []string` Excluded operation IDs. - `Include []TokenValidationRuleSelectorInclude` Select all matching operations. - `Host []string` Included hostnames. - `Title string` A human-readable name for the rule. - `ID string` UUID. - `CreatedAt Time` - `LastUpdated Time` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/token_validation" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) tokenValidationRule, err := client.TokenValidation.Rules.Get( context.TODO(), "4a7ee8d3-dd63-4ceb-9d5f-c27831854ce7", token_validation.RuleGetParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", tokenValidationRule.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "action": "log", "description": "Long description for Token Validation Rule", "enabled": true, "expression": "is_jwt_valid(\"52973293-cb04-4a97-8f55-e7d2ad1107dd\") or is_jwt_valid(\"46eab8d1-6376-45e3-968f-2c649d77d423\")", "selector": { "exclude": [ { "operation_ids": [ "f9c5615e-fe15-48ce-bec6-cfc1946f1bec", "56828eae-035a-4396-ba07-51c66d680a04" ] } ], "include": [ { "host": [ "v1.example.com", "v2.example.com" ] } ] }, "title": "Example Token Validation Rule", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "last_updated": "2014-01-01T05:20:00.12345Z" }, "success": true } ``` ## Delete a zone token validation rule `client.TokenValidation.Rules.Delete(ctx, ruleID, body) (*RuleDeleteResponse, error)` **delete** `/zones/{zone_id}/token_validation/rules/{rule_id}` Delete a zone token validation rule. ### Parameters - `ruleID string` UUID. - `body RuleDeleteParams` - `ZoneID param.Field[string]` Identifier. ### Returns - `type RuleDeleteResponse interface{…}` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/token_validation" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) rule, err := client.TokenValidation.Rules.Delete( context.TODO(), "4a7ee8d3-dd63-4ceb-9d5f-c27831854ce7", token_validation.RuleDeleteParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", rule) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": {} } ``` ## Edit a zone token validation rule `client.TokenValidation.Rules.Edit(ctx, ruleID, params) (*TokenValidationRule, error)` **patch** `/zones/{zone_id}/token_validation/rules/{rule_id}` Edit a zone token validation rule. ### Parameters - `ruleID string` UUID. - `params RuleEditParams` - `ZoneID param.Field[string]` Path param: Identifier. - `Action param.Field[RuleEditParamsAction]` Body param: Action to take on requests that match operations included in `selector` and fail `expression`. - `const RuleEditParamsActionLog RuleEditParamsAction = "log"` - `const RuleEditParamsActionBlock RuleEditParamsAction = "block"` - `Description param.Field[string]` Body param: A human-readable description that gives more details than `title`. - `Enabled param.Field[bool]` Body param: Toggle rule on or off. - `Expression param.Field[string]` Body param: Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `Position param.Field[RuleEditParamsPosition]` Body param: Update rule order among zone rules. - `type RuleEditParamsPositionAPIShieldIndex struct{…}` - `Index int64` Move rule to this position - `type RuleEditParamsPositionAPIShieldBefore struct{…}` Move rule to after rule with ID. - `Before string` Move rule to before rule with this ID. - `type RuleEditParamsPositionAPIShieldAfter struct{…}` Move rule to before rule with ID. - `After string` Move rule to after rule with this ID. - `Selector param.Field[RuleEditParamsSelector]` Body param: Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `Exclude []RuleEditParamsSelectorExclude` Ignore operations that were otherwise included by `include`. - `OperationIDs []string` Excluded operation IDs. - `Include []RuleEditParamsSelectorInclude` Select all matching operations. - `Host []string` Included hostnames. - `Title param.Field[string]` Body param: A human-readable name for the rule. ### Returns - `type TokenValidationRule struct{…}` A Token Validation rule that can enforce security policies using JWT Tokens. - `Action TokenValidationRuleAction` Action to take on requests that match operations included in `selector` and fail `expression`. - `const TokenValidationRuleActionLog TokenValidationRuleAction = "log"` - `const TokenValidationRuleActionBlock TokenValidationRuleAction = "block"` - `Description string` A human-readable description that gives more details than `title`. - `Enabled bool` Toggle rule on or off. - `Expression string` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `Selector TokenValidationRuleSelector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `Exclude []TokenValidationRuleSelectorExclude` Ignore operations that were otherwise included by `include`. - `OperationIDs []string` Excluded operation IDs. - `Include []TokenValidationRuleSelectorInclude` Select all matching operations. - `Host []string` Included hostnames. - `Title string` A human-readable name for the rule. - `ID string` UUID. - `CreatedAt Time` - `LastUpdated Time` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/token_validation" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) tokenValidationRule, err := client.TokenValidation.Rules.Edit( context.TODO(), "4a7ee8d3-dd63-4ceb-9d5f-c27831854ce7", token_validation.RuleEditParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", tokenValidationRule.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "action": "log", "description": "Long description for Token Validation Rule", "enabled": true, "expression": "is_jwt_valid(\"52973293-cb04-4a97-8f55-e7d2ad1107dd\") or is_jwt_valid(\"46eab8d1-6376-45e3-968f-2c649d77d423\")", "selector": { "exclude": [ { "operation_ids": [ "f9c5615e-fe15-48ce-bec6-cfc1946f1bec", "56828eae-035a-4396-ba07-51c66d680a04" ] } ], "include": [ { "host": [ "v1.example.com", "v2.example.com" ] } ] }, "title": "Example Token Validation Rule", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "last_updated": "2014-01-01T05:20:00.12345Z" }, "success": true } ``` ## Domain Types ### Token Validation Rule - `type TokenValidationRule struct{…}` A Token Validation rule that can enforce security policies using JWT Tokens. - `Action TokenValidationRuleAction` Action to take on requests that match operations included in `selector` and fail `expression`. - `const TokenValidationRuleActionLog TokenValidationRuleAction = "log"` - `const TokenValidationRuleActionBlock TokenValidationRuleAction = "block"` - `Description string` A human-readable description that gives more details than `title`. - `Enabled bool` Toggle rule on or off. - `Expression string` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `Selector TokenValidationRuleSelector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `Exclude []TokenValidationRuleSelectorExclude` Ignore operations that were otherwise included by `include`. - `OperationIDs []string` Excluded operation IDs. - `Include []TokenValidationRuleSelectorInclude` Select all matching operations. - `Host []string` Included hostnames. - `Title string` A human-readable name for the rule. - `ID string` UUID. - `CreatedAt Time` - `LastUpdated Time`